legal contact rss
 

Preparing for the GCFA

This is what I had to learn through to pass my exam. So please feel free and take a look.

Since you are allowed to take the course material with you, prepare your stuff. I have (as many others) put markers at the specific explanations to find them quicker and easier during the exam.
As you probably don't know what the keywords to look for are, make one of the test-exams to gather the spots that are questioned. After that, I've use small Post-ITs to label the spots.

It looks (and was) quite a lot of work as I also read the 4 books again during the posit-process. It was a brilliant recap of what I had learned 4 months ago during the course.
If I had not had these, I'd ran out of time, that I'm pretty sure.

   

Don't miss the great explanations from Andrea Fortuna:
Especially his great video about the timestamps.

You might also have a look at:
Finding Malware like an ironman: https://digital-forensics.sans.org/summit-archives/DFIR_Summit/Finding-Malware-Like-Iron-Man-Corey-Harrell.pdf