My GIAC Certified Forensic Examiner Certification [GCFE]

It has been a minute since my last post, it was a busy end to 2020 juggling a flurry of engagements, family time and in my ‘spare time’ taking the SANS FOR500 OnDemand course with Rob Lee and studying for the GCFE certification.

I took the FOR518 course with Sarah Edwards back in 2016. That course was completely hijacked by my work load and unfortunately I didn’t get everything I could have out of it.

Due to COVID-19, SANS took the step of offering 6 months access to the course material instead of the usual 4 months. There was also the option of taking multiple runs of the course in addition to the OnDemand platform, however there were no live classes in my region due to COVID-19 and I was happy to work at my own pace through the OnDemand content.

– Box of forensic goodness –

One aspect of the course that I loved was the MP3 recordings. I listened to the recordings when I went to bed after finishing my study for the night or during the commute to and from work (Yeah – I literally didn’t have a life for a while). I found that listening to the recordings was a really effective method for me to absorb the information.

I had access to my course content until the end of January 2021, however I wanted to take the exam at the end of 2020 so I could go into New Years celebrations (providing that I would pass) with that ticked off my list.

When I received the course content I got out the calendar, marked the date I wanted to take the GCFE exam and worked backwards, placing little checkpoints where I wanted to complete a section of the course work by a certain date. I knew if I didn’t do this, time would drift away and it would be a stressful scramble to make up time.

My method of study was to watch the recording for a slide or two, pause, read the corresponding slide deck and notes in the book, highlight key info and populate my index accordingly. There are plenty of helpful posts about how people created index lists for their GIAC exams. Mine was basically a simplified version of Lesley Carhart’s method, an excel spreadsheet with the topic, book number, page number and colour coded tabs.

When I had completed my index list, I read it over and over again so I knew it intimately. There is no point having an index list if you don’t know where to find what you need under exam conditions.

With my index complete, I took my first practice exam and scored 83%. I was happy with that as I got a feel for the types of questions and was comfortable with the content. I added some entries to my index list where I needed to improve, read over the content again and took the second practice exam and scored 96%. It was time for the real deal.

I took the exam online using ProctorU. I have never used ProctorU, it was a pretty strange experience. As part of the requirements, everything needs to be removed from your desk including additional monitors and electronic devices. I was allowed my text books, posters, index list, a ruler and drink bottle. Before starting you need to give the proctor a 360 degree view of the room and under the desk, that was fun doing that with an iMac’s web camera.

– Pre-Exam Desk Layout –

You give remote access to the proctor and they run a script to disable any screen recording software and remote access applications amongst other things.

The exam itself went well, I had to bring it home a bit quicker than I would have liked as time slipped away from me while stewing over some answers that I had skipped. There is that awful moment when you complete the exam and you wait for the result to appear, I was relieved to have passed the exam with a score of 96%, the added bonus of scoring well on the exam was getting an invitation to the GIAC Advisory Board.

The FOR500 course was fantastic as all things SANS related are. The beauty of studying while working is that you can transfer some of the learnings immediately into case work.

I was also lucky enough to earn a Lethal Forensicator coin during the course!

Next on my list will be to take SANS FOR508 and obtain the GCFA certification…. but that will take a while before my training allocation and boss allows me that opportunity!


One thought on “My GIAC Certified Forensic Examiner Certification [GCFE]”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s