search
top

Passing the GCFA exam

Recently, I challenged the GIAC/SANS GCFA exam. And I am excited to say I passed and have obtained the GCFA certificate!

This was one of the more detailed courses I had taken in awhile. The IR and Threat hunting sections were not as new to me. However, the memory and forensics section were very deep and detailed. Normally, most organizations will contract out major forensic type of work to 3rd party external partners. So, the forensics section was something I do not work on as often. But I found learning and getting the knowledge of various ways malware can hide in memory, or how to detect Time stomping attacks from malware was extremely fun and exciting to learn. Feeling incredibly grateful to learn about all these new attack techniques and detection mechanisms.

Prepping for the exam

I highly advise everyone take the SANS FOR 508 course. You can read my review of it here -> https://www.stealthbay.com/review-of-sans-for-508/

The course will prepare you for the exam and cover topics and tools that you will be tested on. There is a lot of material to learn in the course. So, dedicate a good amount of time towards learning the course material and all the concepts. The class itself was amazing especially when you get into Memory Analysis, File system analysis and the Anti-forensics sections.

Read more of this post

Review of SANS FOR 508 & Winning the CTF Coin

So, just before the end of a remarkably interesting and odd 2020 year. I decided to go ahead and take the FOR 508 class on Advanced Incident Response, Threat Hunting, and Digital Forensics. I felt this was a course that could really benefit security practitioners for understanding best practices & methods related to IR. As well as, learning new techniques for threat hunting in a large enterprise environment. I decided to put up a post listing our what you can plan to learn from this course should you decide to take it.

Winning the Coin

One of the coolest parts of the class is Day 6 (more details listed later). You get a chance to join into teams and compete in a class APT Threat group challenge. The team that wins the CTF gets an award in the sign of a special course specific SANS Coin. On top of that, SANS will add your name to the Community DFIR Coin holders list! It is a great achievement, and I have to say the challenge was very realistic and fun to tackle.

Read More Of This Post

Autopsy– A Forensic Analysis Tool


Autopsy – Digital Forensics

For anyone looking to conduct some in depth forensics on any type of disk image. Autopsy is a great free tool that you can make use of for deep forensic analysis.

It has been a few years since I last used Autopsy. I recall back on one of the SANS tools (SANS SIFT). Back then I felt it was a great tool, but did lack speed in terms of searching through data. It appears with the most recent version of Autopsy that issue has been drastically improved. On top of that, machines have also become much faster using SSD’s and tons of more CPU and RAM power.

Read more Of This post

Research Project – Android Mobile Forensics

Mobile Devices

Today is more of a Throwback Thursday moment that I’d like to share with everyone regarding mobile devices.

So in 2015 in order to Graduate from the B.tech Forensics – Computer Crime program.
We had a year long research project that was conducted by each student.

My focus was on Mobile forensics and particularly on Android devices.

This was a field that was slightly newer to me, but I felt mobile security will play a huge role in the future. We use our mobile devices for just about everything, and this means future cyber attacks will start to hit mobile devices.

Also, at the same time, I was very curious as to what type of information mobile devices hold and contain about us. I hope my research brings out some answers for many people while at the same time posing further questions to explore.

I’ve decided to attach a PDF of my Android Forensics project.
(more…)

top