Showing posts from March, 2013

Should I take SANS 408 or 508? (part 1)

I recently got asked a question in a comment that I was planning to answer in about 45 days but I don’t want to wait that long so I’ll give half of an answer now. The question was a common one: “Should I take SANS 408 or 508?” First let me provide one HUGE caveat and explanation of why I was already planning on answering this in 45 days. I have taken the 508 (I’m even a proud holder of a GCFA) but I took the course back in 2008.I was completely unprepared but it was still a fantastic learning experience and it taught me concepts that I use to this day. The 508 exam of today has very little in common with the 508 from 2008. The course has been completely re-designed from the ground up and I have yet to take the new version. I’m taking my GSEC exam at the end of this month but after that I’ll have a narrow window to watch the 508 OnDemand content for a much needed refresher. The new 508 books are actually sitting in a spare room in my house and in an unbelievable act of discipline I have

Quickie SANS Forensics 408 Review

In January I was able to attend the SANS FOR408: Computer Forensic Investigations – Windows In-Depth course. When choosing what course to take it would be easy to focus on the fact that this is a “400 level” course and assume it’s a beginner class. What shouldn’t be overlooked is the “Windows In-Depth” part of the course title. SANS absolutely delivers on the “in-depth” part. The course is six days of wholesome forensic goodness with five days of instruction and a day six “forensic challenge” where you examine an image from a case and compile a report of what happened. The course also comes with a hardware write blocker for every student which you get to keep. That’s one heck of a freebie. Rather than just spending a few minutes over-viewing what a particular type of Windows artifact does, the 408 course covers each artifact in detail, explains the differences across various Windows platforms and has labs throughout the course where the students get a hands on feel for examining a disk

An update and a useful link

I wanted to post a quick update to let everyone know the why the posts have been few and far in between these last few weeks. The quickie version is long hours at work combined with two sans conferences since my last post in January. Yes, two conferences in two months. I took the FOR 408 Windows Computer Forensics course in January and the SEC 401 Security Essentials Bootcamp in February. Reviews of both will be coming soon but I loved them both. I’ve also been reviewing some other course content which I may be able to write about soon. One thing I want to share before I go back to my GCFE studies is a great site I saw a few weeks ago. One of the most useful parts of my penetration testing course was the online lab of machines to try to hack. is a repository of images that a user can download and practice their hacking skills on. Right now there are five pages of images including some that can be difficult to find. After I’m passed my current glut of SANS