How I Passed the GCFE Exam

By: Estee Ranson


Hello everyone!

    Today I am going to share with you how I went from a Business Degree in Hospitality and Tourism to achieving my GCFE certification! Throughout this blog I will share with you my process of attaining the GIAC Certified Forensic Examiner certification and some tips that I wish I had before I started!

My Knowledge Before Working Towards the GCFE

    -    A Bachelor of Commerce in Hospitality and Tourism Management

    Now most individuals who think about attaining a GCFE certificate have a background in information security, incident response, or law. My background was quite different. The only previous relevant experience I had was from back in 2012, where I spent 2 years majoring in Business Technology at Ryerson University before switching my major to Hospitality and Tourism Management (yes, my parents were very confused). So basically, I had no recent experience on the subject.

Educational Tools I Used

    To start my journey, I decided to read a Comptia Security + study guide textbook (I found this on Amazon during the pandemic) just to familiarize myself with the basics of computer security and the lingo involved in the subject. This was helpful for me because I had no computer security experience. Next, I decided to take the SANS FOR500 Windows Forensic Analysis Training. With the pandemic happening, I enrolled myself into the live-online version of the course. I originally thought I would not be able to learn well with the online version, however the course was very interactive, and I did not notice a difference. I found that this course gave me everything I needed to pass the GCFE and although I was a complete beginner, the content was easy to learn and understand. This course was very pricey, but the skills and knowledge you obtain make it worth every penny. 



 Making My Killer Index

    One important tip you will hear about, if you are looking to pass the exam, is that you need to make an index of your SANS textbook – Which I found to be true. Making an index was an important aspect of gaining my certification: not only does it aid the studying process, but it also helps you during your exam!

    I was given some recommended indexing methods from my SANS instructor; I chose the pancakes method:

 

https://tisiphone.net/2015/08/18/giac-testing/

 

    After taking my first practice test, I realized that the pancakes method was not enough. It was too time-consuming flipping through my index just to have to flip through the textbook to double check my answers. I decided that it would be a lot more efficient adding key definitions and examples to my index so all of the main points I needed to know would be even more accessible. I turned it into one master list of key terms/index. I would recommend indexing and writing down definitions and examples at the same time when going through the textbooks - this would save a lot of time. I also printed my index double-sided and tabbed each page labeling each letter that I could find on the pages. 


     My index (including the definitions), ended up being 18 pages long, yet I found while reading online, that a lot of people said their index was 40-50 pages. I think it is up to you how detailed you want to go with your index, but I found that my 18 paged index worked. 


I Used Both Practice Tests


    You get 2 practice tests with the purchase of your GIAC exam - use these wisely. With these tests, you can see if your index is strong enough for the exam. While taking my practice tests, I had a notebook and pen ready which I used to write down any terms I could not find in my index or had miss completely. I added all the terms I wrote down to my index which made it ready for the final exam. 

    

    After taking both practice tests I realized I needed an easier way to reference event ID’s, event categories, and other charts that did not fit nicely in my index. I made a separate short booklet of significant charts for quick reference. 

  

      Both practice tests covered similar and different content, so it is important to use both to get an idea of all significant topics.


Review All Materials Before the Exam

    

    I chose to re-watch and re-listen to my SANS materials; I found that with a better understanding of the material, I noticed important details I missed the first time around and could appreciate the content more. It is like re-watching a movie repeatedly and noticing that new joke or statement you did not know was there, and you start to appreciate the story and the writing more. Re-watching my classes after studying allowed me to absorb more knowledge and allowed me to truly understand the content.

 My Thoughts About the Exam

    I found that the exam was quite different than the practice tests. I assumed the exam would have the same questions as the practice exams with some wording and numbers changed. I was wrong. There were only a few questions on the exam that were like the practice tests, every other question was new and different. Do not let this scare you.

    After going through all your materials, making the index, taking your practice tests, and any other study material, you will be prepared for the exam. I ended up scoring significantly higher on the exam than both my practice tests.

 

Comments

Post a Comment

Popular posts from this blog

Day 1 in DFIR: Thoughts and Tips for Beginners

       This past year I have made the transition out of the hospitality and tourism industry and into the world of digital forensics and incident response. I had heard of this intriguing industry niche through a friend; she pointed me towards taking the SANS FOR500 Windows Forensics Analysis course and getting the GIAC Certified Forensic Examiner certification. Two months after I received my GCFE I was fortunate enough to land my first job in DFIR. Although I have made big strides in my transition into DFIR, there is still a lot I must learn and some gaps in knowledge I need to fill in this industry. Now that I have to opportunity to have hands on training with my new employer, I want to share with you my journey and any advice I have for anyone new to DFIR and technology.   Hello DFIR! It's me, Estee.        After I finished the GCFE, my first step was to expand my horizon and study more topics to help me in DFIR. I continually found myself starting one subject only to rea
Read more