SANS Digital Forensics and Incident Response Blog

Which SANS Digital Forensic Course Should You Take?

Computer Forensic Course Assessments

Over the past year, we have been asked many questions about what the SANS Digital Forensic courses offer and which course would be appropriate for you.

FOR 408 — Computer Forensic Essentials — Teaches Traditional Crime Forensics -FOCUS -> Windows Forensics In-Depth and Investigation Analysis

https://computer-forensics.sans.org/course/computer-forensic-essentials-1207-1

FOR508 — Computer Forensic Investigations and Incident Response — Teaches how to respond to technically savvy criminals and challenging intrusion cases — FOCUS -> File System Forensics, Intrusion Analysis, and Live Response

https://computer-forensics.sans.org/course/computer-forensics-investigation-and-response-98-1

.

Digital Forensic Assessment Test For FOR408 and FOR508:

SANS is conducting a Computer Forensic Course Assessment to help place people in the appropriate forensic course based on your skills. This is not a certification. You cannot claim you are an expert if you pass. If you score poorly it does not mean you are lack any skills. It is merely based on the a little bit of the material in both courses.

The test is intended to be challenging. It will demonstrate the depth of our core digital forensic courses. It is not an all encompassing test. Just a quick assessment of your knowledge to see which course you would feel most appropriate in.

We merely took several sections that most investigators should know such as Browser Forensics, Registry Forensics, Artifact Analysis, Email Forensics, Live Response, Disk Forensics, and File System Knowledge. We cover Windows XP through the new Windows 7 in the course and the assessment will also gauge test some of your knowledge for the new MS operating systems.

"Which Course Should You Take?" Assessment Test Login

https://portal.sans.org/assessments/forensics.php

.

How to score yourself?

At the end of the test, you will be given a star rating based on the material. The higher the star, the better you are at the material covered in that course. Generally you should have a 5 star rating which means you scored 90 or above and you have probably mastered the material in that course

.

Computer Forensic Investigations and Incident Response (FOR508)

For many of you who haven't seen Computer Forensic Investigations and Incident Response FOR 508 recently. The material has changed greatly and the course has really tightened up. Rob Lee has brand new material being released in it in mid-Feb, 2010 in Phoenix, AZ and after that in Orlando 2010. We have a couple of days left to register for Orlando at a discount... REGISTER NOW!

New Topics for Computer Forensic Investigations and Incident Response (FOR508) Include:

  • Shellbags Windows Registry Examinations
  • Finding unknown malware
  • Full discussion of Live Response strategies
  • SUPER timelining capability (The FBI feedback told Rob that it is flat out incredible)

It is time to push the limits of what people consider a "PROPER" digital forensics and incident response investigation. In order to fight today's threats... you need to have the latest information.

.

Computer Forensic Essentials (FOR408)

SANS has also launched Computer Forensic Essentials (FOR408)... in this course we focus on ANALYSIS. Not how to fight with linux and a command line tool. This is not a basic course though. Want to know what you might be missing? We have created an assessment test that is quite... challenging. It covers many new lessons learned over the past two years in computer forensics...

1 Comments

Posted February 4, 2010 at 5:24 AM | Permalink | Reply

suvarna

Generally you should have a 5 star rating which means you scored 90 or above and means you have probably mastered the material in that course