As always, let us know what you think of the review. Also be sure to share your thoughts on this course (if you've taken it), the cert exam or how other courses might stack up.
Permalink: [Article]-Course Review: SANS FOR408 Computer Forensic Investigations – Windows In-Depth
By Jason Andress
The field of forensics used to be the ugly step-child of the ethical hacking world. In fact, it wasn’t even in the InfoSec category at all for the longest time. It was a realm populated by one of two types - the lonely IT guy hired by law enforcement to handle general tasks or the unlucky law enforcement officer who admitted that he knew something about computers. My have we come a long way. Not only is there now multiple disciplines, network forensics and file system forensics, but also each has its own sub-specialties for a given technology. Thus file systems forensics break into mobile and desktop varieties, and further areas of specialization for OSX, Linux and Windows. And with any maturing industry, there are a slew of training options available.
The SANS FOR408 Computer Forensic Investigations – Windows In-Depth class covers the needed skills for proper forensic acquisitions and analysis of devices with this operating system. While many classes focus largely on forensic acquisitions and on a single or just a few tools, FOR408 goes into great depth on the analysis side and covers a multitude of tools: some pay and some free, some open source, and quite a few that will make the hair stand up on the back of your neck. The class also plumbs the depths of a number of operating system artifacts that lurk in the crevices of Windows and is generally a great deal of fun for the forensically-minded. This course and review is slightly different, as I attended the SANS vLive version of this class. Let’s take a look at the specifics.