+ Reply to Thread
Results 1 to 17 of 17
  1. Junior Member
    Join Date
    Jul 2013
    Posts
    7
    #1

    Default Forensic certifications closest to OSCP level of learning

    Hi, I'm a security engineer and we had a security breach recently at our company. Senior management wants to invest into trainings for employees to handle the aftermath of such incidents better next time. I just finished my OSCP and will be responsible for the next incident response. I learned a lot getting my OSCP and I'm looking for a forensic certification that is as close as possible to the training I received from offensive security. I also have various other security certifications that I got via multiple choice tests. While there's a value in that I still would prefer a more hands-on approach to learning. I looked into the list of available security certifications and none of them appealed to me right away. What's your recommendation? Btw. I'm in Germany and not in law enforcement, some are excluded by that. Thanks
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Jul 2013
    Posts
    7
    #2
    I forgot one important thing: We're a linux shop, so windows-centric certifications are of limited use to me.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    May 2006
    Posts
    1,863

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #3
    Maybe the GCIH from SANS, have you looked at that?
    Reply With Quote Quote  

  5. Junior Member Cuse0311's Avatar
    Join Date
    Oct 2011
    Posts
    11

    Certifications
    Security +, GCED
    #4
    Quote Originally Posted by TheFORCE View Post
    Maybe the GCIH from SANS, have you looked at that?
    I second that. You could also take a look at some of the SANS forensics certifications as well. They have a really solid advanced network forensics course.

    https://www.giac.org/certification/n...c-analyst-gnfa
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Oct 2010
    Location
    NATTED to nowhere!
    Posts
    508

    Certifications
    S+, N+, CEH, CSSLP, CISSP, CGEIT, CCSA, CCNA, CRISC, CASP, RHCSA, RHCE, CBE, GCIH
    #5
    If you are looking for vendor neutral certification, then SANS GIAC certs are your best option. The vendor certifications require some practice and knowledge within their respective application.

    Good Luck!!!
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Jul 2013
    Posts
    7
    #6
    Thank you all for your replies. I read through the various GIAC offerings and Certified Incident Handler + Certified Forensic Analyst (GCFA) seems to be pretty close to what I want. Too bad offensive security doesn't offer something in this regard (but they're not called defensive security, sooo ... )
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Sep 2015
    Posts
    482

    Certifications
    MCITP, MCSA, CCNA, VCA, ACA
    #7
    GCFE, GCFA are great for Windows and Forensics in general.

    If you want to go deeper there is 526 and 572 as well from SANS.
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Jul 2013
    Posts
    7
    #8
    Quote Originally Posted by TacoRocket View Post
    If you want to go deeper there is 526 and 572 as well from SANS.
    Thank you for the hint. Unfortunately the trainings are really expensive. I'll need to talk to my manager about that
    Reply With Quote Quote  

  10. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,764

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #9
    Get a quote from a local incident response or computer forensic firm. That will change his mind quickly.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Sep 2015
    Posts
    482

    Certifications
    MCITP, MCSA, CCNA, VCA, ACA
    #10
    Also look into the SANS work study. Changes the price from 8k+ to around $1100.

    Quote Originally Posted by johseg View Post
    Thank you for the hint. Unfortunately the trainings are really expensive. I'll need to talk to my manager about that
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Apr 2012
    Posts
    230

    Certifications
    A+, Security+, CCENT, C|EH, GCFE, GCFA, GREM
    #11
    I have to disagree with the GCIH recommendations in here. GCIH doesn't really cover forensics, it's primarily focused on Hacker Tools and Techniques, as the title of the course would suggest. I honestly find GCIH to be a pretty overrated cert, held by lots of folks due to DOD 8870. It's not a bad course to take by any means, but it certainly doesn't belong in any discussion with OSCP. It's the course my org sends our tech writers and non-technical management folks to to get their feet wet. GCFE and GCFA are both excellent courses if you want forensics knowledge and work hands on. GCFE is a bit dry and more pure forensics, GCFA is a bit more exciting, and covers intrusions. I don't know of any other courses that teach similar knowledge.
    Last edited by ramrunner800; 08-03-2017 at 09:23 PM.
    Currently Studying For: GXPN, GCTI
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Mar 2014
    Posts
    617

    Certifications
    Alphabet-soup
    #12
    InfoSec Institute and the IACRB training/certs are hands on and cheaper than SANS. Also, they offer discounts to a lot of professional organization members, ISACA and Infraguard are two that I know of off the top of my head. I wouldn't say they're as good as SANS, but when I can get courses for half the price, it makes it easier.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Apr 2014
    Posts
    160
    #13
    Hi there,

    I would give a go for the CCE if Forensics would be a targeted field of mine (i might even do so anyways...):
    https://www.isfce.com/index.html

    A online paced self paced "bootcamp", as they call it is available here:
    Computer Forensic Training Center Online

    Cheers,
    m.
    Reply With Quote Quote  

  15. Junior Member
    Join Date
    Apr 2015
    Posts
    8

    Certifications
    Prince2, CSX-F, eJPT, GMON
    #14
    Quote Originally Posted by ramrunner800 View Post
    I have to disagree with the GCIH recommendations in here. GCIH doesn't really cover forensics, it's primarily focused on Hacker Tools and Techniques, as the title of the course would suggest. I honestly find GCIH to be a pretty overrated cert, held by lots of folks due to DOD 8870. It's not a bad course to take by any means, but it certainly doesn't belong in any discussion with OSCP. It's the course my org sends our tech writers and non-technical management folks to to get their feet wet. GCFE and GCFA are both excellent courses if you want forensics knowledge and work hands on. GCFE is a bit dry and more pure forensics, GCFA is a bit more exciting, and covers intrusions. I don't know of any other courses that teach similar knowledge.
    I'm coming a bit late, but still wanted to agree with this post. You should go for GCFE|A or GNFA for the network part.

    For the rest the only cert which I think would match is the future CSX-Specialist (Respond) https://cybersecurity.isaca.org/csx-careers
    As i had the chance to test the lab environment for the CSX-Practitioner (never took the exam), I can say that it's really hands on and pretty convenient as it's through web browser only. Even if I don't really like other ISACA's certs, like CISA, CISM, etc. I have to say they did a pretty good job for building CSX certs.

    Wait&see if it will be recognized by companies.
    Reply With Quote Quote  

  16. The ceiling is glass. PJ_Sneakers's Avatar
    Join Date
    Nov 2014
    Location
    169.254.0.1
    Posts
    758

    Certifications
    AccessData, Cellebrite, CompTIA, EC-Council, IACRB, (ISC)˛, Microsoft, MSAB
    #15
    The IACIS CFCE is probably the closest to OSCP. Each candidate is given a unique forensics scenario that must be properly investigated, analyzed, and reported. It is for all intents and purposes, a completely simulated case that must be processed in order to achieve certification.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    208

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE
    #16
    I would choose the most appropriate course from SANS and make a proposal to your management. The timing is good... they had a breach, they want training, money will follow
    Reply With Quote Quote  

  18. Junior Member Registered Member
    Join Date
    Sep 2015
    Posts
    5

    Certifications
    GNFA, GCIH, Sec+
    #17
    Quote Originally Posted by princesamus View Post
    I'm coming a bit late, but still wanted to agree with this post. You should go for GCFE|A or GNFA for the network part.

    For the rest the only cert which I think would match is the future CSX-Specialist (Respond) https://cybersecurity.isaca.org/csx-careers
    As i had the chance to test the lab environment for the CSX-Practitioner (never took the exam), I can say that it's really hands on and pretty convenient as it's through web browser only. Even if I don't really like other ISACA's certs, like CISA, CISM, etc. I have to say they did a pretty good job for building CSX certs.

    Wait&see if it will be recognized by companies.

    While I support SANS could be the best out there as training, CSX-P is your closest OSCP experience in terms of Certification (Lab style instead of Multiple choices).

    If you still wanna go SANS, then aim for FOR508 (GCFA) .. as SEC504 (GCIH) will be below your expectation if you already have an OSCP.

    FOR500 (GCFE) won't add much value to you as it is Windows Forensics (which you mentioned is out of your current focus)
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks