Thursday, April 26, 2012

Passed my SANS GCIH recert

Part of what has kept me busy over the last couple of weeks has been my studying for the SANS GCIH.  I knew about the various methods of re-certifying, but opted to just retake the test.  The books/media were shipped to me and I got busy with studying, especially the updates.

I really liked what was added to the course.  The material is current and relevant to what we as incident responders are seeing.  I had my books from my original certification and I quickly transferred my notes and highlighted what was new.  And, I transferred all of my stickies and flags from the old books to the new books.  That sentence should be bold, flashing, and scrolling.  I feel that knowing where the material is in the books is one of the key factors to helping you pass and not waste time.  The exam is challenging, even with open books, and it is easy to use up the time.  Knowing where specific topics are in the books only helps your chance of getting a better grade.

I didn't do it this time, but I will the next time.  I'll copy the table of contents to the front of the books so that I don't have to open them, I'll know exactly where to turn to.  But, it helps that I knew the material in the first place.  And, I'm passionate about incident response and forensics.  It makes learning, or remembering, the information that much easier.

I've been toying with the idea of doing/submitting a Gold paper this time.  However, I really don't have an idea of what to research/write about.  Feel free to leave suggestions in the comments.

Tuesday, April 24, 2012

Yep, got tickets...

Just a quick post.....yep, I got tix.  I'm glad.  I haven't missed a tour in a long time, and I didn't want my streak broken.  I've heard a lot of good things about this tour, so I'm excited to go.

A good way to follow the tour is through Backstreet's Setlist page.

DFIROnline Meetups

I know that this is a little late, I've been a little busy and life has gotten a little hectic. However, I want to thank Mike for hosting the DFIROnline meetup on Thursday.  I've known about the meet-ups, last Thursday was the first time I was able to attend.  The community is warm and welcoming, and both topics were well presented.  I learned a lot.  Girl Unallocated's talk on CCleaner was great to hear, and I learned more about looking for CCleaner artifacts when analyzing a system.  And Kevin's presentation on data recovery was simply amazing.  I wish I had a lab like that.  Holy Cow.  I had to wipe the drool up a couple of times.

Mike has the schedule posted here

I certainly plan to attend the next meeting.  And who knows...somewhere down the line I would give a presentation.  Just don't hold your breath, it will be a while.

Now, if I would only get on Twitter, I could probably engage in the chat box more.