A recommended study book is the “GIAC Certified Incident Handler Certification (GCIH) Exam Preparation Course in a Book for Passing the GCIH Exam – The How to Pass on Your First Try Certification Study Guide – Second Edition.” It can be purchased here. Advanced Analysis and Network Forensics: The candidate will demonstrate competence in analyzing data from multiple sources (e.g. Adding to the GCIH certification's value is the fact that it is a vendor-neutral certification, meaning that it is not tied to a specific manufacturer's hardware or software security technology. More than 30 certifications align with SANS training and ensure mastery in critical, specialized InfoSec domains. GIAC Certifications develops and administers premier, professional information security certifications. Password Guessing: use a valid ID and try a list of passwords, no brute force, slow Page 6 3. The GIAC Certified Incident Handler certification is a well-recognized and industry-valued designation. This course meets both of the key promises SANS makes to our students: (1) You will learn up-to-the-minute skills that you can put into practice immediately upon returning to work; and (2) You will be taught by the best security professionals in the industry. GIAC exams that are registered for in association with SANS training events do not become available to candidates until 10 days after the corresponding training event concludes. Content: SANS SEC 504 Hacker Techniques, Exploits & Incident Handling Assessment: GIAC GCIH Exam 3 Credit Hours By adopting the viewpoint of a hacker, ACS 3504 provides an in-depth investigation of the critical activity of incident handling. GIAC Security Essentials GSEC 401, SysAdmin, Audit, Network, Security SANS, 2009. In similar fashion you cover one book per day, but the books are only “yay” thick (a welcome reduction compared to 401): Read More. The SANS Blog is an active, ever-updating wealth of information including Digital Forensics and Incident Response. SANS Training, New GIAC Certification, GIAC Gold Paper : 36: 3 certifications. GIAC certifications provide the highest and most rigorous assurance of cyber security knowledge and skill available to industry, government, and military clients across the world. SANS SEC504 (GCIH) was the perfect sequel to the SANS SEC401 (GSEC) course I took over a year ago. full packet capture, netflow, log files) as part of a forensic investigation. Password Representations are stored hashed or encrypted passwords.Windows = SAM Linux = /etc/shadow 2. References Password Cracking: protect from unauthorized disclosure, modification, removal Page 5-52 a. SANS GCIH CERTIFICATION GUIDE: BOOK 504.4: 1. Please note that you cannot sit for a GIAC exam immediately following a corresponding SANS training course. ... "A great course on timeline, registry, and restore point forensics. You Will Be Able To. Publications You'll be taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. RITI Advanced Management Program RAMP, Regional Information Technology Institute RITI, 2008. SANS Computer Forensics Training Community: discover computer forensic tools and techniques for e-Discovery, investigation and incident response.