As someone in the cyber/digital forensics community, I always looked at forensics training programs partially as a waste of time and (lots of) money (caveat: for someone already knowledgeable in the field). However, after some convincing from colleagues, I decided to give one a shot in December 2015. The class I participated in was SANS FOR508 (Advanced Digital Forensics and Incident Response) in Washington D.C. In addition, I signed up for the GCFA (Certified Forensic Analyst), taken in January 2016. Here are some of my thoughts now that I've gone through both of them.
- Good lecture flow/structure
- Decent content
- Too focused on some very specific or outdated tools (The Sleuth Kit)
- Provided workbook was less training and more "fill-in-the-blank"
- Focus more on concepts and less on specific tool use
- Expand on the workbook exercises to explain results to a user