Reddit reviews Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8
We found 4 Reddit comments about Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8. Here are the top ones, ranked by their Reddit score.
Syngress
Aside from SANS FOR508 (the course on which the cert is based) the following helped me:
Windows Registry Forensics
Windows Forensic Analysis Toolkit 2nd ed
Windows Forensic Analysis Toolkit 4th ed
The 2nd edition covers XP, the 4th covers 7/8
Digital Forensics with Open Source Tools
File System Forensic Analysis
This is a new book, but I imagine it'll help as well:
The Art of Memory Forensics
I read many of these in preparation for taking mine, but your best resource are the SANS class/books which is what the cert tests after. Having a good index is key.
There may be other classes out there that might help, but I have no firsthand experience with them, so I can't say what I recommend. All the above books, however, are amazing. Very much worth your time and money.
There are a ton of different things you can do on the defensive side. The path here is a bit less defined because you can specialize in each of these areas with out ever really touching the other ones. But I think these are the most important skills as a defender, so I’ll break it up into three smaller chunks. For the most part, defender/Blue-team concepts draw from these skills, I’ve setup the courses in order, as some of these skills may feed into other areas.
IR:
Forensics:
Reverse Engineering (Dynamic and Static):
I know there’s not a lot of certs here, and unfortunately, that’s how it is across the blue team. Certs here are usually very vendor-specific, and not applicable to defense as a whole. Those certifications exist, but I’m not listing them here.
If people are interested, I can also do a similar write-up on Mobile Forensics and Cloud Forensics (which is my direct background).
Lastly, here are some of my favorite news sources across the InfoSec community -
News Sources
I don't think there are really an prerequisites to get a good amount of learning out of the class. Understanding the types of attacks is a great start. In 2004 (at least I think it was that year), they only had one class (508) and on day 3, after we had gone over the bulk of how filesystems and computers work, we were doing an exercise based on hand rebuilding a usb thumb drives filesystem (it had been tampered with). A guy raises his hands as says "You keep using the words rootkit, what is that"? The instructor thought he was being trolled at first. So having a pentesting cert will certainly help you (both as a pentester and with learning forensics since you will learn that there is always evidence of some sort left behind).
All that being said though, you should at least be a little familiar with the following (though they do a great job of explaining these in the class):
Right now (well as of last year when I took the cert/class) the books are titled:
Harlan Carvey's books are an excellent resource.
Windows Registry Forensics, 2nd
Windows Forensic Analysis Toolkit 4th
My first time using the formatting features, so hopefully I didn't screw that up. Feel free to PM me if you have more questions. I have a bunch of SANS certs and have been doing this for ages. I am always happy to help someone who's learning!
Edit: the 2nd book link isn't showing up, so fixed that.
My recommendations then for self study:
Read all those and you will be in good shape ;)
EDIT: I hate trying to get reddit to do what I want.