eLearnSecurity has been a player in the certification market for some time now, although their notoriety has been eclipsed by the powerhouses of EC2, CompTIA, and EC-Council. Who knows why that is the case, but, it is what it is.
eLearn has a variety of certification options depending on what you are into; these include penetration testing, threat hunting, reverse engineering, exploit development, and of course, forensics.
To me, what sets them apart from the other competitors is the quality of information: Hands on labs, video content and slide show of content. I feel like the material is always researched well and the additional references provide truckloads of information.
The videos are also really well produced, which is essential for my sanity. I have trouble focusing if they are terrible quality. For instance, there was a pen-testing site that had a crap ton of content, but boy was it rough. I watched through a couple of series and just couldn’t take it anymore. The content within was tremendous but the videos were horrible. Anyways back to these guys. The narrator is well spoken and easy to understand, and the content helps bring clarity to the lessons.
Elearn is excellent but like everything they do have some negatives. One of the most significant issues I have seen is that when the course is first released, the quality is somewhat lacking; missing content, videos, exam, but they make up for it by offering extreme discounts, sometimes up to 40% for prior customers. With new courses, they tend to release a little too early and continue to push out content until the entire class has been released. I live my life this way so not too big of a deal for me personally. Beta test all the things live.
Also, if you have seen some of their older content that hasn’t been refreshed, it is a little rough due to grammatical and logical errors in the material. I imagine they were still building their team and processes when they released these because the content is much better now.
Digital Forensics Professional
The course aims to cover the basics of a forensic investigation, including data acquisition, file examination, disks, file systems, windows forensics, network forensics, log analysis, timeline analysis, and reporting.
For me, the most interesting portion of the material was Windows forensics. They covered a variety of artifacts that will help in any host-based forensic investigation; registry, browser data, among other types. For now on, I will forever gather prefetch when investigating a host.
For red teamers, this course is helpful too. By understanding these you will be enlightened about the little gifts you leave the blue team.
Another significant section and the most difficult for me was disk and file systems. I think it was rough because my working knowledge of these topics minimal. Luckily eLearn really dug in; spending large portions on the different types of file systems and how each function. Learning this knowledge led to being educated on how to recover corrupted disks deleted files.
For me, my knowledge took a massive leap forward in the realm of forensics, and I have already begun to implement the new techniques into my methodologies.
The exam is 24 hours long with 30 questions, all multiple choice. 15 are knowledge-based and 15 are lab-based. Like most exams, the lab-based questions are the most difficult(well except for SANs courses). You are given forensic boxes with tools and evidence that you must use to answer questions.
One thing that will surprise you about the labs is the limited set of tools they provide. In the material, they focus on specific tools; however, some of these may not be available on the exam boxes. I actually built a methodology around specific tools during my studying, and few of these were available for use. Yikes.
Besides the lack of tools, the test was straight forward, and the practical stuff was pretty rough, especially in my weak area of file systems. I wouldn’t say it was OSCP hard, but it wasn’t a pushover.
While the experience was an overall positive, and I am absolutely grateful for the content, there will always be ways to improve. For me, this was only my second exam I have taken with eLearn. In this one especially, I felt a disconnect between the practical portion of the exam and the training.
It was as if they expected you to go out and research how to do specific techniques but didn’t really emphasize the need. I’m cool with trying harder and enjoyed that type of instruction with Offensive Security; however I wish they would have made it more transparent.
In their defense, they do offer an eclectic set of resources to further your study; however, I didn’t realize this was absolutely necessary.
What can I say? I am a product of the CompTIA type exams where you must study what is in the study guides or risk wasting time.
Another issue I had was with some of the labs. The VM’s they provided with forensic tools had this uncanny ability to crash or stall out on me frequently. Now I know, no lab is perfect, but it sucks that opening a picture crashes the VNC session. Just saying.
Other than that, I have no gripes. I expect that they will release another iteration of this course in the next year or so, fixing the labs and improving the material.
Who should take it?
For those working in an incident response role with access to host-based investigation tools, I highly recommend this certification. With this knowledge, a whole new world will open up to you, and your ability to detect changes to systems will grow dramatically.
I really think this brings Incident Response full circle for those who like me, have been mostly used in a network investigation capacity. We are missing so much if we rely solely on network logs, and unfortunately, I think that is what most SOC operations are doing today. Feel free to let me know if I am wrong here.
Tips for Success
If you are reading this and are about to take the exam, these tips are for you:
1. Develop a set of methodologies for the different areas you are studying, such as windows artifacts and disk analysis. This will shorten the time you spend on the practical portion of your labs.
2. Take notes. For those of you who read my blog or watch the YouTube channel, I am a big believer in note-taking. These courses should not just be another notch on the belt, you should be able to put the information into practice. By keeping easy to access set of notes, you are making your life easier.
3. Make sure you pause your test when you take a long break. The exam is 24 hours, so I decided to get some sleep. Unfortunately, when I awoke, the exam was automatically submitted even though my time was not up yet. Luckily, I had enough points to pass. However, I tell you this so that you won't have the heartache of failing due to the exam being submitted automatically without enough points.
4. Take breaks. Yes, you have 24 hours, but you don’t need to stare at the screen for 24 hours straight. Relax go for a run, get some food, or do anything to take your mind off of the exam. You never know, while your slurping up some ramen a fantastic idea may occur to you that will get you some more points.
Updated based on a question from a reader. Keep the good questions coming.
5. Makes sure you can complete all the labs without any issue. eLearnSecurity exams follow the labs fairly closely. Your ability to do the labs well is usually a pretty good predictor on how well you will do on the exam.
6. If you need more help on the topics discussed in the course check out 13Cubed YouTube channel for in depth forensic videos.
Overall the exam is excellent, and I like the idea of another organization challenging the heavy hitters in cybersecurity education. Give eLearn a shot.
FYI, Black Friday is coming up in the next month and will probably be a great time to pick up one of these courses for a discounted price.
Hopefully, my two cents were worth space the words have taken up. My apologies if some of the information appears vague, however know some organizations are pretty heavy-handed with reviews. I don’t know if eLearn is, but you never know.
Hit me up if you have any questions!