GCFA – Well done Lien Van Herpe

Congratulations to Lien Van Herpe in becoming a GIAC Certified Forensic Analyst !

She passed the exam with 91% !

Lien is one out of 4 persons currently working dedicated in our Computer Forensic team.

Below is a short overview of her core capabilities as a Forensic Analyst:

Identification of Malicious System and User Activity
techniques required to identify and document indicators of compromise on a system, detect malware and attacker tools, attribute activity to events and accounts, and identify and compensate for anti-forensic actions.

Incident Response in an Enterprise Environment
how to rapidly assess and analyze systems in an enterprise environment and scale tools to meet the demands of large investigations.

Incident Response Process and Framework
the steps of the incident response process, attack progression, cyber threat intelligence, malware and adversary fundamentals.

Timeline Artifact Analysis
Windows filesystem time structure and how these artifacts are modified by system and user activity.

Timeline Collection
the process required to collect timeline data from a Windows system.

Timeline Processing
the methodology required to process Windows timeline data from multiple system sources.

Volatile Artifact Analysis
normal and abnormal activity within the structure of Windows volatile memory and be able to identify artifacts such as malicious processes, network connections, system data and memory resident files.

Volatile Data Collection
how and when to collect volatile data from a system and how to document and preserve the integrity of volatile evidence.

Windows Filesystem Structure and Analysis
understanding of core Windows filesystems, and the ability to identify, recover, and analyze evidence from any file system layer, including the data storage layer, metadata layer, and filename layer.

Windows System Artifact Analysis
understanding of Windows system artifacts and how to collect and analyze data such as system back up and restore data and evidence of application execution.