SANS is renowned as a leader of information security training


Active Member
Jan 2, 2016
Reaction score
With that being said, their training can cost $8,000 and that is no big deal. Why? No one else has quality content to train with that is constantly relevant by active trainers. Their SANS instructors remain constant in developing course material and shaping the courses to keep exams challenging with engaging training! Often, you may hear "The SANS firehose method," which is indicating the knowledge stream fired into your mouth. For example, SANS themselves will say "SANS Mentor sessions allow you to drink from the SANS firehose, one sip at a time."

SANS maintains somewhat of a partnership between GIAC (certification entity) and themselves for delivering training for the GIAC certification.

SANS (training) was founded in 1989 by Alan Paller, whilst GIAC (certification) was founded in 1999 about ten years later by Stephen Northcutt. GIAC is an affiliate of the SANS Institute.

Long story short, SANS has some pretty damn informational content and the quality is up there. When you can get this for free, that is even more awesome! I will share this below.

For example, you could look around for Windows forensics or Linux forensics.

For the price of free, this PDF content is free gold.

One example of a PDF worthy of checking out is right here (<--- click). Down the document, you will notice Table 1 highlights "Tools used to perform behavioral and code analysis"

You may be wondering how a SANS course is taken? Typically an employer will pay a couple thousand dollars for an employee to take the training, let's say for example a computer security employee at a company is tasked with incident response often. It may be worthwhile for this employee to be trained in the ways forensics analysts operate to quicken response time and enable the analyst to spend less time "hunting around". SANS offers FOR508 for analysts and you may use the PDF search trick above to find info by clicking through a few PDFs over here.

Here is an example of how SANS redecorates their material:



They repurpose a lot of their material with just enough changes to where the content maintains a certain freshness. This is great from both a business standpoint (they can make more money from developing their training by keeping things updated and not have to build entirely new training), but also for the recipient of training because as GIAC exam questions may change, SANS can support these changes by updating their training. One important thing to note is the GIAC exam questions may stress certain aspects of the SANS training materials, so if you attempt the exam without receiving your SANS bookwork and possible hands-on labs (DFIR) or better known as the SIFT Workstation - Digital Forensics and Incident Response Distribution - then you may not be prepared.

One key element of success in regards to SANS courses, then onto GIAC exams - is to make a strong index mainly because this forces you to read and familiarize yourself with course content.

A beautifully constructed review of GIAC exams and preparation lies over here, from the brains of Lesley.

Have you ever taken any information security training? If so, what did you take..