Use this quick start guide to collect all the information about GIAC GLIR Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Linux Incident Responder (GLIR) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Linux Incident Responder (GLIR) certification exam.
The GIAC GLIR certification is mainly targeted to those candidates who want to build their career in Digital Forensics and Incident Response domain. The GIAC Linux Incident Responder (GLIR) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GLIR.
GIAC GLIR Exam Summary:
| Exam Name | GIAC Linux Incident Responder (GLIR) |
| Exam Code | GLIR |
| Exam Price | $999 (USD) |
| Duration | 180 mins |
| Number of Questions | 82 |
| Passing Score | 66% |
| Books / Training | FOR577: LINUX Incident Response and Threat Hunting™ |
| Schedule Exam | GIAC |
| Sample Questions | GIAC GLIR Sample Questions |
| Practice Exam | GIAC GLIR Certification Practice Exam |
GIAC GLIR Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Analyzing Anti-Forensics Techniques | - The candidate will demonstrate an understanding of how to analyze common tactics employed by attackers to hide their track including recovering deleted files, and timestamp manipulation. |
| Analyzing Linux Application Events | - The candidate will demonstrate an understanding of how to analyze common Linux application logs including webserver, database server, file sharing, and host firewall logs. |
| Analyzing Linux Events | - The candidate will demonstrate an understanding of how to analyze common Linux events found in the audit log including offline audit logs as well as events found in the journal, through offline analysis, using journalctl, and manual analysis. |
| Evidence Collection and Mounting | - The candidate will demonstrate an understanding of Linux memory management, kernel architecture, evidence collection including physical, virtual and volatile collection techniques. The candidate will also have an understanding of the tools used for collecting and mounting the evidence. |
| Incident Response Triage | - The candidate will demonstrate an understanding of triage concepts to include triage workflows, collecting triage data, and triage collection scripts. |
| Linux File System Artifacts | - The candidate will demonstrate an understanding of Linux threat hunting including recognizing common persistence mechanisms, file modification and within the password file structure. |
| Linux File System Fundamentals and Analysis | - The candidate will demonstrate an understanding of using The Sleuth Kit to analyze a Linux file system artifacts including concepts, terminology, and file system layers. |
| Linux Memory and Device Profiling Analysis | - The candidate will demonstrate an understanding of how to perform live memory analysis as well as performing device profiling including profiling priorities, network profiling and current running binaries. |
| Linux OS Event Log Introduction | - The candidate will demonstrate an understanding of how Linux logs are gathered, analyzed, and managed, to include system, boot, authentication and authorization logs. |
| Linux OS File System Structure | - The candidate will demonstrate an understanding of the Linux file system structure including boot files, libraries, binary files, devices and drivers. |
| Linux OS Fundamentals | - The candidate will demonstrate an understanding of the Linux operating system structure, common distributions, command line basics, and regular expressions. |
| Linux Threat Hunting and Incident Response | - The candidate will demonstrate an understanding of threat intelligence concepts and how to utilize that knowledge to perform threat hunting within a Linux environment. Additionally the candidate will demonstrate an understanding of the incident response process, creating and implementing playbooks, and response workflows. |
| Linux Timeline Analysis | - The candidate will demonstrate an understanding of timeline concepts, types of timelines used, timeline analysis and potential issues specific to Linux operating systems. |
To ensure success in GIAC GLIR certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC Linux Incident Responder (GLIR) exam.