Introduction to DFIR (Digital Forensics and Incident Response)

Good article for those interested in Forensics

https://sroberts.github.io/2016/01/11/introduction-to-dfir-the-beginning/

Find more posts tagged with

Comments

TechGromit

Thanks for the link, I used several of the connecting links to try and get more into malware analysis. I believe there will be more job security in incident response in the future. Not s sexy as Pen-testing, but how many pentesters do they really need?

the_Grinch

Awesome post! I actually enjoy the IR part (what little I typically deal with) and can see where it is much more fun/interesting than pentesting. When you truly think about it, a good incident responder is going to need all the skills of the pentester and then some. One case I worked on took four weeks and it was definitely one of the most interesting things I ever dealt with. To go through various logs, network maps, and interview people was probably the most fun I have had in my career. Especially when you are able to display that something serious took place as other teams are saying it is no big deal or didn't happen.

jeremywatts2005

Well I will say DFIR is HOT!!!! This field is dying for people. I am constantly getting calls for analyst roles and lead roles. I have turned down several opportunities and some even for more money. I am pretty set with my current company having almost 300K employees worldwide, many are generational and had parents and grandparents work at the company. Today alone I have had 6 calls for different jobs in IR and DF.

coffeeluvr

Thanks for the link!

UnixGuy

the age old question is how the hell one gets into DFIR...I say getting those SANS certs would be a sane first step? I interviewed for such positions before and they all wanted existing DFIR experience already, not 20% experience, 100% experience. It has proven to be hard to get into, at least in my location anyway, the US is a (MUCH) bigger market.