Options

Just got killed for a DFIR job

unrealskillz06unrealskillz06 Member Posts: 37 ■■■□□□□□□□
As crazy as it sounds it was a great experience though.  I couldn't remember anything!  :D:D

A lot of my background comes exclusively from networking and they weren't giving me any outs to use that experience.  It was all forensics questions.  How do you guys break into that field?!?!

Comments

  • Options
    Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I'll go with the obvious question, you have zero DF experience or training and interviewed for a DFIR job?
  • Options
    unrealskillz06unrealskillz06 Member Posts: 37 ■■■□□□□□□□
    Lol yep. How else are you supposed to get a job? 😂

    I just recently took GCIH and it briefly covers IR steps but I don't have work experience.
  • Options
    JDMurrayJDMurray Admin Posts: 13,050 Admin
    It is unlikely you will find a DFIR job that will entirely train you for even a junior-level position (unless it's in a lab imaging hard drives for $15/hr). You would need to have some prior expertise in an area(s) that the DFIR group was so lacking that they decide to hire you anyway (e.g., Malware reverse engineering). You could also get a job in a large corporation in a different role and then figure out how to move into the DF or IR teams.

    There is really no formal course of study for an IR investigator. You can take digital forensic classes at local colleges, study for the more basic DF certifications, and even get a DF degree. Remember that forensics is all about presenting evidence in court, so legal and law enforcement experience is a huge plus, especially when it comes to performing investigations and producing casework documentation. Remember, if you aren't documenting then you aren't doing DFIR.
  • Options
    BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    Lol yep. How else are you supposed to get a job? 😂

    I just recently took GCIH and it briefly covers IR steps but I don't have work experience.
    Why did they bring you in for an interview?  Seems they should have known you were green.
  • Options
    UnixGuyUnixGuy Mod Posts: 4,567 Mod
    SANS GIAC GCFA is an excellent DFIR cert, it'll give you a lot of knowledge (this is how I broke into the field). Alternatively, if you don't want to pay for SANS, elearnsecurity has a DFIR cert as well



    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • Options
    unrealskillz06unrealskillz06 Member Posts: 37 ■■■□□□□□□□
    Blucodex said:
    Lol yep. How else are you supposed to get a job? 😂

    I just recently took GCIH and it briefly covers IR steps but I don't have work experience.
    Why did they bring you in for an interview?  Seems they should have known you were green.
    I dont know.  lol.  It was fun though.  Gave me some stuff to look up after the interview.  Its been a while since I've felt like crap after an interview :D
  • Options
    unrealskillz06unrealskillz06 Member Posts: 37 ■■■□□□□□□□
    UnixGuy said:
    SANS GIAC GCFA is an excellent DFIR cert, it'll give you a lot of knowledge (this is how I broke into the field). Alternatively, if you don't want to pay for SANS, elearnsecurity has a DFIR cert as well



    I'll go check that elearn course out.  Thanks!
Sign In or Register to comment.