Options

Just got killed for a DFIR job

unrealskillz06unrealskillz06 Member Posts: 37 ■■■□□□□□□□
in IT Jobs / Degrees
As crazy as it sounds it was a great experience though.  I couldn't remember anything!  :D:D

A lot of my background comes exclusively from networking and they weren't giving me any outs to use that experience.  It was all forensics questions.  How do you guys break into that field?!?!
· Share on FacebookShare on Twitter

Comments

  • Options
    Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I'll go with the obvious question, you have zero DF experience or training and interviewed for a DFIR job?
    · Share on FacebookShare on Twitter
  • Options
    unrealskillz06unrealskillz06 Member Posts: 37 ■■■□□□□□□□
    Lol yep. How else are you supposed to get a job? 😂

    I just recently took GCIH and it briefly covers IR steps but I don't have work experience.
    · Share on FacebookShare on Twitter
  • Options
    JDMurrayJDMurray Admin Posts: 13,026 Admin
    It is unlikely you will find a DFIR job that will entirely train you for even a junior-level position (unless it's in a lab imaging hard drives for $15/hr). You would need to have some prior expertise in an area(s) that the DFIR group was so lacking that they decide to hire you anyway (e.g., Malware reverse engineering). You could also get a job in a large corporation in a different role and then figure out how to move into the DF or IR teams.

    There is really no formal course of study for an IR investigator. You can take digital forensic classes at local colleges, study for the more basic DF certifications, and even get a DF degree. Remember that forensics is all about presenting evidence in court, so legal and law enforcement experience is a huge plus, especially when it comes to performing investigations and producing casework documentation. Remember, if you aren't documenting then you aren't doing DFIR.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • Options
    BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    unrealskillz06 said:
    Lol yep. How else are you supposed to get a job? 😂

    I just recently took GCIH and it briefly covers IR steps but I don't have work experience.
    Why did they bring you in for an interview?  Seems they should have known you were green.
    · Share on FacebookShare on Twitter
  • Options
    UnixGuyUnixGuy Mod Posts: 4,564 Mod
    SANS GIAC GCFA is an excellent DFIR cert, it'll give you a lot of knowledge (this is how I broke into the field). Alternatively, if you don't want to pay for SANS, elearnsecurity has a DFIR cert as well



    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

    · Share on FacebookShare on Twitter
  • Options
    unrealskillz06unrealskillz06 Member Posts: 37 ■■■□□□□□□□
    Blucodex said:
    unrealskillz06 said:
    Lol yep. How else are you supposed to get a job? 😂

    I just recently took GCIH and it briefly covers IR steps but I don't have work experience.
    Why did they bring you in for an interview?  Seems they should have known you were green.
    I dont know.  lol.  It was fun though.  Gave me some stuff to look up after the interview.  Its been a while since I've felt like crap after an interview :D
    · Share on FacebookShare on Twitter
  • Options
    unrealskillz06unrealskillz06 Member Posts: 37 ■■■□□□□□□□
    UnixGuy said:
    SANS GIAC GCFA is an excellent DFIR cert, it'll give you a lot of knowledge (this is how I broke into the field). Alternatively, if you don't want to pay for SANS, elearnsecurity has a DFIR cert as well



    I'll go check that elearn course out.  Thanks!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.