Just got killed for a DFIR job

As crazy as it sounds it was a great experience though. I couldn't remember anything!

A lot of my background comes exclusively from networking and they weren't giving me any outs to use that experience. It was all forensics questions. How do you guys break into that field?!?!

Find more posts tagged with

Comments

Danielm7

I'll go with the obvious question, you have zero DF experience or training and interviewed for a DFIR job?

unrealskillz06

Lol yep. How else are you supposed to get a job? 😂

I just recently took GCIH and it briefly covers IR steps but I don't have work experience.

JDMurray

It is unlikely you will find a DFIR job that will entirely train you for even a junior-level position (unless it's in a lab imaging hard drives for $15/hr). You would need to have some prior expertise in an area(s) that the DFIR group was so lacking that they decide to hire you anyway (e.g., Malware reverse engineering). You could also get a job in a large corporation in a different role and then figure out how to move into the DF or IR teams.

There is really no formal course of study for an IR investigator. You can take digital forensic classes at local colleges, study for the more basic DF certifications, and even get a DF degree. Remember that forensics is all about presenting evidence in court, so legal and law enforcement experience is a huge plus, especially when it comes to performing investigations and producing casework documentation. Remember, if you aren't documenting then you aren't doing DFIR.

Blucodex

unrealskillz06 said:

Lol yep. How else are you supposed to get a job? 😂

I just recently took GCIH and it briefly covers IR steps but I don't have work experience.

Why did they bring you in for an interview? Seems they should have known you were green.

UnixGuy

SANS GIAC GCFA is an excellent DFIR cert, it'll give you a lot of knowledge (this is how I broke into the field). Alternatively, if you don't want to pay for SANS, elearnsecurity has a DFIR cert as well

unrealskillz06

Blucodex said:

unrealskillz06 said:

Lol yep. How else are you supposed to get a job? 😂

I just recently took GCIH and it briefly covers IR steps but I don't have work experience.

Why did they bring you in for an interview? Seems they should have known you were green.

I dont know. lol. It was fun though. Gave me some stuff to look up after the interview. Its been a while since I've felt like crap after an interview

unrealskillz06

UnixGuy said:

SANS GIAC GCFA is an excellent DFIR cert, it'll give you a lot of knowledge (this is how I broke into the field). Alternatively, if you don't want to pay for SANS, elearnsecurity has a DFIR cert as well

I'll go check that elearn course out. Thanks!