Just got killed for a DFIR job
unrealskillz06
Member Posts: 37 ■■■□□□□□□□
As crazy as it sounds it was a great experience though. I couldn't remember anything!
A lot of my background comes exclusively from networking and they weren't giving me any outs to use that experience. It was all forensics questions. How do you guys break into that field?!?!
Comments
-
Danielm7 Member Posts: 2,310 ■■■■■■■■□□I'll go with the obvious question, you have zero DF experience or training and interviewed for a DFIR job?
-
unrealskillz06 Member Posts: 37 ■■■□□□□□□□Lol yep. How else are you supposed to get a job? 😂
I just recently took GCIH and it briefly covers IR steps but I don't have work experience. -
JDMurray Admin Posts: 13,101 AdminIt is unlikely you will find a DFIR job that will entirely train you for even a junior-level position (unless it's in a lab imaging hard drives for $15/hr). You would need to have some prior expertise in an area(s) that the DFIR group was so lacking that they decide to hire you anyway (e.g., Malware reverse engineering). You could also get a job in a large corporation in a different role and then figure out how to move into the DF or IR teams.
There is really no formal course of study for an IR investigator. You can take digital forensic classes at local colleges, study for the more basic DF certifications, and even get a DF degree. Remember that forensics is all about presenting evidence in court, so legal and law enforcement experience is a huge plus, especially when it comes to performing investigations and producing casework documentation. Remember, if you aren't documenting then you aren't doing DFIR. -
Blucodex Member Posts: 430 ■■■■□□□□□□unrealskillz06 said:Lol yep. How else are you supposed to get a job? 😂
I just recently took GCIH and it briefly covers IR steps but I don't have work experience. -
UnixGuy Mod Posts: 4,570 ModSANS GIAC GCFA is an excellent DFIR cert, it'll give you a lot of knowledge (this is how I broke into the field). Alternatively, if you don't want to pay for SANS, elearnsecurity has a DFIR cert as well
-
unrealskillz06 Member Posts: 37 ■■■□□□□□□□Blucodex said:unrealskillz06 said:Lol yep. How else are you supposed to get a job? 😂
I just recently took GCIH and it briefly covers IR steps but I don't have work experience. -
unrealskillz06 Member Posts: 37 ■■■□□□□□□□UnixGuy said:SANS GIAC GCFA is an excellent DFIR cert, it'll give you a lot of knowledge (this is how I broke into the field). Alternatively, if you don't want to pay for SANS, elearnsecurity has a DFIR cert as well