Brandon Poole helped get me a job in a blue team from a different video and now hes helping me to get a DFIR job. All these stories seriously help get into the mindset when it comes to interviews. Wish me luck :)
Brandon Poole has some excellent words of wisdom, particularly relating to personal motivation and what to look for, and even how to sell yourself. Thank you Gerald!
Just graduated with a B.S in Biology. I was Pre-med during undergrad, but now I'm rethinking med school altogether. So now I'm exploring other career options and cybersecurity has piqued my interest. I really enjoyed this video.
this was incredibly good, this is the kind of information I was looking for. I think there is much read-team information out there and easy to find, but good information on the blue side is kind of hidden. Big thanks!
Thank you for sharing such amazing content, Gerald. This really helped. My share of contributions to this video. Timestamps 01:36 - Digital Forensics explained by Gerald's 02:28 - What is DFIR 04:20 - Why soft skills are important in DFIR 07:30 - Prons and Cons in DFIR 11:00 - How to get into entry-level DFIR 17:25 - Networking with Brandon Polle
If DFIR resonates with you, check out this FREE (rare for SANS) conference on DFIR thats happening in a few weeks: SANS DFIR Summit DFIR Summit & Training 2020 - Live Online Virtual, US Eastern | Thu, Jul 16 - Sat, Jul 25, 2020 www.sans.org/event/digital-forensics-summit-2020/summit-agenda
It’s not impossible but soc analyst may be more likely if ur coming right if college. IR often times gets dropped into a situation and should have some Professional IT experience and a lil cyber experience to understand what’s going on in the environment that’s anomalous. Cybersecuritymeg has a YT channel that talks about things like this and she manages IR professionals; she may be able to give a different perspective answer.
Hi! Does when you mention artifacts left behind is it usually pertaining to things in the system? Does the forensic team ever deal with checking for Fingerprints? I like that type of stuff. Still trying to decide if I want to go into Soc Analyst or Forensics?
not physical fingerprints, but digital fingerprints. If a system connected to your system you may be able to determine what kind of system, mac address, etc. You may see where they pivoted into your organization or where they sent data out of your org for example. Its like a crime scene and you are trying to recreate it as best you can accurately.
Gotta lean computer science. Forensics is post mortem; dealing with artifacts and analysis. Understanding network protocols, operating systems, file structures , and program structures will serve your analysis. I love cyber so don’t misunderstand, but knowing how to build a cyber program (actual program not software), compliance , active incident response, and threat intelligence is a far 2nd skill to helping you be good at digital forensics.
This is exactly what I was looking for. I'm starting a cybersecurity apprenticeship soon and the area of incident response is something that intrigues me. I was looking for some information on the role and what it entails. Awesome content!
Check the show notes above, everything Brandon mentioned has a link. Also check out the SANS DFIR in July the DFIR part is free. www.sans.org/event/digital-forensics-summit-2020/summit-agenda. Also, if network forensics is specifically what you want I did a video on Malwarey analysis and wireshark. just look on my channel, it was a few weeks ago. Thats all about network forensics. You can pull malicious PCAPS here: www.malware-traffic-analysis.net/. and start looking at them from a forensics perspective. Good Luck. (and thanks for watching /commenting)
I'd recommend Network Forensics by Jonathan Ham (www.amazon.com/Network-Forensics-Tracking-Hackers-Cyberspace/dp/0132564718) assuming you are already very familiar with packet analysis. If you are not familiar or confident with packet analysis, I would start with Practical Packet Analysis by Chris Sanders (www.amazon.com/Practical-Packet-Analysis-Wireshark-Real-World/dp/1593278020) or anything by Laura Chappell. Chris being a security practitioner uses a lot of security examples in his book, while Laura is a mixture of network troubleshooting and security.
Other books to look at in addition to Network Forensics would be The Practice of Network Security Monitoring by Richard Bejtlich (www.amazon.com/Practice-Network-Security-Monitoring-Understanding-dp-1593275099/dp/1593275099) and Applied Network Security Monitoring by Chris Sanders (www.amazon.com/Applied-Network-Security-Monitoring-Collection-ebook/dp/B00H3RWTIE)
I just got my BS in Computer Science, I have an associate's in Information Technology and I heavily concentrated on security and forensics for my electives all throughout it. Currently I'm working on my forensics certifications and looking at a masters in information security this fall. This interview is great I never would of thought my 20+ yrs of sales and customer support would be this helpful in this field this video has helped incredibly.
