10 Ways to Stay Current in DFIR

By Jessica Hyde, Director, Forensics

I was asked recently what resources I think are most useful to helping a digital forensics and incident response professional stay current in DFIR, because there is so much information. In this post I’ve compiled a list of 10 of those resources that I personally use to try to stay current.

1. Training. If you can, attend a training course! The students in this week’s AXIOM 200 course at our training facility in Herndon, VA inspired this post.
2. DFIR.training. Looking to find information about a specific artifact or to find training in your area? Check out DFIR.training. Brett Shavers (@Brett_Shavers) maintains a wealth of information on this site including tools, trainings, cheat sheets, templates and more. I am currently really digging the artifact resources on DFIR.training.
3. aboutDFIR.com. Another great comprehensive resource. aboutDFIR.com has a variety of information including research ideas and DFIR job listings, as well as great overview documents from site curators Mary Ellen Kennel (@icanhaspii) and Devon Ackerman (@aboutdfir). These documents include “A to Z” resources on topics ranging from IR to iOS to cloud exposure, data loss prevention and IR.
4. thisweekin4n6com. Each and every week, Phill Moore (@phillmoore) assembles a list with a description of the content that the community puts out. thisweekin4n6.com typically comes out Sunday morning if you are on the US East Coast. From there, select the articles that are of interest or pertain to you. Phill also offers a monthly roundup podcast if you prefer that format.
5. Forensic Lunch. Subscribe and watch this YouTube broadcast when it airs or view/listen to an episode afterwards. “Test kitchen” episodes are some of my favorites. David Cowen (@HECFblog) and Matt Seyer (@forensic_matt) share with us two Fridays a month.
6. #DFIR Twitter. All the newest stuff hits here first. If you follow me @B1N2H3X, I have a DFIR list there that can get you started on who to follow.
7. DFIR CTFs. Consider doing a digital forensics-based CTF. You can learn a lot doing these challenges. You can try the one David Cowen and Matt Seyer hosted at the Magnet User Summit this year, or the one they hosted at DEFCON. SANS DFIR Netwars Tournaments are available at SANS events or online. You can also do an old challenge. There are several listed on aboutDFIR, as well as on the NIST CFReDS site.
8. Digital Forensic Survival Podcast (DFSP). Each week Michael (@DFIRPodcast) puts out this short podcast that frequently dives into forensic artifacts. Great for commute times.
9. Listservs. Read listservs and forums if you get a chance. This could include community listservs that you are a member (e.g. IACIS, HTCIA, SANS) or could be reading forums such as on Forensic Focus or the /r/computerforensics on Reddit.
10. Be curious. Rip your own devices and test things. This is one of the best ways to stay up to date. As you discover new things, share with the community if you are so inclined.

Questions or comments? More ways to stay current? Reach out to Jessica at: Jessica.Hyde@magnetforensics.com