Bringing in some extensive knowledge to the week 3 theme of Cybersecurity Awareness Month, (“Cybersecurity Career Awareness”), Elan Wright, aka DFIR Diva, dives into some ways you may be interested in getting started in the DFIR field in this guest blog. Want to hear more from Elan in her chat with Jessica Hyde? Check out this recent episode of Cache Up.
Cyber Forensics typically involves computer forensics, network forensics, memory forensics, and log analysis. There are different job roles that conduct cyber forensics investigations.
Many are part of a SOC (Security Operations Center), CSIRT (Computer Security Incident Response Team), or CERT (Computer Emergency Response/Readiness Team). Some of the job titles involved in cyber forensics are Incident Response Analyst, Incident Response Consultant, Forensic Analyst, Forensics & Incident Response Security Engineer, or SOC Analyst (Typically Level 2 or 3). Some companies have people who specialize in forensics. In other companies, you might go through all phases of incident response. In addition to forensics, this could include responding to alerts, malware analysis, email analysis, creating and maintaining playbooks, threat hunting, and creating scripts to work with tools or to automate tasks.
People involved in cyber forensics might work internally for their organization, work in a SOC or MSSP (Managed Security Service Provider) that conducts investigations for clients or may get called out to client sites to conduct investigations.
Experience and Certification Requirements
The majority of the jobs I’ve seen that are entry level to cyber forensics require some form of previous IT (Information Technology) experience such as networking, help desk, or system administration.
As far as certifications, they can vary by job role and location. The best thing to do is research job postings in your area to see what certifications your dream role requires.
If you’re interested in cyber forensics it helps to know the basics of IT, cybersecurity, networking, and scripting. If you don’t have an IT related degree, there is free training available for the basics as well as for cyber forensics to get you started.
Publicly Share What You’re Learning
While you’re learning, it helps to create a blog and write about your progress or any projects you started as a result of what you’ve learned. You can post it on social media (there is a large forensics community on Twitter) to get your name out there, and it can also be something to show potential employers. For more ideas on sharing in the Digital Forensics & Incident Response (DFIR) community, check out Ways to Share in DFIR.
In addition to a Digital Forensics Discord server with a large community, there are Digital Forensics and Incident Response conferences that occur throughout the year both in person and virtual where you can network with others.
To learn more, DFIR Diva has a lot of great resources available, including a blog, links to training and planning sites, and more. And to learn more about how you can bring DFIR to Cybersecurity Awareness Month, check out this page.