DFIR Training Blog



From DFIR Training, Happy Holidays!

From DFIR Training, Happy Holidays!

This is a short post to wish everyone Happy Holidays and talk a little about DFIR. I know that many of us will be working or on-call through the holidays because of the critical nature of our work. Still, take a breather, reflect on your world (only that which you have control), and keep your family and friend connections active!

Be ready for 2021

We get hacked all the time.  A breach here and a breach there. Millions upon millions of our personal data bits being stolen, leaked, and sold online. With the latest breach of Solarwinds , we are hitting the pinnacle of everything being compromised. Yes, practically everything has been compromised already. But there does come a point when government infrastructure and major consumer product manufacturers are compromised that we risk a major interruption to society, just because of computers.

I can foresee where DFIR will become part of normal conversations by the general public. I say this because DFIR is the solution to problems that the public has slowly begun to understand because it affects them personally in vast numbers.

Throughout my career and into 2020, when asked what I do, I get blank stares if I say, “digital forensics”. I have perfected a 15-second description that sums DF in a manner that is clear enough, but for 2021, I foresee the day when no description will be necessary. Much like “eye doctor” needs no description, I believe the DFIR field is almost there.

This will give DFIR hidden benefits beyond having to not explain what you do, but more in line with job descriptions getting better, school programs becoming even more focused in the sub-fields of DFIR, books following in line with these sub-fields, and expertise that fills every gap.

Who are you to be in 5 years?

I say this because we each have more options of where to focus in this field than ever before. Years back, I attended a (well-known) course that professed to make the students Computer Forensics experts in 5 days. That course no longer exists simply because it is impossible to crown someone a computer forensics expert in 5 days!

Today, we have choices of courses into the very nooks and crannies of DFIR.  Sure, we can be experts in Internet, but we can also be experts in Internet browsers or even an expert in a specific browser and version of that browser.

In 5 years, I have no idea what is coming up. I do know that it will be more options and opportunities, new skills, and new discoveries that create even more discoveries and opportunities. I know that I need to be ready and it is exciting!

A suggestion

Be ready every day for a problem to jump up in your face and practically begs you to solve it! Maybe you can solve a new (or old!) problem with a script or a process or a completely new software tool. Maybe you will be able to foresee a problem that does not exist yet, but surely will exist. Be ready for these things and be ready to spend time finding the solution.

Anyone at any stage of their career, including as an intern or student or 20-year experienced professor, can walk the same path of DFIR problems as everyone else every day. Most of us walk right past problems without recognizing any issues, but there are those who see something, pick it up, look at it, identify a problem, and figure it out. You don’t need a PhD or a decade of experience. You also don’t need tons of software. All you need is to be attentive to potential problems, receptive that you can solve them, and inventive to solutions that you create.

Lastly, but most importantly, be sure to share your time with someone in your life. Friends, family, or neighbor. It makes a difference and more than you can imagine.

Written by :Brett Shavers

{rscomments option="com_rsblog" id="145"}