Getting Into Digital Forensics

I am interested in getting into the digital forensics field. I have taken a few classes, and I did a short stint at a firm, but I have little experience outside of that. Most of wha to do know is centered around the capture and analysis of drives and devices with tools like EnCase and FTK.

I'd like to get some suggestions for people who are experienced in the field to find out how they got into doing what they do and any suggestions for someone just starting out.

1 Posts
In 2012 I took the FOR408 class (Windows forensic analysis), which helped me a bit on the incident response side. What do you want to get into, though? Digital Forensics is useful for legal investigations and incident response. I usually associate EnCase and FTK with law enforcement and criminal investigations. Which area are you more interested in? Brad

438 Posts
ISC Handler

I've been a web application and database developer for years, and have always inherited some of the network/platform security and management tasks. As I've dug into ways to harden my systems and some rudimentary IR, I've come to like that more than the development roles that I've been doing.

I am in the middle of the FOR408 class (taking my GCFE next month) and have my Security+. I am interested in the security, eDiscovery and forensics aspects, heading towards certs like GCIA, GCIH & GCFA.

Do you have suggestions for what steps to take to get more experience?


1 Posts

Hoping an answer is still of interest to this thread, I would suggest to read this very interesting post from Scott J. Roberts "Introduction to DFIR"

He goes through the different area of digital forensics (memory, network, etc.), highlighting which are the skills required for each, pointing also to some useful resources. I think it is a very useful post, even more for those who are just getting into this great field.

Enjoy the reading.

Pasquale Stirparo

18 Posts

Sign Up for Free or Log In to start participating in the conversation!