All Things Entry Level Digital Forensics and Incident Response Engineer DFIR
ฝัง
- เผยแพร่เมื่อ 29 มิ.ย. 2024
- In this video we explore all things DFIR. Digital forensics and incident response (DFIR) is an aspect of blue teaming and represents both the triage and containment phase of an incident (IR) as well as the investigative understanding of what happened (DF).
I interview Brandon Poole a seasoned senior DFIR engineer with Soteria about what exactly DFIR does, what the job looks like, the pros and cons of the job and what you can do to learn skills to start working toward a job in that field.
This video is intended for folks looking to get into cybersecurity and wanting to learn more about different potential jobs in the field. I hope it brings you value and knowledge.
💪🏼VIDEO RESOURCES💪🏼
Harlan Carvey "Investigating Windows” Book: www.amazon.com/Investigating-...
DFIR.training Brett Shavers: www.dfir.training/
Autopsy: www.autopsy.com/
Sleuth kit: www.sleuthkit.org/
Brandon Poole on LinkedIn: / bcpoole
Twitter @panoptcy : / panoptcy
Soteria: soteria.io/
📱 Social Media
LinkedIn: / geraldauger
Twitter: / gerald_auger
TH-cam: / geraldauger
Discord: / discord
Twitch: / gerald_auger_simplycyber
🔥 My Curated Website of Free Cyber Resources
SimplyCyber.io
📷 🎙 💡 MY STUDIO SETUP
📷 Camera / Video
Sony Alpha a6400 amzn.to/2TZliEb
Sigma 30mm F1.4 amzn.to/3hEJFA2
Gonine AC-PW20 AC Adapter (for a6400) amzn.to/3wDZBqc
Fotga 52mm Slim Fader amzn.to/3khne5w
Boom Scissor Arm Stand amzn.to/3efSv5b
Logitech C922 Pro Stream Webcam 1080P amzn.to/3i8AI0B
BlueAVS HDMI to USB Video Capture Card 1080P amzn.to/3i5JAEk
Anker USB C to HDMI Adapter amzn.to/3kjjoJ4
60-Inch Lightweight Tripod amzn.to/36B5j1u
5X 6.5ft Portable Green Screen Chromakey Collapsible amzn.to/3efW9Mp
Glide Gear TMP100 Adjustable Teleprompter amzn.to/3B36DrZ
🎙 Audio
Blue Yeti Nano Premium USB Mic amzn.to/3efWcb3
BOYA BY-M1 3.5mm Electret Condenser Microphone amzn.to/3AZzJIN
Boom Scissor Arm Stand amzn.to/3efSv5b
Neewer Professional Microphone Pop Filter Shield amzn.to/3ekdZOi
💡 Lighting
UBeesize 10’’ LED Ring Light amzn.to/3i23qAm
Neewer Ring Light Kit:18"/48cm Outer 55W 5500K Dimmable LED Ring Light amzn.to/2U0slwo
Fovitec 2-Light High-Power Fluorescent Studio Lighting Kit amzn.to/36zDS8A
Neewer 2-Pack Dimmable 5600K USB LED amzn.to/3B0crCQ
Neewer 480 RGB Led Light amzn.to/2Vzwmbf
60-Inch Lightweight Tripod amzn.to/36B5j1u
🧑🏻💻 Workstation
2020 Apple Mac Mini with Apple M1 Chip amzn.to/3wybMVL
Logitech MX Master 3 Advanced Wireless Mouse amzn.to/3xFCkWp
Apple Magic Keyboard amzn.to/3ehMRiP
Huanuo Dual Monitor Stand Mount amzn.to/3keFZqc
Dell U2717D IPS 27" UltraSharp InfinityEdge Slim Widescreen amzn.to/36znqoG
USB C to SD Card Reader amzn.to/2VG1RRd
StarTech 2 Port USB C KVM Switchamzn.to/3efWoa7
Toshiba Canvio Basics 1TB Portable External Hard Drive USB 3.0 amzn.to/3hZOK4A
External Hard Drive Portable Carrying Case amzn.to/3r62XRM
Mountable Surge Protector Power Strip with USB 5 Outlets 3 USB Ports amzn.to/3wDmlqv
🥼 Raspberry Pi Lab
Raspberry SC15184 Pi 4 Model B 2019 Quad Core 64 Bit WiFi Bluetooth (2GB) amzn.to/3i61EhI
Miuzei Case for Raspberry Pi amzn.to/2Vzyrnz
Micro Center 32GB Class 10 Micro SDHC Flash Memory Card with Adapter amzn.to/3B0Qm6X
Micro HDMI to HDMI Cable 6FT amzn.to/3ekpiG3
👉 Some product links are affiliate links which means if you buy something SimplyCyber receives a small commission (but it all costs the same to you, so consider it supporting the channel 😉 )
🙌🏼 Donate
Like the channel and got value? Please consider supporting the channel
www.buymeacoffee.com/SimplyCyber
😎 Merch 😎
👉🏼 SimplyCyber Branded Gear: teespring.com/stores/simplycyber
🎥 Livestreams are produced through StreamYard.
$10 credit using my referral link below if you ever upgrade to pro plan.
streamyard.com?pal=6534222448689152
Disclaimer: All content reflects the thoughts and opinions of Gerald Auger and the speakers themselves, and are not affiliated with the employer of those individuals unless explicitly stated. - วิทยาศาสตร์และเทคโนโลยี
Brandon Poole helped get me a job in a blue team from a different video and now hes helping me to get a DFIR job. All these stories seriously help get into the mindset when it comes to interviews. Wish me luck :)
Best wishes and will def let Brandon know
Thank you for sharing such amazing content, Gerald. This really helped. My share of contributions to this video.
Timestamps
01:36 - Digital Forensics explained by Gerald's
02:28 - What is DFIR
04:20 - Why soft skills are important in DFIR
07:30 - Prons and Cons in DFIR
11:00 - How to get into entry-level DFIR
17:25 - Networking with Brandon Polle
:) thanks
Brandon Poole has some excellent words of wisdom, particularly relating to personal motivation and what to look for, and even how to sell yourself. Thank you Gerald!
Brandon is the best. Genuine and seasoned.
Amazing video. I am in my 3rd year in my Cyber Security and IT Support major. I love Digital Forensics so much.
That is awesome! Brandon was a really cool guest and full of interesting stories. Thanks for watching!
If DFIR resonates with you, check out this FREE (rare for SANS) conference on DFIR thats happening in a few weeks: SANS DFIR Summit DFIR Summit & Training 2020 - Live Online Virtual, US Eastern | Thu, Jul 16 - Sat, Jul 25, 2020 www.sans.org/event/digital-forensics-summit-2020/summit-agenda
This was an awesome interview.
Thank you for sharing such amazing content, Gerald
This is exactly what I was looking for. I'm starting a cybersecurity apprenticeship soon and the area of incident response is something that intrigues me. I was looking for some information on the role and what it entails. Awesome content!
Best wishes on the apprenticeship. Sounds like a great opportunity.
Just graduated with a B.S in Biology. I was Pre-med during undergrad, but now I'm rethinking med school altogether. So now I'm exploring other career options and cybersecurity has piqued my interest. I really enjoyed this video.
Thanks so much. Jump onto a few Cybersecurity discord servers; network with the folks, see what its about. Cheers.
I just got my BS in Computer Science, I have an associate's in Information Technology and I heavily concentrated on security and forensics for my electives all throughout it. Currently I'm working on my forensics certifications and looking at a masters in information security this fall. This interview is great I never would of thought my 20+ yrs of sales and customer support would be this helpful in this field this video has helped incredibly.
Thanks Grim! you're crushing it.
this was incredibly good, this is the kind of information I was looking for. I think there is much read-team information out there and easy to find, but good information on the blue side is kind of hidden. Big thanks!
Glad you enjoyed it. I'm trying to cover all aspects of industry and make sure everybody gets some love.
Agreed 100%, logs is where it at.
Excellent content!
Awesome video. I am about to start Cyber Security classes in January and think I hit a gold mine with your videos! Thanks for doing what you do!
You are going to love it. There is a world of opportunity within cyber. Stay in touch would love to know how your journey goes.
@@SimplyCyber yes sir. I definitely will! Thank you!!!
Great Info
first!
Great video man!
Thanks for the kind words Sanyuj.
@@SimplyCyber Thanks for helping out infosec man!
wow great video!!!
Another great video. Any resources you recommend to get started in network forensic?
Check the show notes above, everything Brandon mentioned has a link. Also check out the SANS DFIR in July the DFIR part is free. www.sans.org/event/digital-forensics-summit-2020/summit-agenda. Also, if network forensics is specifically what you want I did a video on Malwarey analysis and wireshark. just look on my channel, it was a few weeks ago. Thats all about network forensics. You can pull malicious PCAPS here: www.malware-traffic-analysis.net/. and start looking at them from a forensics perspective. Good Luck. (and thanks for watching /commenting)
I'd recommend Network Forensics by Jonathan Ham (www.amazon.com/Network-Forensics-Tracking-Hackers-Cyberspace/dp/0132564718) assuming you are already very familiar with packet analysis. If you are not familiar or confident with packet analysis, I would start with Practical Packet Analysis by Chris Sanders (www.amazon.com/Practical-Packet-Analysis-Wireshark-Real-World/dp/1593278020) or anything by Laura Chappell. Chris being a security practitioner uses a lot of security examples in his book, while Laura is a mixture of network troubleshooting and security.
Other books to look at in addition to Network Forensics would be The Practice of Network Security Monitoring by Richard Bejtlich (www.amazon.com/Practice-Network-Security-Monitoring-Understanding-dp-1593275099/dp/1593275099) and Applied Network Security Monitoring by Chris Sanders (www.amazon.com/Applied-Network-Security-Monitoring-Collection-ebook/dp/B00H3RWTIE)
This is great answers, can you please pin these.
Hi! Does when you mention artifacts left behind is it usually pertaining to things in the system? Does the forensic team ever deal with checking for Fingerprints? I like that type of stuff. Still trying to decide if I want to go into Soc Analyst or Forensics?
not physical fingerprints, but digital fingerprints. If a system connected to your system you may be able to determine what kind of system, mac address, etc. You may see where they pivoted into your organization or where they sent data out of your org for example. Its like a crime scene and you are trying to recreate it as best you can accurately.
Good content.
Thanks Arty! Appreciate you taking the time to let me know.
Should I start Digital Forensics with a BS in cloud computing or cybersecurity from WGU or just digital forensic itself from champlin college?
Really enjoyed thank you are you guys on LinkedIn?
Yes we are; lets connect!
Is this a good first job for someone coming out of college with aspirations to become a cyber security engineer?
It’s not impossible but soc analyst may be more likely if ur coming right if college. IR often times gets dropped into a situation and should have some Professional IT experience and a lil cyber experience to understand what’s going on in the environment that’s anomalous.
Cybersecuritymeg has a YT channel that talks about things like this and she manages IR professionals; she may be able to give a different perspective answer.
@@SimplyCyber Thank you! I will checkout her channel asap.
what federal agencies has DFRI?
Computer science or cybersecurity for forensics?
Gotta lean computer science. Forensics is post mortem; dealing with artifacts and analysis. Understanding network protocols, operating systems, file structures , and program structures will serve your analysis. I love cyber so don’t misunderstand, but knowing how to build a cyber program (actual program not software), compliance , active incident response, and threat intelligence is a far 2nd skill to helping you be good at digital forensics.
@@SimplyCyber Thanks a lot I really appreciate it!
I would love to engage with you too 🤩🤩😍😍😍