Just found this video while searching for DFIR content on Gerry's channel and WOW - packed with so much great info and still relevant for those seeking to get started today in DFIR. Loved hearing from Brandon!
Brandon Poole helped get me a job in a blue team from a different video and now hes helping me to get a DFIR job. All these stories seriously help get into the mindset when it comes to interviews. Wish me luck :)
Thank you for sharing such amazing content, Gerald. This really helped. My share of contributions to this video. Timestamps 01:36 - Digital Forensics explained by Gerald's 02:28 - What is DFIR 04:20 - Why soft skills are important in DFIR 07:30 - Prons and Cons in DFIR 11:00 - How to get into entry-level DFIR 17:25 - Networking with Brandon Polle
Brandon Poole has some excellent words of wisdom, particularly relating to personal motivation and what to look for, and even how to sell yourself. Thank you Gerald!
Just graduated with a B.S in Biology. I was Pre-med during undergrad, but now I'm rethinking med school altogether. So now I'm exploring other career options and cybersecurity has piqued my interest. I really enjoyed this video.
I just got my BS in Computer Science, I have an associate's in Information Technology and I heavily concentrated on security and forensics for my electives all throughout it. Currently I'm working on my forensics certifications and looking at a masters in information security this fall. This interview is great I never would of thought my 20+ yrs of sales and customer support would be this helpful in this field this video has helped incredibly.
This is exactly what I was looking for. I'm starting a cybersecurity apprenticeship soon and the area of incident response is something that intrigues me. I was looking for some information on the role and what it entails. Awesome content!
If DFIR resonates with you, check out this FREE (rare for SANS) conference on DFIR thats happening in a few weeks: SANS DFIR Summit DFIR Summit & Training 2020 - Live Online Virtual, US Eastern | Thu, Jul 16 - Sat, Jul 25, 2020 www.sans.org/event/digital-forensics-summit-2020/summit-agenda
this was incredibly good, this is the kind of information I was looking for. I think there is much read-team information out there and easy to find, but good information on the blue side is kind of hidden. Big thanks!
Check the show notes above, everything Brandon mentioned has a link. Also check out the SANS DFIR in July the DFIR part is free. www.sans.org/event/digital-forensics-summit-2020/summit-agenda. Also, if network forensics is specifically what you want I did a video on Malwarey analysis and wireshark. just look on my channel, it was a few weeks ago. Thats all about network forensics. You can pull malicious PCAPS here: www.malware-traffic-analysis.net/. and start looking at them from a forensics perspective. Good Luck. (and thanks for watching /commenting)
I'd recommend Network Forensics by Jonathan Ham (www.amazon.com/Network-Forensics-Tracking-Hackers-Cyberspace/dp/0132564718) assuming you are already very familiar with packet analysis. If you are not familiar or confident with packet analysis, I would start with Practical Packet Analysis by Chris Sanders (www.amazon.com/Practical-Packet-Analysis-Wireshark-Real-World/dp/1593278020) or anything by Laura Chappell. Chris being a security practitioner uses a lot of security examples in his book, while Laura is a mixture of network troubleshooting and security.
Other books to look at in addition to Network Forensics would be The Practice of Network Security Monitoring by Richard Bejtlich (www.amazon.com/Practice-Network-Security-Monitoring-Understanding-dp-1593275099/dp/1593275099) and Applied Network Security Monitoring by Chris Sanders (www.amazon.com/Applied-Network-Security-Monitoring-Collection-ebook/dp/B00H3RWTIE)
It’s not impossible but soc analyst may be more likely if ur coming right if college. IR often times gets dropped into a situation and should have some Professional IT experience and a lil cyber experience to understand what’s going on in the environment that’s anomalous. Cybersecuritymeg has a YT channel that talks about things like this and she manages IR professionals; she may be able to give a different perspective answer.
Hi! Does when you mention artifacts left behind is it usually pertaining to things in the system? Does the forensic team ever deal with checking for Fingerprints? I like that type of stuff. Still trying to decide if I want to go into Soc Analyst or Forensics?
not physical fingerprints, but digital fingerprints. If a system connected to your system you may be able to determine what kind of system, mac address, etc. You may see where they pivoted into your organization or where they sent data out of your org for example. Its like a crime scene and you are trying to recreate it as best you can accurately.
Gotta lean computer science. Forensics is post mortem; dealing with artifacts and analysis. Understanding network protocols, operating systems, file structures , and program structures will serve your analysis. I love cyber so don’t misunderstand, but knowing how to build a cyber program (actual program not software), compliance , active incident response, and threat intelligence is a far 2nd skill to helping you be good at digital forensics.
Just found this video while searching for DFIR content on Gerry's channel and WOW - packed with so much great info and still relevant for those seeking to get started today in DFIR. Loved hearing from Brandon!
Appreciate it. Love having a video for that. And Brandon is a legend
Brandon Poole helped get me a job in a blue team from a different video and now hes helping me to get a DFIR job. All these stories seriously help get into the mindset when it comes to interviews. Wish me luck :)
Best wishes and will def let Brandon know
Thank you for sharing such amazing content, Gerald. This really helped. My share of contributions to this video.
Timestamps
01:36 - Digital Forensics explained by Gerald's
02:28 - What is DFIR
04:20 - Why soft skills are important in DFIR
07:30 - Prons and Cons in DFIR
11:00 - How to get into entry-level DFIR
17:25 - Networking with Brandon Polle
:) thanks
Brandon Poole has some excellent words of wisdom, particularly relating to personal motivation and what to look for, and even how to sell yourself. Thank you Gerald!
Brandon is the best. Genuine and seasoned.
Just graduated with a B.S in Biology. I was Pre-med during undergrad, but now I'm rethinking med school altogether. So now I'm exploring other career options and cybersecurity has piqued my interest. I really enjoyed this video.
Thanks so much. Jump onto a few Cybersecurity discord servers; network with the folks, see what its about. Cheers.
I just got my BS in Computer Science, I have an associate's in Information Technology and I heavily concentrated on security and forensics for my electives all throughout it. Currently I'm working on my forensics certifications and looking at a masters in information security this fall. This interview is great I never would of thought my 20+ yrs of sales and customer support would be this helpful in this field this video has helped incredibly.
Thanks Grim! you're crushing it.
Amazing video. I am in my 3rd year in my Cyber Security and IT Support major. I love Digital Forensics so much.
That is awesome! Brandon was a really cool guest and full of interesting stories. Thanks for watching!
This is exactly what I was looking for. I'm starting a cybersecurity apprenticeship soon and the area of incident response is something that intrigues me. I was looking for some information on the role and what it entails. Awesome content!
Best wishes on the apprenticeship. Sounds like a great opportunity.
If DFIR resonates with you, check out this FREE (rare for SANS) conference on DFIR thats happening in a few weeks: SANS DFIR Summit DFIR Summit & Training 2020 - Live Online Virtual, US Eastern | Thu, Jul 16 - Sat, Jul 25, 2020 www.sans.org/event/digital-forensics-summit-2020/summit-agenda
this was incredibly good, this is the kind of information I was looking for. I think there is much read-team information out there and easy to find, but good information on the blue side is kind of hidden. Big thanks!
Glad you enjoyed it. I'm trying to cover all aspects of industry and make sure everybody gets some love.
Awesome video. I am about to start Cyber Security classes in January and think I hit a gold mine with your videos! Thanks for doing what you do!
You are going to love it. There is a world of opportunity within cyber. Stay in touch would love to know how your journey goes.
@@SimplyCyber yes sir. I definitely will! Thank you!!!
Agreed 100%, logs is where it at.
Thank you for sharing such amazing content, Gerald
This was an awesome interview.
Another great video. Any resources you recommend to get started in network forensic?
Check the show notes above, everything Brandon mentioned has a link. Also check out the SANS DFIR in July the DFIR part is free. www.sans.org/event/digital-forensics-summit-2020/summit-agenda. Also, if network forensics is specifically what you want I did a video on Malwarey analysis and wireshark. just look on my channel, it was a few weeks ago. Thats all about network forensics. You can pull malicious PCAPS here: www.malware-traffic-analysis.net/. and start looking at them from a forensics perspective. Good Luck. (and thanks for watching /commenting)
I'd recommend Network Forensics by Jonathan Ham (www.amazon.com/Network-Forensics-Tracking-Hackers-Cyberspace/dp/0132564718) assuming you are already very familiar with packet analysis. If you are not familiar or confident with packet analysis, I would start with Practical Packet Analysis by Chris Sanders (www.amazon.com/Practical-Packet-Analysis-Wireshark-Real-World/dp/1593278020) or anything by Laura Chappell. Chris being a security practitioner uses a lot of security examples in his book, while Laura is a mixture of network troubleshooting and security.
Other books to look at in addition to Network Forensics would be The Practice of Network Security Monitoring by Richard Bejtlich (www.amazon.com/Practice-Network-Security-Monitoring-Understanding-dp-1593275099/dp/1593275099) and Applied Network Security Monitoring by Chris Sanders (www.amazon.com/Applied-Network-Security-Monitoring-Collection-ebook/dp/B00H3RWTIE)
This is great answers, can you please pin these.
Should I start Digital Forensics with a BS in cloud computing or cybersecurity from WGU or just digital forensic itself from champlin college?
what federal agencies has DFRI?
I got a interview for this role next week any tips ?
I am a digital forensics enthusiast. I was wondering if you could recommend the best certification for me ?
Excellent content!
Is this a good first job for someone coming out of college with aspirations to become a cyber security engineer?
It’s not impossible but soc analyst may be more likely if ur coming right if college. IR often times gets dropped into a situation and should have some Professional IT experience and a lil cyber experience to understand what’s going on in the environment that’s anomalous.
Cybersecuritymeg has a YT channel that talks about things like this and she manages IR professionals; she may be able to give a different perspective answer.
@@SimplyCyber Thank you! I will checkout her channel asap.
Would you recommend solving labs on platforms like CyberDefenders, THM, etc.. even if I’m just starting out?
for sure. those platforms are great and putting in scaffolding to aid you in instruction.
first!
Great video man!
Thanks for the kind words Sanyuj.
@@SimplyCyber Thanks for helping out infosec man!
Hi! Does when you mention artifacts left behind is it usually pertaining to things in the system? Does the forensic team ever deal with checking for Fingerprints? I like that type of stuff. Still trying to decide if I want to go into Soc Analyst or Forensics?
not physical fingerprints, but digital fingerprints. If a system connected to your system you may be able to determine what kind of system, mac address, etc. You may see where they pivoted into your organization or where they sent data out of your org for example. Its like a crime scene and you are trying to recreate it as best you can accurately.
Computer science or cybersecurity for forensics?
Gotta lean computer science. Forensics is post mortem; dealing with artifacts and analysis. Understanding network protocols, operating systems, file structures , and program structures will serve your analysis. I love cyber so don’t misunderstand, but knowing how to build a cyber program (actual program not software), compliance , active incident response, and threat intelligence is a far 2nd skill to helping you be good at digital forensics.
@@SimplyCyber Thanks a lot I really appreciate it!
Really enjoyed thank you are you guys on LinkedIn?
Yes we are; lets connect!
Great Info
Good content.
Thanks Arty! Appreciate you taking the time to let me know.
wow great video!!!
I would love to engage with you too 🤩🤩😍😍😍