Home 0P3N Blog How To Become A DFIR Engineer
Ready to Start Your Career?
Create Free Account
Dustin Sachss profile image
By: Dustin Sachs
November 13, 2020

How To Become A DFIR Engineer

By: Dustin Sachs
November 13, 2020
Dustin Sachss profile image
By: Dustin Sachs
November 13, 2020

Digital forensics and incident response (DFIR) is an area of technology that has gained much attention in the last twenty years. From shows like CSI and NCIS, the field of digital forensics has been glamorized and depicted as a field that can solve mysteries and catch criminals in the span of 47 minutes. These shows' precision and technology would make anyone think that it is ripped from a page of an Ian Fleming spy novel.

An often asked question on social media is, “How do I become a DFIR Analyst?” This question, if asked to 10 professionals, will result in 12 answers. However, there are several key tips that all DFIR analysts will provide or paths that these professionals took to achieve their current positions. There is the academic route, the professional development route, and the certification route.

The Academic Route

Starting in the early 2000’s several schools throughout the country decided to offer undergraduate and graduate programs in computer forensics. These finite programs have since developed into hundreds of undergraduate, graduate, and doctoral programs at universities from Florida to California. Students learn both theory and technologies on the academic route while applying and learning through case studies and practical applications.

This route is good for people who have no technological or forensics experience, particularly the younger age groups and those who have limited professional experience. However, this route can be expensive and requires a significant time commitment that may limit employment opportunities during the academic year. Still, it often satisfies the requirements for entry-level positions.

The Professional Development Route

For those with at least a few years of professional IT experience, formalized education may not be necessary. This also often applies to those who have military experience. For these people, there are significant training programs offered by institutions like SANS, ISACA, ISC2. These programs often assume a basic or intermediate knowledge of forensic and incident response. This route also leverages many of the tips that will be discussed later in this article.

This route is good for people who have some professional experience, have served in other roles with IT and technology, or are transitioning from other fields. However, this route requires a strong professional network, time commitment beyond the normal business day. It may require a significant financial outlay that can not be paid for through loans and scholarships.

 
Start With The "DFIR Investigations and Witness Testimony" Course >>

 

The Certification Route

The value of obtaining certifications and validation of skills from organizations can not be understated. Several research reports have been conducted to confirm a tangible financial incentive to obtain certain certifications. This is true in IT, DFIR, and many other non-tech related industries. By no means is it advocated that professionals obtain every certification available. Nor is it advocated that one certification is better than another. The certification route's measure and value come from obtaining the right mix and appropriate certifications for the desired professional route. Obtaining the Certified Computer Examiner (CCE) designation makes more sense for a DFIR professional while obtaining the Offensive Security Certified Professional (OSCP) certification makes more sense for a penetration tester.

Regardless of the route chosen, there are several key tips and practices that all professionals wanting to be a DFIR analyst should follow:

1. Strategically build your social network One of the easiest ways to land your first or any subsequent position within DFIR is to have a strong network of people who will funnel job openings, write recommendations, or connect a person with a hiring manager. Target people, you know first. Then ask those people to introduce people from their network to target companies. Ensure that content is regularly posted to social media profiles and that relevancy and top of mind status occur.

2. Be Inquisitive The hallmark of a good DFIR analyst is that they never settle for an answer. The best of the best ask why or investigate a hypothesis until they find the answer or until no further questions can be asked.

3. Read, Read, Read The speed with which technology changes is staggering. It is impossible to stay abreast of these rapid changes without constantly reading mainstream news, specialized periodicals, journals, and industry generated reports and books. A strong DFIR professional is always reading and absorbing new information.

4. Keep Resumes and CV Updated It is impossible to know when the next opportunity will present itself. One of DFIR analyst's strengths is that they are always thinking a few steps ahead and prepared for what they might encounter. Keeping resumes and CVs updated ensures preparation when an opportunity for employment or development of personal branding occurs.

5. Think Logically Logic and reasoning are two elements of the scientific process that makes DFIR forensic science. It is important to consider how a person might interact with a computer or digital device and apply logic to determine specific behavior. Additionally, applying logic will ensure that the investigative process is completed in a timely and expeditious manner, two elements that clients or stakeholders value greatly.

6. Leverage Free and Reduced-Cost Training, Conferences, and Resources Along the same line as the advice to constantly be reading, one of the advantages and benefits of the DFIR community is the breadth of free and reduced-cost training, conferences, and other resources. Particularly in this COVID-19 world, the opportunities for free or low-cost training from vendors like Cybrary. Free and reduced cost virtual conferences like Hou.Sec.Con and ISC2 Security Conference and other upcoming conferences offer an opportunity for professional education and virtual networking that might otherwise be cost-prohibitive. Resources like Google and those that can be accessed from public libraries or libraries at local universities should also not be overlooked.

The market for DFIR professionals is by no means shrinking. Research and statistics say the exact opposite. By leveraging tenacity and drive, anyone who wants to become a DFIR analyst can achieve that goal.

Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry