Time
4 hours 21 minutes
Difficulty
Beginner
CEU/CPE
5

Video Transcription

00:02
different tools that are in use. Some O S s I am, which is a very, very popular open source tool from alien volt snort, which is an intrusion detection system opened Voss, which is a vulnerability scanner. So basically, we're looking for weaknesses in different systems. O. C s inventory, as the name implies, allows us to track our inventory. So, for example, things like routers,
00:22
switches,
00:23
wireless access points. So that way, we can kind of keep an eye on and say, Hey, you know what happened to the wireless access point we used to have in the closet? You know, we know that, Hey, we've left it in there. We should probably take that down because
00:35
and then see if there's a a forensic tool from the Sands Institute. That actually is kind of a package of tools that allows you to do a forensic investigation. Now again, we're gonna be kind of deep diving into different forensic tools as we go through the actual incident response in forensic model model. So I don't want to touch on it too much here. But these are some common tools
00:54
that are in use. There's a whole lot of other ones,
00:56
especially on the forensic side of the House, sues me, for example, like F g K imager wth e autopsy platform as well. So there's a lot of different ones. As I mentioned in forensics. If you ever take, if you ever get the urge not to think the EEC counsel ch EF eye exam, the certain that I have
01:15
there's, like over 300 tools tested, so
01:19
not to scare you away. But there's a lot of tools to know.
01:22
Joe's chuckling in the back. It's absolute mayhem happening. It is, it is, and most of them you'll never use, like the very obscure tools. But just just see another out there. A typical day, right, so into incident responsible for Reddick. So I kind of focus is more on incident response because that's amore common job role
01:42
that you'll find out there and then I'll touch on a little bit of like a forensics investigator. Typical day.
01:47
So typical day, you know, performing the risk assessment. So let's mention, like vulnerability scanning, you know, different risk, like analyzing. What are the critical business systems that the company is using and are they vulnerable to certain things
01:59
monitoring or getting alerted to abnormal behavior. So again, the never considers our critical there to say, Hey, wait, This doesn't look right, right? This is not the normal story or movie script of our network. Let me tell the incident response person so they can take a look and see what's going on.
02:13
Suspicious activities. So, for example, if I you know, if we noticed that Joe was downloading a lot of photos of my calf, that may be suspicious, maybe I haven't learnt on that. And I can go. Hey, what you doing, man? You know, and he says, Oh, I'm just doing it for my power point. I say, Okay, cool. But at least somebody's reported it. You know, that kind of goes back to that. See something? Say something as you always hear. Like,
02:31
you know, th s for FBI. Saying,
02:34
see, if you see something, say something along those lines as well, right? So we want encourage our end users to tell us if something doesn't look right. So we could come investigate
02:43
a CZ I mentioned we do have a career path, so that's actually the stock analyst for Security Operations center and a list. We'll talk about that in just a moment, but that's kind of the main career path of
02:53
response. That's one of the main jobs that you'll actually be doing. And you'll kind of start out as a sock like junior analyst on you. As you move through into the more mid into advanced level, you're kind of branch off into the incident response. And a lot of stock analyst that air at a senior level are actually working as an incident responders.
03:12
And then a lot of people that are actually like an individual
03:15
incident, response roll or part of a team they'll actually manage, like kind of senior level stock people. So again, it's kind of a natural progression through the different job pools
03:23
now is it? And I want to address because I know somewhere there's a stock analyst watching this video, screaming in there at the computer. It's sort of a frog Stone situations like not all stock analysts are forensic investigators or Internet responders. But all instant responders have sucking stock analyst backgrounds,
03:40
which is why the incident, response and forensics is built off of our song career path.
03:45
Because all of those skills are what you're going to use is an instant. Exactly, Exactly. So, yeah. Connect us to what Joyce said. So basically, the stock analyst career path is gonna prepare you not just for stock analyst, but also incident response jobs and forensic job. This will. So obviously, you need a little experience to get, like, a forensics investigator job. Unless you go in the Navy like Joe
04:04
on, and then they may have something for you.
04:06
But you also have to swim and stuff like that. In your case, you don't like swimming so well. If you swim in the Navy, something is on very, very girl. Something's wrong with the ship, and swimming may not assist you.
04:18
That's why we wear blue camp. Exactly.
04:21
Blend right in the ocean. Anyways, we're drug dressing again. But again, we're just having fun with this course, and that's kind of having a good time. So let me just talked on a typical day is like a forensic investigator, right? So obviously somebody will alert you that. Hey, we need to investigate something, you know, So, like, if your FBI agent,
04:39
for example, I know based on this model off my friends that I work in this role.
04:43
So,
04:44
Michelle, you know you'll get a caseload. You'll get something from like the special agents saying, Hey, this is what's going on. Can you take a closer look? You know, here's we see, what we see is the computer. Once we were raiding this house over here for this street gang, can you take a look at it and let us know what you find? So sometimes it may be a little blurry of what you're looking for,
05:03
but you'll just kind of go through this process
05:05
that will be in place. So essentially you're looking for things like images, any kind of pertinent data. A lot of tools out there like the N case tour, will actually search like general areas and search for a lot of things like, you know, images, for example. Like if it's a child, *** investigation starts for different commonalities and images
05:25
for previous child *** investigation. So it helps you find those images faster,
05:29
you know, so a lot of things like that. So basically you get the information about some kind of investigation, and then from there you go through the process of,
05:35
you know, securing the evidence gathering the information from it, making a copy of the evidence. That's a big thing, eh? So that way you don't mess anything up, not altering the evidence. So again, some things will change as an event. You know, once they're doing an investigation in acquiring the evidence will be some minor changes.
05:53
So we'll talk about once we dive into the particular module. We'll talk about a little bit about
05:57
life and static acquisition slightly. But as you go through like a stock analyst career path, well, you'll take an actual forensic course. It'll walking through that stuff. But essentially, just understand that way. Get the case. Then, from there, we gather the evidence. We collect it. We don't. We try our best not to alter it. We make a copy of it.
06:15
From there, we analyze the evidence,
06:17
and then we generated report off the evidence to like the prosecutor or whomever. And then from there, it's actually taken to court and presented. Or if it's like, you know, civil case or administrative, it may not be, but in a criminal case, we would take it to the court presented. You know, of course, we probably are gonna be on the stand getting grilled by like the defense attorney, screaming and telling us we're terrible,
06:36
um, and, uh,
06:39
trying to discredit everything we've done. But as long as we follow the process in the chain of custody, then we should be good to go for the for that particular case. So that's a very, very high level overview of a forensic investigation. But that's kind of the typical day of a forensic investigator.
06:55
Job prospects. So much of this is based off incident response, because for forensics, it's it's somewhat tough to find like a forensic investigator job unless, as I mentioned, you're gonna be going into law enforcement. Or if you're already working like as a law enforcement officer, this might be something that you kind of branch off to with your department. But incident response wise.
07:15
Thistle's kind of the numbers just from going to some job search website 16 About 20,000.
07:20
Keep in mind that a lot of rules so again mentioning, like any recruiters watching, Ah, lot of rules kind of like mentioned incident response but aren't really for incident response. So that's where kind of the higher number shows up. There but there are a lot of job prospects, you know, if you if you just kind of play around in your search results, right? So if you look for incident response,
07:40
if you look for, like, digital forensics for forensics,
07:43
if you look for a stock analyst or analyst, if you play with search terms like that, you should find a good amount in your area to apply to. A lot of them are looking for the same skill set for these types of jobs, but they may label them differently.
07:58
Salary is good for incident responders as well. It's like, you know, forensic investigators, generally touching six figures, most least of special agents. I know, obviously there above six figures, with all the purpose in everything. Nothing right now. The government shutdown, unfortunately, but normally they get all of the person and good pay.
08:16
But in private sector incident responders that I know
08:18
working in that capacity are above 1 21 120,000 or more. So it's kind of that range, like you're generally gonna be close to six figures Now, of course, if you're starting out is like a stock analyst, that's a little kind of a reach, depending on your area. Maybe like in the seventies. Francisco Bay area. But
08:35
in most cases, probably stock analyst, you're probably gonna look at the 70
08:39
60 to 70,000 range starting out. And then from there, you kind of progressive,
08:45
different certifications. There's really no one size fits all here. So we've got the EEC counsel incident handler. That's a popular one as well as the guy act Friday said on annular Thea. See, sir, the issue counsel, I forget what that one is. Actually, I think I see.
09:01
I forget what the e stands for. But basically it's another form of the incident handler. Actually, that one's from expert. It's a hand. Yeah, Yeah, I was starting to think I thought they just added, like, one more thing to say to you like a next level type of thing on that, of course, ch ef I which I have the computer hacking forensic investigator
09:20
if he is well, so that's basically a forensic event. Excuse me. Forensic examiner stumbling their forensic examiner of certification. So that being said, a lot of the incident responders that I know have like none of these, so
09:35
just kind of keep in mind like if you're looking for a job, it's an incident. Responders like look at what they're asking for
09:39
in the job posting. They may not ask for anything, so you may not need to go spend money on any of these certifications.
09:46
Now, the most common one is I mentioned is easy Council certified Incident Handler,
09:50
as I mentioned the stock analyst so that we have the career path. So just go to the life site, click on that and it's gonna prepare you for basically all of these, right? So components off the stock analyst, of course. And pretty pretty for that. It'll compare pair you for incident. Response is, well, digital forensics career.

Up Next

Introduction to IT & Cybersecurity

In this FREE IT and cybersecurity training for beginners, you will learn about the four primary disciplines of information technology (IT) and cybersecurity. This introduction to IT course is designed to help you decide which career path is right for you.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor
Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor