DFIR Addict
Introduction
I’m a DFIR addict.
The DFIR journey for me has been life-changing and a fantastic experience to share with others.
Every time the event log is processed on the endpoint, I feel anxiety and excitement.
When you first start, it’s easy to get overwhelmed by the sheer number of events and their severity. The first time I saw an event in my teams’ logs, I felt like my brain was going to explode with excitement. It was the feeling of learning something new and anxiety because I didn’t know what to expect or how to process it. The reality is that once you’ve been doing this long enough, your brain has probably already processed some similar things (if not all). You’ll feel accomplished when you finally figure out what happened or why an event occurred—a sense of relief that something wasn’t as scary as it seemed when viewed from afar!
Once upon a time, I am a forensics and threat intelligence analyst.
I used to be a forensics and intelligence analyst. While the field has seen some changes over the past few years, it remains one of the most exciting fields in cybersecurity. The skillset required by those that work in this field is diverse and wide-ranging, allowing you to apply your knowledge across many different areas of cybersecurity.
In my time as an analyst, I learned how to gather evidence from computers and networks through both traditional means (like analyzing collected data) as well as more creative methods such as reverse engineering malware or investigating connections between systems (you’ll often find yourself looking at logs from different designs).
I learned how to use several tools and techniques, including log analysis, network monitoring, protocol analysis (aka “packet sniffing”), malware reverse engineering, and more. I also learned how to use statistical analysis to create useful models for predicting future attacks.
My favorite thing about DFIR is that it’s not predictable, and every investigation is different.
The best thing about DFIR is that it’s not predictable. Each investigation is different, and there are no exact answers to your questions. You may be able to give yourself a list of possible scenarios, but in the end, it’s up to you whether or not those scenarios are valid.
That’s why I love DFIR so much! I get a chance every day to test my knowledge and see if I can solve a case without knowing anything about what happened beforehand or having any idea how someone came up with their solution (or even where they were). It keeps me on my toes and always challenged; there’s always something new happening somewhere!
I love exploring new operating systems, software, hardware, etc.
I love exploring new operating systems, software, hardware, and more. I try to learn something new daily and am always excited to share what I know with others.
In addition to learning new things that can help you improve your skills as a forensic investigator or analyst, there are other benefits of being an Addict:
-You’ll be able to help others who are also learning. -You’ll learn more than just technology—the skills you develop as an addiction will help you in other areas of life too!
The DFIR journey for me has been life-changing and a fantastic experience to share with others
- DFIR is a great career choice.
- You’re helping people.
- You get to learn new things every day, and it’s exciting!
- You meet new people who share your passion for digital forensics, like me (insert winking emoji here).
Conclusion
I think this is a great opportunity to share what it’s like to be a DFIR addict. I’m not ashamed of my addiction and I don’t think anyone should be embarrassed about theirs, but if you do feel that way, then please reach out to me and let’s talk!