Beginners Training in DFIR

    When I first began working for the police department as a Crime Analyst, I had a lot of free time to use for training. I was given my own office and a superfast computer with dual Xeon processors and three monitors. The person who was supposed to train me didn't really want to take the time, so I had to find ways to teach myself online. I read constantly and became very good at searching the corners of the internet for free courses. After three months, I was handed the responsibility of creating the weekly intelligence briefing and the operational reports used for strategic planning of resource allocation. To add to that, I was asked to create a new intranet site for our department as the old one was outdated and difficult to edit as the person who had originally designed it had moved on. I had never created a website from scratch, so once again, I began tearing up the internet to learn how to code in HTML, Javascript, CSS, and PHP. I downloaded SoloLearn on my phone so that I could learn while playing on my phone. Once it was done, my superiors were so impressed that they asked me to create a program for Performance Evaluations. They had currently been using an Excel document and wanted the process simplified and less convoluted. I decided to go with a fillable PDF form with Javascript controls to make it interactive. They loved it and having proven that I was capable of tackling new challenges and grasping technological concepts, they decided to trust me with beginning our department's first Digital Forensics Lab. 

    I won't lie. This has been the most challenging task I have yet been given. Not because the new forensics training has been difficult, but learning how to best create an organized workflow while staying within the confines of the law without a mentor beside me to guide my hand with best practices and experiential advice has made it a slow process of trial and error. In trying to find ways to curb this frustration, I discovered the Digital Forensics Discord Server through Andrew Rathbun. He had been a student in several of my Magnet Axiom Classes and became a virtual mentor to me. He told me about the AboutDFIR website and introduced me to Eric Zimmerman's tools and SANS Certification. So, for me, it was a matter of being in the right place at the right time and meeting the right person that helped put my feet on the proper path and give me traction. Now, to give back as much or as little as I can in like manner, I have created this blog in hopes that someone seeking the same answers might find them here or at least find a guidepost to the next destination where the answers might lay. 

    That said, this post is about training. More specifically, it is about the introductory FREE training that I took to introduce basic concepts in Digital Forensics. I stumbled upon the NW3C site while I was waiting for my Magnet Axiom training to begin. They have fantastic online courses and now in the days of COVID 19, they have some wonderful Live Online courses as well. Most vendors of Digital Forensics software offer training on their specific tool at great monetary cost. SANS offers vendor-neutral training which is far more extensive and therefore, even more costly. Each offers certification following successful completion of a test. Lucky for you, the lads and ladies at have put together an extensive list of training here, which they update regularly. So jump in and get started. 

    Also, don't be hesitant to post in the comments below any training that you come across, so that others stopping in to read the blog might find them and check them out. 

    Remember this, if nothing else, there is always someone out there who is willing to help you, so don't be afraid to ask questions. There are no stupid questions and I have yet to meet anyone in the field who will make you feel otherwise. Stay hungry! Learn as much as you can! We live in a wonderful digital age of online learning and instantaneous communication! Take advantage of all of it. Don't let laziness or self-doubt slow you down. If you are looking into doing this kind of work, it's most likely because you love it, so never lose sight of that and keep improving every day. Read the books, listen to the podcasts, join in on the webinars and weblogs, go to the conferences, attend the training, follow the Twitter feeds, and DO THE WORK! Practice, practice, practice! 

    A great place for sample images if you don't have practice devices is the NIST CFReDS Project, and the AboutDFIR Tool Testing page. Download the images and get to work. All of the training in the world won't do you any good without hands on practice and experience. Go get your hands dirty and have fun learning. When you feel a little more confident and ready to join in on some group fun, you can sign up for some Capture The Flag (CTF) challenges. 

    Just enjoy the community and the career. Network and link up with others in the field. Maybe collaborate on a case or a project. Don't be afraid to add your name to the list thinking that you have nothing to offer. Everyone has something to offer and together, we will continue to push the ball forward. 

    Welcome to the team! 


  1. The article you've shared here is fantastic because it provides some excellent information about digital evidence analysis company london that will be incredibly beneficial to me. Thank you for sharing that. Keep up the good work.

  2. It is what I was searching for is really informative. It is a significant and useful post for us. Thankful to you for sharing video like this. Information Security Online Courses Canada

  3. I am attracted by the info which you have provided in the above post. It is genuinely good and beneficial info for us. Continue posting, Thank you. Buy Password Creator in Usa

  4. I generally check this kind of article and I found your article which is related to my interest. Genuinely it is good and instructive information, Identity Theft Protection Software Thankful to you for sharing an article like this.


Post a Comment

Popular Posts