Beginners Training in DFIR
I won't lie. This has been the most challenging task I have yet been given. Not because the new forensics training has been difficult, but learning how to best create an organized workflow while staying within the confines of the law without a mentor beside me to guide my hand with best practices and experiential advice has made it a slow process of trial and error. In trying to find ways to curb this frustration, I discovered the Digital Forensics Discord Server through Andrew Rathbun. He had been a student in several of my Magnet Axiom Classes and became a virtual mentor to me. He told me about the AboutDFIR website and introduced me to Eric Zimmerman's tools and SANS Certification. So, for me, it was a matter of being in the right place at the right time and meeting the right person that helped put my feet on the proper path and give me traction. Now, to give back as much or as little as I can in like manner, I have created this blog in hopes that someone seeking the same answers might find them here or at least find a guidepost to the next destination where the answers might lay.
That said, this post is about training. More specifically, it is about the introductory FREE training that I took to introduce basic concepts in Digital Forensics. I stumbled upon the NW3C site while I was waiting for my Magnet Axiom training to begin. They have fantastic online courses and now in the days of COVID 19, they have some wonderful Live Online courses as well. Most vendors of Digital Forensics software offer training on their specific tool at great monetary cost. SANS offers vendor-neutral training which is far more extensive and therefore, even more costly. Each offers certification following successful completion of a test. Lucky for you, the lads and ladies at AboutDFIR.com have put together an extensive list of training here, which they update regularly. So jump in and get started.
Also, don't be hesitant to post in the comments below any training that you come across, so that others stopping in to read the blog might find them and check them out.
Remember this, if nothing else, there is always someone out there who is willing to help you, so don't be afraid to ask questions. There are no stupid questions and I have yet to meet anyone in the field who will make you feel otherwise. Stay hungry! Learn as much as you can! We live in a wonderful digital age of online learning and instantaneous communication! Take advantage of all of it. Don't let laziness or self-doubt slow you down. If you are looking into doing this kind of work, it's most likely because you love it, so never lose sight of that and keep improving every day. Read the books, listen to the podcasts, join in on the webinars and weblogs, go to the conferences, attend the training, follow the Twitter feeds, and DO THE WORK! Practice, practice, practice!
A great place for sample images if you don't have practice devices is the NIST CFReDS Project, and the AboutDFIR Tool Testing page. Download the images and get to work. All of the training in the world won't do you any good without hands on practice and experience. Go get your hands dirty and have fun learning. When you feel a little more confident and ready to join in on some group fun, you can sign up for some Capture The Flag (CTF) challenges.
Just enjoy the community and the career. Network and link up with others in the field. Maybe collaborate on a case or a project. Don't be afraid to add your name to the list thinking that you have nothing to offer. Everyone has something to offer and together, we will continue to push the ball forward.
Welcome to the team!