SANS Digital Forensics and Incident Response Blog: Author - Douglas Brush

Getting Your First DFIR Job

Recently, I spoke to students in a computer forensics class who will be graduating in the spring of 2013 about getting a job in computer forensics after school. We covered interview tips as well as performed mock forensic job interviews when I realized there are some pointers that I could share about the process from … Continue reading Getting Your First DFIR Job


You're a tool, a digital forensics tool.

A common question I am asked or see posted on forums, user groups and social media sites is: "What is the best computer forensic tool?" It is usually posed by someone getting started in the field and is an understandable query for an individual who is unfamiliar with some of the granular technical details of the field and looking for direction on how to get their feet wet. In addition there are considerable marketing efforts by product developers to set their solution apart from the rest claiming to be the best, fastest, most reliable or somehow "court approved." (Chris Pogue recently touched upon the "court-approved" tool fallacy on his blog http://thedigitalstandard.blogspot.com/2010/08/court-approved.html.)

When this question is posed I try impress upon the person asking it that there are no forensic tools. There are only

...