Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

Resources for Starting in DFIR

Expert curated resources on how to get started in Digital Forensics and Incident Response.

Watch KeynoteView More videos
Jump to:

The Godfather of Forensics: How to Leverage Your "Year One" to Get an Offer You Cannot Refuse

Watch Rob Lee, SANS Chief of Research, share his DFIR origin story.

Reflecting on 20 years in the industry, he discusses mistakes made, lessons learned, and advice to new professionals on how to go from their first job to their dream job.

Watch More Summit videos Explore Upcoming Summits

DFIR Fundamentals Poster

The first step in any investigation is to identify and gather evidence. Digital forensic investigations are no different. The evidence used in this type of investigation is data, and this data can live in many different locations in a variety of formats. This poster will help you to identify the data that you might need to analyze, determine where that data resides, and formulate a plan and procedures for the best way to collect and preserve that data. This poster will also show you the path to where the investigation really begins!

Download Now
Resources for Starting in DFIR

3MinMax Beginners: Bite-Sized Videos to Get Up to Speed Quickly in Digital Forensics and Incident Response

This video series by SANS instructor and author Kevin Ripa offers snapshots into the industry so you can explore multiple topics within cyber security and DFIR.

Choose from 200 videos!

Watch More Videos

More DFIR Origin Stories

Watch the video as SANS DFIR Curriculum Lead Heather Mahalik walks you through her lessons learned and tips to help you along your journey into DFIR.

Read about how Kevin Ripa, SANS Senior Instructor, and 25-year digital investigation veteran, stumbled into cyber forensics by chance and how a career shift into DFIR can happen at any time.

Watch on YouTube Read Kevin’s story

Thinking DFIRently From Entry to Specialty

The Digital Forensics and Incident Response world. An incredibly broad sphere. We have people trying to get into this world. We have people that have just entered this world. We have people that work day-to-day in this world. We have people that excel in niche areas of this world. Each group thinks they are unique in this world, but one commonality that pervades everyone and everywhere in this world is that we have questions about, “How do I?”

How do I get into DFIR? How do I get better at DFIR? How do I specialize? How do I decide what to specialize in next? How do I get to be like ‘that’ person?

Besides these questions, there are more practical questions. What training do I take? What tools do I use? Who should I follow? How can I find a mentor? Why would anyone want to give up their time to help me?  This video answers these questions and more!

Keep Exploring

View additional SANS resources to help you get started in the industry, including free events, tools, scholarship programs, and more.

See SANS Resources