homepage
Menu
Open menu

Resources for Starting in DFIR

Expert curated resources on how to get started in Digital Forensics and Incident Response.
Watch Keynote View More Videos
DFIR Summit KeynoteVideo SeriesDFIR Origin StoriesMore Info

The Godfather of Forensics: How to Leverage Your "Year One" to Get an Offer You Cannot Refuse

Watch Rob Lee, SANS Chief Curriculum Director & Faculty Lead, share his DFIR origin story.

Reflecting on 20 years in the industry, he discusses mistakes made, lessons learned, and advice to new professionals on how to go from their first job to their dream job.

View More Summit Videos Explore Upcoming Summits
DFIR Fundamentals

DFIR Fundamentals Poster

The first step in any investigation is to identify and gather evidence. Digital forensic investigations are no different. The evidence used in this type of investigation is data, and this data can live in many different locations in a variety of formats. This poster will help you to identify the data that you might need to analyze, determine where that data resides, and formulate a plan and procedures for the best way to collect and preserve that data. This poster will also show you the path to where the investigation really begins!

Download

3MinMax Beginners: Bite-Sized Videos to Get Up to Speed Quickly in Digital Forensics and Incident Response

This video series by SANS instructor and author Kevin Ripa offers snapshots into the industry so you can explore multiple topics within cyber security and DFIR.

Choose from 200 videos!

Watch More Videos in this Series

More DFIR Origin Stories

Watch the video as SANS DFIR Curriculum Lead Heather Mahalik walks you through her lessons learned and tips to help you along your journey into DFIR.

Read about how Kevin Ripa, SANS Senior Instructor, and 25-year digital investigation veteran, stumbled into cyber forensics by chance and how a career shift into DFIR can happen at any time.

Watch on YouTube Read Kevin's Story

Thinking DFIRently From Entry to Specialty

The Digital Forensics and Incident Response world. An incredibly broad sphere. We have people trying to get into this world. We have people that have just entered this world. We have people that work day-to-day in this world. We have people that excel in niche areas of this world. Each group thinks they are unique in this world, but one commonality that pervades everyone and everywhere in this world is that we have questions about, “How do I?”

How do I get into DFIR? How do I get better at DFIR? How do I specialize? How do I decide what to specialize in next? How do I get to be like ‘that’ person?

Besides these questions, there are more practical questions. What training do I take? What tools do I use? Who should I follow? How can I find a mentor? Why would anyone want to give up their time to help me?  This video answers these questions and more!

What Students Say About Learning From Industry Experts

Read what SANS alumni say about learning from leading DFIR instructors, such as Rob Lee, Kevin Ripa, and Heather Mahalik.
Rob is awesome! I really enjoy how he throws in some real world encounters
Ryan Gabet
- Cisco Systems Inc.
I enjoy how Kevin provides students with real-world scenarios and experiences that relate to the material he is discussing.
Jeff Spurlock
- Nevada National Guard
OMG!!! Heather just showed me something that is going to completely change the way I do forensics.
Jeff Madsen
- WA State DSHS

    Keep Exploring

    View additional SANS resources to help you get started in the industry, including free events, tools, scholarship programs, and more.
    See SANS Resources