How many years have you been in DFIR field

Do you hold any Certification

Do you feel your Certification brings value to your Job/Career

What Certification do you currently have

Are you currently happy with your current job

Do you consider yourself overworked or burnt out

What is your current salary

How many times did you swap jobs/companies

Do you work out of a Major City (NY, PHL, CHI)

Are you Law Enforcement/Private Sector/Government

How do you feel about the current and future DFIR job environment.

Are you currently looking for a new job?

Do you feel Certifications are important for new graduates to obtain for applying to jobs?

Do you feel the quality of candidates from university have gone up or down in recent years?

Do you feel the DFIR field is becoming saturated with new graduates?

For students who are unable to find a job what advice do you have for them.

Any projects ideas a student can work on to help the DFIR community?

How can students make their resume's stand out

Take a role in an adjacent field and work your way over.

Specifics on tools and training

Cfce, casa, cco, misc belkasoft

Coding. Learn to code. Work on open source projects. Show the interviewers you understand computational workflows and thinking

Look towards the libraries and archives sector for digital preservation projects. Low barrier of entry. Very similar technologies under the hood when you dig in. No need to pursuade someone to clear you for the grubby stuff. No exposure to the grubby stuff

Don't list certs. List achievements. Show me you understand df workshops.

GCFA, GCIH, GNFA, GX-FA, GX-IH

Continue to build resume, internships

Learn By doing. Partecipate in CTF challenges.

More tools. We are in dire need of more open source stuff, especially for mobile forensics

Networking and finding a mentor in the industry can pay off hugely in finding a place to land. When you apply to any position, you are pitted against the pool. If you can get the internal referral, you move to the front of the line.

Cloud and Log parsing are becoming more and more critical for the cases being worked.

External Projects and Tools help indicate the student can think through a problem by creating the solution themselves.

Go the law enforcement route

Security+, AZ-900, AWS CCP

Cybersecurity is NOT entry level. You might get lucky (or maybe make your own luck) and start off in cyber but that is very unlikely. Start in another facet of IT and learn how security can be applied to it. With the market for entry level jobs as saturated as it is, it unlikely that you will be the top candidate through no fault of your own, taking another road and coming back to cyber will benefit you in the long run and stop you from getting discouraged.

Learn everything you can about the Windows operating system.

You don't need to specialise until you're in your 30s.

Host your own websites, interpret logs, make timelines, explore malware safely

Keep it concise and relevant - don't oversell it. Keep it factual. Every word matters, don't fill it with crap.

Try to get more certifications and free external/online training before applying.

Get a low level job or law enforcement first

Infosec is a broad field. Learn a little bit about everything.

Work on networking and people skills. Let hiring managers know you are ready to learn and adapt to their needs. Do worry about not knowing the big forensics tools. Communication skills are really lacking in our space and it's one thing that can make you stand out from another candidate.

Take as many free courses as you can from the big vendors. Companies like Magnet and Cellebrite are always offering excellent training. If you can't get your hands on the tools, having a basic understanding of the functionality will be better than most. Work on report writing and take a technical writing course while you are in school. Being able to communicate your findings to the client is oftentimes overlooked. Understand your audience.

Highlight your major skills and the goals you are looking to achieve in the position you are looking for. Understand the audience and know that you might need a different resume template depending on the job posting. I remember some places had a required format. Try to target the department manager or partner and get it into their inbox if possible. Sometimes it is all about the people you know.

Even if you don't have work experience, I think being able to talk enthusiastically about the projects you've done at school and how you approached those problems is something that interviewers like to see. Also, be humble and express that you're someone who enjoys to learn.

I feel that just being able to understand and explain artifacts of execution like userassist, amcache, shimcache, prefetch, and whatnot probably will help new grads stand out from other people.

Go beyond the degree, give me real world projects you’ve engaged in at home

Something like the LEAPPS

Most people do not go straight into DFIR, you gain a lot of knowledge working in a SOC or similar roles. Even starting in IT is good. Getting to understand real environments and real world situations goes a lot further then anything a course can teach you. School will not teach you that you sometimes just walk into a situation and find out the IT department saw nothing wrong with giving every single person admin on their device.

Automation of log parsing and visual aid creation for senior level/court will make you a lot of friends.

A link to your own personal website with example reports of mock device examination. Report writing is a lot more important then you realize. If you list a tool or a skill you better be prepared to explain not only how you use it but why.

Contribute, even in small ways, to the community. Show interest an interest in learning

CFCE ICMDE CCO/CCPA MCFE

Placement years to get your foot in the door, uk based (I'd going for a police force) special may also help get you a start

I filled out this form but the data was lost.

Get practical experience at home.

Technical knowledge, an investigative mind, honesty.

Product management, some tool specific certs.

Be truthful in interviews, if you don’t know the answer be honest. Try to get some free work experience done, that’s how I’m still working for a forensic software vendor.

Faster hashing technologies

Your competencies should be clear and up front.

Sans + multiple Cellebrite certs

Certifications, blogs, writing papers on forensic artifacts, hands on self learning (phones, computers, etc)

Verifying and testing data on phones. Location data, messages apps, testing on new apps people might be using, etc

Show that you’re passionate about the field. Write some blog posts. Show you’ve done forensic testing on devices. Show something interesting you found in a phone extraction.

Don’t give up, consider working hard a SOC role.

Better parsers for cloud computing artifacts and AI/ML ideas.

Don’t just list tools, list stuff you have worked on (ie: malware intrusion on a server)

Apply even if you don’t meet min. Requirements

Market yourself on LinkedIn, set your self apart from others with blogs/research

find / test new artifacts with computers, phones, etc.

experience, research, and blog projects

Make yourself stand out by doing research, publishing a blog, standing up a home lab. If you can show me you understand all the concepts and can demonstrate that, you are better off that 90% of the new candidates I see.

anything cloud or container forensics

Look at the job posting and make sure the keywords they are looking for are in your resume. If I am hiring a forensics person, and you do not mention forensics in your resume, it will not get past the initial checks and searches.

Don't use ChatGPT to write your resume. ChatGPT written text is easy to spot and often comes off as snooty. Its OK to use ChatGPT but reword what it creates.

Work in a technical field to get experience. It will probably be transferrable