Join Us!

Notifications
Clear all

What do you do?  

  RSS
armresl
(@armresl)
Senior Member

I've noticed a lot of new members and a good deal don't put down occupation or put investigator.
What does everyone do?

Private sector CF/CPF no IR.

Quote
Posted : 07/01/2020 9:06 pm
Igor_Michailov
(@igor_michailov)
Senior Member

They are bots. Not people.

The site has over 36000 members. But you can see what articles of the site usually have from 100 to 300 views. Do you sure what 36000 member can make only 100-300 views / per article? Really? And the views fall every day from an article to next article.

The site looks like an advertising dumpster. evil

ReplyQuote
Posted : 07/01/2020 10:27 pm
tracedf
(@tracedf)
Active Member

What does everyone do?

Full-time infosec, part-time consultant doing computer/mobile forensics and e-discovery.

ReplyQuote
Posted : 08/01/2020 5:32 am
armresl
(@armresl)
Senior Member

Thanks for taking the time to reply.

That's a really broad group of topics you have.
Basically you've listed everything including the in house legal part of things like e-discovery.

Do you find yourself an expert in all of those areas?
You can PM if you like.

What does everyone do?

Full-time infosec, part-time consultant doing computer/mobile forensics and e-discovery.

ReplyQuote
Posted : 08/01/2020 5:37 am
Bunnysniper
(@bunnysniper)
Active Member

What does everyone do?

Fulltime Incident Response for a US tech giant, specialized in Windows, Unix and Cloud Forensics. As aside job, I am working as Expert Witness in my local area and deal with digital forensic investigations in civil cases. Anyway, my clients asking for expert opinion could not afford buying an Incident Response Retainer from my primary employer, so there is a clear differentiation between my actions.

regards,
Robin

ReplyQuote
Posted : 08/01/2020 8:33 am
keydet89
(@keydet89)
Community Legend

Long time old school DFIR, incident responder…back in the day when the joke was that we'd image all 3000 systems. Never did that, though.

Transitioned to threat hunting and response with the advent of EDR capabilities, found that a lot of the processes that I used that relied on extracting info from images (i.e., "sniper forensics") worked equally well when doing triage IR. Knowing what to get from systems, taking into account ROI, and impact on everything from the endpoint to the network to the cloud, is critical particularly in order to identify the 3 or 8 endpoints of interest across 150K or more.

Lots of deep forensic research into the Windows Registry, LNK files, and parsing a number of file and structure formats from Windows systems, in order to fully exploit the data. Created the smallest, fully functional LNK file possible, with NO metadata. Created and maintain RegRipper. Deep dive into targeted timeline analysis.

Big advocate for documentation…case notes, lessons learned, etc. Jim Mattis said in his book, "…our personal experiences alone are not enough to sustain us." And he's right. No one of us has seen or knows everything, and all of us together are smarter and more agile/effective.

Published author, public speaker, blogger.

ReplyQuote
Posted : 08/01/2020 12:02 pm
tracedf
(@tracedf)
Active Member

Thanks for taking the time to reply.

That's a really broad group of topics you have.
Basically you've listed everything including the in house legal part of things like e-discovery.

Do you find yourself an expert in all of those areas?
You can PM if you like.

With regards to infosec, I'm a generalist. I have overall responsibility for the security program at my full-time employer. I have experience/knowledge in several different areas but I'm not an expert in most of them.

My strongest hands-on areas are computer/mobile forensics and that's where I hold myself out as an expert. There's always more to learn, of course, but I think I'm pretty capable.

The e-discovery work I do (in-house and consulting) is pretty simple email searches for litigation/public records requests, dump text messages, etc. I don't do large/complex e-discovery engagements (e.g. electronic medical records, enterprise-wide collections).

ReplyQuote
Posted : 08/01/2020 6:52 pm
Cults14
(@cults14)
Active Member

With regards to infosec, I'm a generalist. I have overall responsibility for the security program at my full-time employer. I have experience/knowledge in several different areas but I'm not an expert in most of them.

My strongest hands-on areas are computer/mobile forensics and that's where I hold myself out as an expert. There's always more to learn, of course, but I think I'm pretty capable.

The e-discovery work I do (in-house and consulting) is pretty simple email searches for litigation/public records requests, dump text messages, etc. I don't do large/complex e-discovery engagements (e.g. electronic medical records, enterprise-wide collections).

I'm not a million miles off that. I report in to Legal but sit in IT&S, sole internal corporate resource (training up a colleague though), major areas are
* Laptop forensics (internal investigations so I know our environment pretty well but would likely struggle in the open market place, at least initially). No mobile skills to speak off.
* Email investigations (Exchange/Outlook-based)
* Supporting external counsel (keeping them right half the time it seems) in litigation matters mainly in broad-brush collectons but sometimes we get a bit more granular
* Running our security awareness training program
* Developing / maintaining Policies

Seldom dull

Peter

ReplyQuote
Posted : 06/02/2020 9:55 am
4Rensics
(@4rensics)
Active Member

I feel like a relic here. Old school dead box forensics (phones, PCs etc) for LE in the UK.

Sometimes exciting, sometimes boring, always interesting!

Have toyed with moving in to IR if not just for the money and career prospects. Money and career in the cops is dogshit at best. Good luck ever getting a payrise or career progression as police staff. But thats just my two cents! lol

4R

ReplyQuote
Posted : 06/02/2020 1:48 pm
Share: