Curious to see how people here use forensic tools and methods on a daily basis and what their typical day looks like.
I won't tell you )
I picked "Enterprise forensics with much hands-on hardware" because it's the closest thing to what I do. But, realistically, my job isn't exactly forensics at all. My day to day is really more like
8AM Work on website, SEO, link building, social media outreach, advertising, etc.
9AM Diagnose a couple broken hard drives
10AM Provide quotes for a few data recovery cases
1030AM-noon Fix a couple broken hard drives
1PM-3PM Babysit drives while extracting data as well as some additional web/advertising work
4PM Bill a few customers out
5PM Fix another hard drive or two maybe quote another case or two.
And the next day it repeats. With the occasional RAID case to really break things up.
Not your task. Silent.
Curious to see how people here use forensic tools and methods on a daily basis and what their typical day looks like.
I'm not sure you're going to get that from a survey.
In my case, it's "enterprise threat hunting", which is used to identify systems that need closer examination. In some few cases, F-Response may be used, but more often, we get images for analysis.
For DF analysis, I find the classic "forensic tools" to be cumbersome for most analysts; I've been able to extract data and develop answers from two system images in under 4 hrs, whereas some tools take 19 or more hours to run across a single image. If a focused approach is used in analysis…ie, Sniper Forensics…there's a significant cost savings.