by Jessica Hyde, Magnet Forensics
A few months back I was on my way to BSides NoVa, having a conversation with someone competing in the CTF about where his team would donate the prize money to if they won. I suggested some organizations related to helping young people learn about Information Security. A few hours later, I was relaying the story to a friend and she mentioned that she wasn’t aware of many of the groups that I was referencing. At that point, I realized that information needed to be shared.
A few months later I was at BSidesRoc and heard an incredible keynote by Matt Mitchell: Practical Security: Real World Lessons. In this presentation, Matt talked about a gamut of ways that Information Security professionals could use their skills to help others. He spoke about work that he and other hackers do that has meaning in different ways. I was inspired and started looking for ways that we can use our skills as Digital Forensic professionals to give back.
DFIR Hierarchy of Needs
This thought, about using our skills for good, kept brewing. As I contemplated how this began to feel like a need, I realized that there was almost a Maslow’s Hierarchy of Needs for Digital Forensics. The more I thought about it, the more sense it made, and I realized I had seen other examiner’s mention a similar momentum through the pyramid of how they use their DFIR skills — and that the top of the pyramid was Giving Back in the DFIR community. The pyramid, as I described last week on the Cyber.Now podcast has 4 layers; Fundamentals and Training, Independent Casework and Continued Education, Sharing Information with the Community, and Giving Back.
The fundamentals and training that we all need to become digital forensic/incident response professionals form the base of the pyramid. One of the important realizations about this pyramid is that even when the lower level needs are met, those needs continue. As forensic professionals, it is imperative to continue our training throughout our careers and be cognizant that as new platforms, devices, operating systems, file systems, applications, etc. come into our space, we need to ensure that we continue to build on learning those fundamentals. If you are looking to cover the fundamentals and training necessary to begin your DFIR career, I recommend checking out resources like DFIR Training and About DFIR or taking a training course like AX100 Forensic Fundamentals.
From the fundamentals and training, we can progress to the independent casework and continued education. This is the area where we are rewarded by learning new things through analysis and learning to master individual skills. We get the satiety from knowing that we solved the puzzle presented in the case. You may have discovered a new artifact, used research you found from others, gotten data from a phone using advanced means, completed complex analysis to feel that sense of success. You also may find great satisfaction from not only the technical aspects of the work that you overcome daily, but the mission you serve be it exonerating the innocent, finding evidence that helps a victim, or finding the information to stop the bleeding in an intrusion and protect an important asset.
Once that competency is there, or even as the examiner is gaining it, the next level of the pyramid is sharing info with the DFIR community. Harlan Carvey examines this layer of the pyramid in his “Beyond Getting Started” blog post. Brett Shaver’s expanded on these thoughts in his “Sharing is Caring” blog post, which I encourage you to read. There are a multitude of ways that an examiner can share including sharing scripts, artifact information, teaching, responding to community questions, mentoring, podcasts, presentations, forensic challenges, creating test data, researching, and writing. Writing can include blogging, peer review, academic journals, and books. I detailed these thoughts and examples in a blog post late last year, “The Importance of Sharing in DFIR”.
Sharing itself is a way to give back to the community. But what about that top layer of the pyramid? What are the ways we can use our skills to give back beyond the traditional sharing of DFIR knowledge? What are ways that we can get even larger outreach and find new ways to share? After being inspired by Matt Mitchell’s keynote at BSidesRoc, I started keeping a list of ideas and organizations and I want to share those with you now. There are so many great people finding ways to give back to the broader community using their DFIR skills.
Ways to Give Back
As we take a look at ways to give back using our DFIR skills or to the community, I will be introducing example organizations and groups. As a disclaimer, inclusion in this blog does not imply endorsement by Magnet Forensics. Additionally, this post is in no way an exhaustive list of organizations or groups in each of the areas mentioned, but simply given as examples of groups in the area. I encourage everyone to carefully research and consider any organization they chose to assist in any way and ensure it aligns with their interests, ethics, and ideals.
Giving back can take a variety of formats. It could be sharing your skills, volunteering your time, or can be a donation. As different methods of sharing are discussed and examples provided, I encourage you to figure out what works right for you. Many of these ideas can be done on your own or through groups that already exist. Many times, the existing concept can be modeled in your community and you may want to look to organizations as a source for information and knowledge, or to donate you time, money or skills.
Teaching about Digital Safety and Security
Lots of groups would benefit from learning more about digital safety and security. Sharing the knowledge, you have can be invaluable to marginalized or vulnerable groups. This could involve anything from teaching young teens about Internet Safety by speaking at a school or camp, volunteering to share about phishing scams to elderly, helping victims of abuse to not be targeted by their abusers via their mobile devices, to bringing sharing information security tips in your community. In my previous neighborhood, for example, I volunteered to speak to a camp for teenage girls about Social Media Safety and Responsibility. We discussed a variety of topics and they asked great questions and we all learned together. There is a great article about how Eva Galperin is helping victims of domestic violence on Wired. Or maybe you can consider throwing a Cryptoparty like Matt Mitchell does to share information in your local community.
Help Others Learn About or Get a Start in DFIR
There are a variety of ways to help people learn about the field and get started. One of the great ways is to mentor others. If you are seeking out young people to mentor, consider an underrepresented person who may benefit from your experience and knowledge. Another idea is to participate in a Resume review at an Infosec conference like the sessions Lesley Carhart often hosts at InfoSec conferences. There is also a large list of organizations geared towards introducing young people and others to digital forensics, information security, and Science Technology Engineering and Math (STEM) as a whole. Some of these organizations are listed below and include links to their pages:
- Cyber Sleuth Science Lab
- Black Girls Code
- Advance Program
- TEALS – Volunteers teaching Computer Science K-12
- Rural Technology Fund
- E.R.O. Child-Rescue Corps
One example of a group that focuses on introducing Digital Forensics concepts to underrepresented youth is the Cyber Sleuth Science Lab which just completed a week long digital forensics camp for 80 high school age students in Baltimore, MD. In talking to a friend, Richie Cyrus, about possibly volunteering for a Cyber Sleuth Science Lab, he said something that stuck with me. He said of course, that his mother had taught him that it is our responsibility to “send the elevator back down.” I really liked that.
Another way to help young people who are interested in DFIR or the greater Information Security field is to volunteer to assist with the wide array of scholastic competitions that exist. David Cowen writes about his experience volunteering with the Collegiate Cyber Defense Competition and explains a bit about it in his blog post on his Hacking Exposed Computer Forensics Blog. It is a good example of what one of these events is like. Here is a list of other scholastic competitions.
- California Cyber Innovation Challenge
- RED (Formerly High School Forensics Challenge)
- National Collegiate Cyber Defense Competition
- Canadian Collegiate Cyber Exercise
- Digital Forensics Research Work Shop Forensic Challenge
Organizations / Conferences / Workshops Geared Toward Women
There are a variety of groups that are dedicated to inspiring those who identify as women to grow and develop in this field. These organizations often have a variety of ways in which you can participate. This just a small example of groups in this category. Actually, this post is being initially released when I will be participating in a DFIR Women’s Lunch being held in conjunction with DFRWS Conference where we are discussing ways to give back in the DFIR community. There are groups like:
- The Diana Initiative
- Women’s Society of Cyberjutsu
- BlackHoodie – Free women only reverse engineering workshop
- National Center for Women and Information Technology
There are also a variety of scholarships available. Many of these scholarships are to bring underrepresented groups to training or educational events. Please consider sharing information about these scholarships with people who may be interested in them.
- SANS Women’s Academy
- Scholarships for Women Studying Information Security
- Black Hat and EWF Future Female Leaders Scholarship Program
- AFCEA Diversity Graduate Scholarships
- Ken Johnson DFIR Scholarship
- Facebook Cybersecurity University for Veterans
- Women Techmakers Scholars Program
I hope just as I was inspired to think of ways to give back to the greater good with my DFIR skills, that I have provided those of you looking to give back with ideas of ways to do so. There are a multitude of ways that you can help others. Giving back to others allows us all to serve the better good and ensure that we leave everything a bit better than we found it. Additionally, you are setting up positive experiences for others to associate with our profession which may expose others to the field or inspire future forensic examiners.
Do you have other ideas to contribute to the greater good using your skills or by inspiring others? If so please feel free to share. I look forward to hearing how people are helping others.
Questions or comments? More ways to share? Reach out to Jessica at: Jessica.Hyde@magnetforensics.com
This article was originally posted on Magnet Forensics’ blog. Magnet is a global leader in digital forensic technology with solutions being used in cases ranging from child protection to counter terror and everything in between. Find out more here.