What do incident response practitioners need to know? A skillmap for the years ahead

  • Digital forensics incident response (DFIR) specialists are expected to possess multidisciplinary skills including expert knowledge of computer-related principles and technology. On the other hand, recent studies suggest that existing training and study programs may not fully address the needs of future DFIR professionals. To reveal possible gaps in practitioners education and identify the most needed skills, we built a skillmap for DFIR where we followed a threefold approach: (1) an online survey among DFIR experts; (2) a review of training programs; and (3) an analysis of job listings on LinkedIn. Each source was first analyzed on its own and the findings were merged into a DFIR skillmap which is the main contribution of this article. The results show that network forensics and incident handling are the most demanded domains of skills. While these are covered by existing courses the newly desired skills, in particular, cloud forensics and encrypted data, need to get more space inDigital forensics incident response (DFIR) specialists are expected to possess multidisciplinary skills including expert knowledge of computer-related principles and technology. On the other hand, recent studies suggest that existing training and study programs may not fully address the needs of future DFIR professionals. To reveal possible gaps in practitioners education and identify the most needed skills, we built a skillmap for DFIR where we followed a threefold approach: (1) an online survey among DFIR experts; (2) a review of training programs; and (3) an analysis of job listings on LinkedIn. Each source was first analyzed on its own and the findings were merged into a DFIR skillmap which is the main contribution of this article. The results show that network forensics and incident handling are the most demanded domains of skills. While these are covered by existing courses the newly desired skills, in particular, cloud forensics and encrypted data, need to get more space in training and education. We hope that this article provides educators with information on ways to improve in the years ahead.show moreshow less

Download full text files

Export metadata

Statistics

Number of document requests

Additional Services

Share in Twitter Search Google Scholar
Metadaten
Author:Radek Hranický, Frank BreitingerORCiDGND, Ondřej Ryšavý, John Sheppard, Florin Schaedler, Holger Morgenstern, Simon Malik
URN:urn:nbn:de:bvb:384-opus4-1175677
Frontdoor URLhttps://opus.bibliothek.uni-augsburg.de/opus4/117567
ISSN:2666-2817OPAC
Parent Title (English):Forensic Science International: Digital Investigation
Publisher:Elsevier BV
Type:Article
Language:English
Year of first Publication:2021
Publishing Institution:Universität Augsburg
Release Date:2024/12/17
Volume:37
Issue:Supplement
First Page:301184
DOI:https://doi.org/10.1016/j.fsidi.2021.301184
Institutes:Fakultät für Angewandte Informatik
Fakultät für Angewandte Informatik / Institut für Informatik
Fakultät für Angewandte Informatik / Institut für Informatik / Lehrstuhl für Cybersicherheit
Dewey Decimal Classification:0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 004 Datenverarbeitung; Informatik
Licence (German):CC-BY-NC-ND 4.0: Creative Commons: Namensnennung - Nicht kommerziell - Keine Bearbeitung

OPUS4 Logo