In this episode, we are joined by Jason Jordaan who has been working in law enforcement for many years and now has his own company where he does digital forensics and incident response work.

He will be educating those who want to join DFIR, those who are new to DFIR, and those who want to build up their labs and abilities. Jason will be explaining what it takes to become a digital forensics practitioner and also the differences between examiners and investigators.

Developing the Next Generation of Forensic Practitioners in a Changing World

When Jason started in forensics in the 1990s, he worked as a cop and a detective. “Analysts” and “examiners” did not yet exist. Everyone was simply an investigator trying to find relevant information for each examination. Unlike today where there are so many different entry opportunities for people in the world of forensics, people used to come almost exclusively from the military or law enforcement.

People still come from those traditional routes, but we’re now seeing many from the private sector entering the field. Because of this change, we can no longer have a one-size-fits-all perspective when it comes to DFIR development.

What is the Difference Between Investigators and Examiners?

Today we are able to differentiate between two different types of digital forensic work. Investigators tend to be digital forensic savvy, but they may not be familiar with the in-depth technicalities and details needed to use different tools.

Generally, investigators will be able to use basic tools and parse data in order to find clues in a case, but they won’t understand the technical intricacies. Examiners, on the other hand, are extremely familiar with the technical side and the details of a wide variety of different tools; hence the need for workflows that encourage collaboration between these two types of experts.

Listen to the full episode to learn more about the world of DFIR and how it is developing.

Share this post