Publication Details
What do incident response practitioners need to know? A skillmap for the years ahead
Breitinger Frank
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)
Sheppard John, Dr.
SCHAEDLER, F.
MORGENSTERN, H.
MALIK, S.
Digital Forensics, Incident Response, Skills, Skillmap, Survey, DFIR
Digital forensics incident response (DFIR) specialists are expected to possess
multidisciplinary skills including expert knowledge of computer-related
principles and technology. On the other hand, recent studies suggest that
existing training and study programs may not fully address the needs of future
DFIR professionals. To reveal possible gaps in practitioners education and
identify the most needed skills, we built a skillmap for DFIR where we followed
a threefold approach: (1) an online survey among DFIR experts; (2) a review of
training programs; and (3) an analysis of job listings on LinkedIn. Each source
was first analyzed on its own and the findings were merged into a DFIR skillmap
which is the main contribution of this article. The results show that network
forensics and incident handling are the most demanded domains of skills. While
these are covered by existing courses the newly desired skills, in particular,
cloud forensics and encrypted data, need to get more space in training and
education. We hope that this article provides educators with information on ways
to improve in the years ahead.
@article{BUT175777,
author="HRANICKÝ, R. and BREITINGER, F. and RYŠAVÝ, O. and SHEPPARD, J. and SCHAEDLER, F. and MORGENSTERN, H. and MALIK, S.",
title="What do incident response practitioners need to know? A skillmap for the years ahead",
journal="Forensic Science International: Digital Investigation",
year="2021",
volume="37",
number="2",
pages="23--34",
doi="10.1016/j.fsidi.2021.301184",
issn="2666-2825",
url="https://www.sciencedirect.com/science/article/pii/S2666281721000925"
}