Question I received: How long does it take before I can expect to get into a DFIR career?
Answer: It depends!
It depends on your available resources + available time + motivation to learn.
The more of each of these that you have, the faster it will be. A lack of resources (software/hardware) means scraping together machines and free/open-source tools. A lack of time means squeezing in minutes here and there over a longer period of time.
A lack of motivation is the most important factor because, without motivation, you will never make it regardless of your available resources. Period.
By the same token, motivation is the biggest factor to make up for a lack of resources. Do not ever underestimate the power of motivation. The sheer force of drive. The unstoppable energy of determination. If you are driven to succeed in face of anything, then you will make it. It does not matter where you start from, age is irrelevant. Education level meaningless. Socio-economic background means nothing.
I say this full well knowing that someone with a high education or "elite" status in society with unlimited sources starts farther ahead than you or I. I say this because without motivation, resources are useless and any success is limited and a dead end. With motivation, there is no limit. You will have to work harder. Study more. Endure stress and keep moving forward against friends or family advice to quit. Others will appear to effortlessly pass you by. Everything will seem more difficult. And it will be.
Keep the pace
It is one foot in front of the other. That should be your focus. Your goal is not to master the entire registry at the same time that you have a goal to master Linux logfiles. Learn a registry concept. Then a registry hive. And a key. One step at a time. As long as you keep moving forward, you will move forward.
Find one. Follow your mentor. Know that your mentor, whether you ever met or communicate, has gone through exactly what you are going through. Maybe they had an even more difficult time with circumstances you'll never know. The best mentor is the one that motivates you. It is the person that you know will pull you forward as long as you make the effort to make the effort.
An example of making the effort
When I was a much younger Marine, I had an aptitude for humping a pack (ie; long, forced marches carrying a heavy backpack). I had the same pains as everyone else, blistered feet, sore back, muscle cramps, and lots of sweat! But I would never quit and never quit putting one foot in front of the other. A new Marine behind me on one of the marches didn't do so well, but he tried. So on a really long hump, I told him to grab ahold of my backpack straps (the straps that you use for your sleeping bag). I said, "Hold my straps and as long as you keep walking, I'll help." The secret was, I didn't pull him at all, but he kept going. He learned that as long as he worked and did his part, he'd be able to keep up. He never really needed to hold my straps that day, and he only needed it for a few minutes that he could do it. He just needed to know everyone goes through the same pains and understands, but if you do your part, everyone is there for you.
You are next
Know now that someone is going to look to you as a mentor, if not already. You won't know who they are, but they are watching you. They are hanging on your every word. They are inspired by you. They are motivated by you, all because they know you made the effort and didn't quit. There are more than a few peeps in DFIR that I watch like a hawk because they inspire me every day. On the days when I don't believe that I know enough, I fall back on my mentors and their work. I fall back on those who give a little of themselves by sharing, and speaking, writing, and teaching. Do not be surprised that if and when we meet, I tell you that you inspired me. You never know when something that you did or said made a difference to someone else who is also swimming in the ocean of DFIR information, trying to figure it all out.
This thing we call "DFIR"
DFIR (Digital Forensics Incident Response) is simply one small part of the Information Security world (or cybersecurity). There are many sub-fields, cross-fields, and related fields, but none are DFIR. The people in DFIR are awesome. Infosec is one thing, but DFIR is something all by itself. I look at DFIR as the Green Berets of Infosec (or Navy SEALs, or Marines, or SWAT...take your pick, but you get the point). In those communities, everyone pulls more than their own weight. They work to excel in their respective expertise. They help each other. They work as team players. For this, DFIR has advanced and advances in skill and knowledge beyond practically any other field.If you are new to DFIR, welcome to the family. If you have been here a while, be sure to hold the door open to the new folks. They bring a whole new world of motivation, innovation, and drive that benefits us all.