In a previous life, I was involved in the DevOps and Docker communities.
I was really impressed by the amount of quality content in those areas, and the amazing communities around that space, that included awesome meetups, super active open source projects, blogs and many more channels.
Coming into the DFIR (Digital Forensics and Incident Response) world (~a year ago) I found this area of community lacking, well behind the DevOps space, leaving much room for improvement.
Communities are important since they are a place where people can share ideas, best practices, new tools and ask questions relevant to the field.
So I tried to search for the best community resource out there (and also create some new ones :) ), I will try to list in this post some of the most active communities I have encountered.
- DFIR maling list:
The SANS DFIR mailing list is very active,and seems to have a large reader base, you can register at: https://lists.sans.org/mailman/listinfo/dfir
- DFIR Slack channel:
The DFIR Slack channel is relatively new (less then a year old) but has more then 550 active participants, and several sub-channels like hunting and tools.
Slack is a very cool medium for community (very sleek UI) , and this community seems to be growing, you can join it here: http://go.demisto.com/join-our-slack-community
- Reddit — malware + computer forensics subreddits
Reddit is has some subreddits with massive traffic, and a good place to share/read new blog posts or even Q&A.
There is no dedicated DFIR subreddit, but the Malware + computerforensics seem to be close enough.
Malware has ~18,000 readers .
computerforensics has ~15,000 readers.
Although a usually popular medium for cyber communities, there seems to be a lack in a focused (and active) DFIR group, what I did find:
Advanced Persistent Threats (APT) & Cyber Security
The most active group with ~40,000 members, but not focused at DFIR
CSIRT — Computer Security Incident Response Team
SANS DFIR Community
both these groups are not very active, and relatively small (~1000 members) but that is the best I found…
This is a dedicated community of security professionals, a new platform by itself, seems to have nice traction (according to similarweb has ~70,000 K unique visitors a month)
I guess this medium is less suitable for DFIR community, I did not find any significant FB group on that subject.
The SANS page seems to have many “likes” but does not appear to be a real community driven group, just a SANS page:
Seems the big and active meetups are located in Bay Area, those are the ones I found relevant:
Open source projects are also a great way to build communities on top, one niche part of it is a concept called “awesome lists” which are collections (usually of tools/products) in a certain domain.
I find it useful to keep track of all the new/main tools in a certain field, I have created such a list focused at DFIR, today it has around ~600 GitHub stars and ~130 forks, and is open for contributions:
If you think there are more communities out there relevant, please share.
If you see a need of a DFIR community in a new platform, feel free to share with us on twitter @demistoinc