• Demisto Blog
  • »
  • Digital Forensics and Incident Response Community Resource

Digital Forensics and Incident Response Community Resource


In a previous life, I was involved in the DevOps and Docker communities.

I was really impressed by the amount of quality content in those areas, and the amazing communities around that space, that included awesome meetups, super active open source projects, blogs and many more channels.

Coming into the DFIR (Digital Forensics and Incident Response) world (~a year ago) I found this area of community lacking, well behind the DevOps space, leaving much room for improvement.
Communities are important since they are a place where people can share ideas, best practices, new tools and ask questions relevant to the field.

So I tried to search for the best community resource out there (and also create some new ones :) ), I will try to list in this post some of the most active communities I have encountered.

  • DFIR Slack channel:
    The DFIR Slack channel is relatively new (less then a year old) but has more then 550 active participants, and several sub-channels like hunting and tools.
    Slack is a very cool medium for community (very sleek UI) , and this community seems to be growing, you can join it here: http://go.demisto.com/join-our-slack-community
  • Reddit — malware + computer forensics subreddits
    Reddit is has some subreddits with massive traffic, and a good place to share/read new blog posts or even Q&A.
    There is no dedicated DFIR subreddit, but the Malware + computerforensics seem to be close enough.
    Malware has ~18,000 readers .
    computerforensics has ~15,000 readers.
  • Peerlyst
    This is a dedicated community of security professionals, a new platform by itself, seems to have nice traction (according to similarweb has ~70,000 K unique visitors a month)
  • Facebook
    I guess this medium is less suitable for DFIR community, I did not find any significant FB group on that subject.
    The SANS page seems to have many “likes” but does not appear to be a real community driven group, just a SANS page:
  • GitHub
    Open source projects are also a great way to build communities on top, one niche part of it is a concept called “awesome lists” which are collections (usually of tools/products) in a certain domain.
    I find it useful to keep track of all the new/main tools in a certain field, I have created such a list focused at DFIR, today it has around ~600 GitHub stars and ~130 forks, and is open for contributions:

If you think there are more communities out there relevant, please share.

If you see a need of a DFIR community in a new platform, feel free to share with us on twitter @demistoinc

Posted by: Meir Wahnon (twitter: @meirwah, blog: https://medium.com/@meirwah/)


Join Our Community