This room introduced me to the world of Digital Forensics and Incident Response (DFIR). I learned the basics of what DFIR entails, the tools and processes used, and how forensic investigations are different from live monitoring or SIEM analysis. It provided an overview of how analysts collect, preserve, and analyze digital evidence.
Going through this material gave me a solid foundation for the rest of the DFIR path on TryHackMe. It made clear how DFIR ties into the bigger picture of cybersecurity—helping organizations not only detect incidents but also investigate them thoroughly and learn from what happened.
