Lot of people asking how to gain forensics skills right off the street now. I got myself into this 🤷🏻‍♀️🍸. Best way to start to learn forensics is to *do it on your own Windows computer* (preferably physical). Start with basic sysinternals tools. @markrussinovich’s books are great.

You have a handy piece of evidence to examine right in front of you, and understanding how your own activity appears in memory, registry, caches, and MFT can often be much more memorable and educational than some VM lab. Lots of great free Windows forensics tools out there.

The tools we use day to day to do memory forensics are widely free, like Volatility. Disk forensics is still kind of controlled by a few expensive software powerhouses, but just learning how your own computer stores, processes, executes is a huge educational leap forward.