Brett's Ramblings
"I don’t want to learn. Just give me the answer."
Figure it out
It’s been more than a few years since I was in the Marines, even though it still feels like yesterday. Although it has been decades (has it really been that long?), it seems that I am still learning lessons today that the Marine Corps exposed me to back then. I mean that in the sense that many times I come across an obstacle in life or work that is solved by falling back on the little things I learned way-back-when. One of the biggest lessons I ever learned: Figure it out.
I give credit to technology for making our lives easier, which doesn’t always mean for the better. If you don’t know something, you can ask Google and get the answer. In fact, as you type your question, Google practically reads your mind and finishes your question for you while at the same time, giving you an answer. I believe that this part of technology is a disservice, especially those in the DFIR field because being told the answer is not the most important thing compared to personally finding the answer. It is the journey, not the destination.
My first response to being asked “how to do something” is “Did you try everything you know before asking me?” Whether it is a student or a peer, if I am asked a question, I naturally assume that everything possible was tried before asking me. If not, I question the question of asking in the first place because asking without trying to figure it out yourself is simply asking for the answer. You are asking to get to your destination without taking the journey. You are asking someone to do your homework for you. This is the easy way, the wrong path to take, and will gradually put a cap on your skills. Try before asking. Then try again. At some point you will run out of different attempts and then when you ask, I know (or will assume) that you tried everything you know how to try. Hopefully before that comes, you will find the answer before asking for your sake. Giving the answer will not be helpful if you have the ability to figure it out yourself. By the way, it is way easier for me to answer a question than it is to push and prod for the student to figure it out. Answering takes me 15 seconds while being patient to watch the process can take a lot longer...
I teach the Figure It Out* method because the Eureka! moments are those times where you learn something that you will never forget. It is embedded into your cranial cavity as if you were the first person to ever discover that answer. In reality, everyone could have known the answer before you, but as far as your brain is concerned, you did it first and therefore, will remember it forever because you discovered it. This doesn’t work if someone tells you that “C” is the correct answer. You will forget being given “C” as the answer minutes afterward but you will remember the “Ah ha!” discovery for a lifetime. You will actually be able to figure out more problems because of increased confidence. It's a good cycle to be in.
But, I have found that some people don’t want to take the journey to discovery. They truly just want the answer for a varied number of reasons, which are technically defined as excuses. Procrastination is not a reason. Laziness is not a reason. Not caring is not a reason. Because Google answers it for you is not a reason. I tend to feel that we need ‘figuring it out by yourself’ as a high school class, where cell phones are not allowed, nor any Internet, in order to teach that using our own brain is what solves problems.
As far as how the Marines do it….when given the order to “Have your squad at this point by 0300” or "get across that river in the next 45 minutes", there were no answers on how to do it, what to take, what to eat, what to wear, or when to leave. There were no expectations of failure or answers to what happens if you fail. No Google either. Simply, you are given a mission and you figure out how to complete it. That is what we do in DFIR. We figure it out. We have to.
How to figure it out
I'd be remiss in not giving some guidance on how to figure it out, or at least how to ask a question. Firstly, depending on what you are doing, figuring it out is going to be different every time. Basically;
1. Read the instructions, try and fail.
2. Figure out where the problem started and,
3. Try again. If fail..
4. Go back, read the instructions and guides again, try to find where the error may be solved.
5. Try again. If fail...
6. Get online and search. Forums, support/chat rooms, email lists. Find someone who has documented the same problem.
7. Try the suggestions that you found. If fail...
8. Put together your question. Do not ever ask, "Hey, this thing doesn't work. Can you make it work for me?". Rather, write up your question like a mini-research project:
-"I wanted to do this."
-"But I got this error."
-"So I tried this and got this error."
-"Then I searched for an answer and found these suggestions."
-"I tried again with the suggestions and got this error."
-"I don't know what else to try. Can you point me in the right direction?"
When I get a question like this in class, I am happy. Maybe a few more tries would have done it, but there is a point where if each try is simply repeating the exact process without changes, it is time to stop and ask. Part of the learning process in DFIR is self-learning. That which you cannot teach yourself, take a course in that topic. Read books. Engage in conversations about the topic. Practice and research. The last thing that should on your mind is thinking that "I'll just ask for the answer" without first making some effort to learn first.
*I can't claim credit for the "Figure It Out" method, since it was yelled at me by many senior Marines until I Figured It Out.
About the author
Comments
By accepting you will be accessing a service provided by a third-party external to https://www.brettshavers.com/
Posts List
Tag Cloud
Search Blog
Most popular posts
Magnet Forensics Conversation
DFIR Training
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
Even better, support DFIR Training by subscribing at https://www.dfir.training/subscribe-3 and get access to multiple online courses in digital forensics with included ebooks!
More posts
-
When OSINT is turned into the Baseball Bat of Internet Mob Justice
We are of a curious mind, we the forensic examiners, private investigators, OSINT professionals, and journalists. Our work is for the public good, and we…
Thursday January 14
6616 hits / 0 comments
-
I took a look at Instagram's Terms of Service so that you won't have to.
Who really reads the Terms of Service anyway?Are EULAs and TOSs intentionally designed as multi-page, single-spaced, 4 font, legalized writing to confuse users or simply…
Saturday December 26
8546 hits / 0 comments
-
White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user
I read an article that China used technology to spy on users via their phones (https://www.theguardian.com/us-news/2020/dec/15/revealed-china-suspected-of-spying-on-americans-via-caribbean-phone-networks). Here is my white paper analysis.#1 - If...
Wednesday December 16
4701 hits / 0 comments
-
How long does it take to get into the DFIR field?
Question I received: How long does it take before I can expect to get into a DFIR career?Answer: It depends!It depends on your available resources +…
Thursday November 12
14901 hits / 0 comments
-
An expert is just one page in a book ahead of you
Let me dispel your notion of what an “expert” is. An expert is someone who has more information than you. That’s it. Imagine being stranded…
Friday October 30
5832 hits / 0 comments
-
Should you improve your DFIR skills on your personal time?
Almost two years ago, I wrote about burning out in DFIR (“Only race cars should burn out"). I still stand by what I wrote at…
Friday September 04
28430 hits / 0 comments
-
TikTok is like a big, greasy cheeseburger. We know it is bad for us, but don't care.
Short version: Any social media platform can be compared to the biggest, greasiest cheeseburger that you can find. You know that the cheeseburger is unhealthy,…
Tuesday July 07
24033 hits / 0 comments
-
Jessica Hyde and I talk about forensic stuff
Jessica Hyde of Magnet Forensics sat down together (virtually...) to talk about forensics. In case you missed it, here it is!
Thursday June 11
10751 hits / 0 comments
-
Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection
A “new” article on imposter Facebook accounts was published today in the Philippines. I put “new” in quotes because this is not a new issue,…
Sunday June 07
2671 hits / 0 comments
-
You do not want to work in DFIR.
The fantasySo many people ask how they can start a career in the DF/IR field, which is completely understandable. The glamour is there. Hollywood shows…
Thursday June 04
3295 hits / 0 comments
-
COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned.
The meat and potatoesA bit is still a bit and a byte is still a byte. COVID-19 cannot change that, which means that the technical…
Saturday April 25
16870 hits / 0 comments
-
Mini-WinFE 10 and WinFE 10 Updated
The short story on the newest Mini-WinFE 10 (aka, the download link):Mini-WinFE has been updated and upgraded. I update WinFE developments (including the downloads for…
Sunday April 05
10838 hits / 2 comments
-
Eat your broccoli first
Something good and something not-so-good on learning DFIRThe good thing about learning DFIR is that there are probably fewer barriers and obstacles to learn and…
Saturday January 18
30983 hits / 0 comments
-
The Second Decade of the 2000s is almost over!
We’ve come a long way in DFIR over the past 20 years, and even looking at just the past decade, the field has drastically grown!…
Thursday December 26
10728 hits / 0 comments
-
Public Records
I have an outstanding public records request. It is not "outstanding" in the manner that I wrote a great request, but "outstanding" in that I…
Thursday December 12
5231 hits / 0 comments
-
The Five Stages of the DFIR Career Grief Cycle
I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig,…
Tuesday September 10
36773 hits / 0 comments
-
Our World is Going to Turn Upside Down with DeepFakes
The short storyAny person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with any…
Sunday September 01
4467 hits / 0 comments
-
If you are comfortable in DFIR, you might be doing it wrong
I took a 3-day basic forensic course and embarrassingly enough, the instructor (in front of the class), said that I probably know everything in the…
Thursday August 29
4812 hits / 0 comments
-
Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp
You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits. In fact, you can probably enjoy the…
Saturday August 17
6443 hits / 0 comments
-
Personality of a computer
From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the…
Wednesday July 31
5108 hits / 0 comments
© 2021 Brett Shavers