Tell me about yourself .

The first round will be easy and most of them will be able to make it. I had cleared the first round of interview with ease. First round only information about your resume and experience nothing technical, you may expect some behavioral question. Second Technical round will be tough and it will mostly contain situation based and technical questions. The technical round interview completely depends on the background of the interviewer. In my case the position was about Incident Response but mostly the question asked from me was from Forensic Investigation and mix of Incident Response and general technical question. I will post all the list of the technical question at last. From my experience I was able to answer most of them but the answer quality and expectation differ from different experienced professionals. I was interviewed with 25 years of Forensic Investigation experienced professional and pioneer in the cyber industry. So the answer which i gave was elementary explanation and are correct but not to quench the thirst of experienced professional. Be prepared according to the background of the interviewer and learn at every stage ahead, you may be able to crack all the interviews at right time and right day with all the knowledge and situation in favor of yours. In my case I was trying to explain the 25 year professional experienced interviewer and at last it seems that I was not able to convince him for the third and final round. Keep the high spirit folks, you may one day surely able to crack your interview. Just wait for the right time. The following questions were asked: How to generate the forensic image of the os? Where is the registry in windows? How about investigating with the log file through command line? Where is the syslog located in windows? How about investigating the CEO receiving a phishing email and analyzing it? How about windows user in the environment logging in to the server? How will you analyze the log? Where would you find the log on the Linux server or Linux machine? If the internal employee has posted valuable information on the public domain how will you handle that and trackback? How will you analyze the log with has 6 millions of line of code and want to figure out with ip address and with command line? How would you create a forensic image of the mac os? If anyone of the employees in the company plug the USB drive and store the valuable information from the laptop? How will you find that? What if the information from the S3 in AWS is stored without password and how will you determine that information been compromised by the different people (inside and outside)? What will you do to perform penetration testing? If any information is compromised or attacked how ill you know whether it is internal intruders or external intruders? Is there any way to retrieve the locked file from the bit locker? All the interview were through telephonic. I got the interview through employee referral. My experience was great and the interviewer who took my interview was humble, polite and friendly. I was able to remember as much as I can. Please ignore any grammatical mistake. I guess it helps you in some way to prepare for your interview. If you think it helped then please leave a positive comment and share your story.