How to Become a Better DFIR Analyst

The author of the post works as a DFIR (Digital Forensics and Incident Response) analyst and sometimes struggles to respond to incidents or identify IOCs (Indicators of Compromise) and logs to analyze. They wonder how to improve their skills and reflexes and question the usefulness of practicing with DFIR-dedicated machines like Hackthebox and Sherlock, reading books, or waiting to gain more field experience. They also mention discussing with their supervisor the possibility of taking the SANS FOR508 training but find it expensive and difficult to justify.