Devon Ackerman

In his current role, Devon leads engagements for clients across a wide range of industries involving investigative digital forensics, intrusion response (unauthorized access), and malware analysis. He also serves as a Senior Forensic Science Team Lead, where he conducts and oversees digital evidence collection, triage, and preservation.

Devon’s extensive cyber investigative experience includes physical and cyber-based corporate espionage and sabotage investigations; ransomware and malware cyber intrusion events; unauthorized user access; PII and PHI compromise; malicious spear phishing and whaling campaigns; Office 365 and G Suite compromises and related log analytics; data destruction events; breach response; and other events involving misuse of networked endpoints and infrastructure.

Devon joined Kroll from the FBI, where he was a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner in the Digital Evidence Field Operations Unit. In this role, he oversaw and coordinated all FBI Digital Forensics-related field operations across the United States, spanning a variety of matters such as domestic terrorism, mass shootings, critical incident response events, and large-scale electronic evidence collections. Devon has also provided expert witness testimony in federal and state courts.

During this time, Devon developed a number of forensic tools that are still widely used. He was also the course material revision architect and co-author for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums. He began his career with the FBI in 2008, where he co-founded the FBI’s first North Carolina Cyber Security and Intrusion Working Group (eShield).

Selected Media Appearances

• “UnitedHealth Begins Testing Restored Change Healthcare Claims Platform”, Wall Street Journal Pro Cybersecurity
• “Opportunism, Targeted Attacks, Outright Destruction and Possible Violence: The Changing Face of Cybercrime”, Enterprise Security
• “Incident Response Meets Governance Risk and Compliance (GRC) in Digital Forensics”, GRC Outlook magazine
• “It’s Cloud First, as Companies Scramble to Fix Latest Computer Bugs”, Wall Street Journal Pro Cybersecurity
• “Forensically Sound Incident Response in Microsoft’s Office 365”, Forensic Lunch with David Cowen
• “Devon Ackerman on Protecting the Castle Walls from Ransomware”, Cybercrime Radio Podcast (Cybercrime Magazine)
• “Intel Corporation Security Flaw – Spectre and Meltdown”, Legaltech News
• “Critical Computer Flaws Set up Security Challenge in Washington”, The Hill
• “Massive Hack That Hit DLA Piper, Others May Be New Norm”, Law360
• “Petya Ransomware Attack”, Wall Street Journal
• “Your Law Firm Got Hacked. What Do You Do Now?”, Legaltech News 

Publications

• Digital Forensics/Incident Response - The Definitive Compendium Project
• Digital Evidence - A Critical Response Workflow
• Special Agents in CART - Investigative Forensic Examiners
• Computer Analysis Response Team - Professional Development Career Ladder
• Representative Speaking Engagements and Presentations
• “Forensics, Insider Threats, and the state of Cyber Law in America,” University of Chapel Hill, North Carolina
• “The Emerging Law of Active Cyber Defense” panel for Privacy + Security Forum 2017, Washington, D.C.
• “Cyber Threats and Trends for Data Centers,” Association for Computer Operations Management (AFCOM) 2017
• “Enemy in the Ranks - Corporate Espionage,” Katalyst Summit 2017
• “Cyber Threats and Trends for Elected Officials,” Illinois House of Representatives, Springfield, Illinois
• “State of the Hack,” Contingency Planning Association of the Carolinas (CPAC), Charlotte, North Carolina
• “Digital Forensics in the FBI,” to Belgian Federal Police delegation; also to New South Wales delegation
• “Digital Forensic Capabilities of the 21st Century FBI,” to Turkish cyber leadership and accompanying foreign delegation officials; also to Bulgarian foreign delegation officials
• “Digital Evidence and Federal Law,” Methodist University
• “Cyber Threats and Trends,” North Carolina chapter, AFCOM
• “Federal Cyber Law and Digital Forensics,” Campbell University

Education and Certifications

• M.S., magna cum laude, Digital Forensic Science, Champlain College
• B.S., magna cum laude, Computer & Information Systems, Digital Forensics emphasis, Champlain College
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Forensic Examiner (GCFE)
• Certified Forensic Computer Examiner (CFCE)
• Cyber Investigator Certification Program (CICP)
• Certified Computer Examiner (CCE)

Affiliations and Memberships

• International Association of Computer Investigative Specialists
• International Society of Forensic Computer Examiners
• FBI North Carolina Cyber Security and Intrusion Working Group (eShield)
• Scientific Working Group on Digital Evidence (2013 - 2016)
• FBI AccessData and Live Capture Subject Matter Expert Groups (2012 - 2016)
• Anti-Phishing Working Group (2008 - 2013)

Awards and Recognition

• Forensic 4:Cast 2018 Digital Forensic Investigator of the Year
• Citation for Special Achievement, Director of the FBI
• Certificate of Recognition, Operational Technology Division
• Department of Defense Intelligence Award
• SANS Lethal Forensicator Award
• 2011 National Counterintelligence Award for Insider Threat Team

Forensic Tool Development - Collaboration

• LECmd (Link .lnk Explorer) and PECmd (Prefetch .pf Explorer)
• Registry Explorer and Windows Registry ShellBag Explorer
• eMule Parser
• FTK/LAB v5.1 Report Optimization Tool (underlying coding and styling adopted by AccessData Group Inc., as official in commercial releases >v5.1 of their forensic suite software)
• osTriage v2 Live Response & Triage Tool
• Sanderson Forensics’ Reconnoitre
• FTK/LAB v4.0 and v5.0 Report Cleanup Tool