Kroll Experts

Devon Ackerman

Managing Director, CYBER RISK

North America

Kroll
Kroll Associates, Inc.
2 Emerson Lane, Suite 200
Secaucus, NJ 07094
USA

Devon Ackerman is a Managing Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, based in Secaucus. Devon is an authority on digital forensics and has extensive experience in the investigation and remediation of cyber-related threats and incidents from his years with the Federal Bureau of Investigation as well as in the private sector. In his current role, Devon leads engagements for clients across a wide range of industries involving investigative digital forensics, intrusion response (unauthorized access), and malware analysis. He also serves as a Senior Forensic Science Team Lead, where he conducts and oversees digital evidence collection, triage, and preservation.

Devon’s extensive cyber investigative experience includes physical and cyber-based corporate espionage and sabotage investigations; ransomware and malware cyber intrusion events; unauthorized user access; PII and PHI compromise; malicious spear phishing and whaling campaigns; Office 365 and G Suite compromises and related log analytics; data destruction events; breach response; and other events involving misuse of networked endpoints and infrastructure.

Devon joined Kroll from the FBI, where he was a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner in the Digital Evidence Field Operations Unit. In this role, he oversaw and coordinated all FBI Digital Forensics-related field operations across the United States, spanning a variety of matters such as domestic terrorism, mass shootings, critical incident response events, and large-scale electronic evidence collections. Devon has also provided expert witness testimony in federal and state courts.

During this time, Devon developed a number of forensic tools that are still widely used. He was also the course material revision architect and co-author for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums. He began his career with the FBI in 2008, where he co-founded the FBI’s first North Carolina Cyber Security and Intrusion Working Group (eShield).

Selected Media Appearances

  • “It’s Cloud First, as Companies Scramble to Fix Latest Computer Bugs,” Wall Street Journal Pro Cybersecurity
  • “Forensically Sound Incident Response in Microsoft’s Office 365,” Forensic Lunch with David Cowen
  • “Intel Corporation Security Flaw – Spectre and Meltdown,” Legaltech News
  • “Critical Computer Flaws Set up Security Challenge in Washington,” The Hill
  • “Massive Hack That Hit DLA Piper, Others May Be New Norm,” Law360
  • “Petya Ransomware Attack,” Wall Street Journal
  • “Your Law Firm Got Hacked. What Do You Do Now?” Legaltech News

Publications

  • Digital Forensics/Incident Response - The Definitive Compendium Project
  • Digital Evidence - A Critical Response Workflow
  • Special Agents in CART - Investigative Forensic Examiners
  • Computer Analysis Response Team - Professional Development Career Ladder

Representative Speaking Engagements and Presentations

  • “Forensics, Insider Threats, and the state of Cyber Law in America,” University of Chapel Hill, North Carolina
  • “The Emerging Law of Active Cyber Defense” panel for Privacy + Security Forum 2017, Washington, D.C.
  • “Cyber Threats and Trends for Data Centers,” Association for Computer Operations Management (AFCOM) 2017
  • “Enemy in the Ranks - Corporate Espionage,” Katalyst Summit 2017
  • “Cyber Threats and Trends for Elected Officials,” Illinois House of Representatives, Springfield, Illinois
  • “State of the Hack,” Contingency Planning Association of the Carolinas (CPAC), Charlotte, North Carolina
  • “Digital Forensics in the FBI,” to Belgian Federal Police delegation; also to New South Wales delegation
  • “Digital Forensic Capabilities of the 21st Century FBI,” to Turkish cyber leadership and accompanying foreign delegation officials; also to Bulgarian foreign delegation officials
  • “Digital Evidence and Federal Law,” Methodist University
  • “Cyber Threats and Trends,” North Carolina chapter, AFCOM
  • “Federal Cyber Law and Digital Forensics,” Campbell University

Education & Certifications

  • M.S., magna cum laude, Digital Forensic Science, Champlain College
  • B.S., magna cum laude, Computer & Information Systems, Digital Forensics emphasis, Champlain College
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Forensic Examiner (GCFE)
  • Certified Forensic Computer Examiner (CFCE)
  • Cyber Investigator Certification Program (CICP)
  • Certified Computer Examiner (CCE)

Affiliations & Memberships

  • International Association of Computer Investigative Specialists
  • International Society of Forensic Computer Examiners
  • FBI North Carolina Cyber Security and Intrusion Working Group (eShield)
  • Scientific Working Group on Digital Evidence (2013 - 2016)
  • FBI AccessData and Live Capture Subject Matter Expert Groups (2012 - 2016)
  • Anti-Phishing Working Group (2008 - 2013)

Awards & Recognition

  • Forensic 4:Cast 2018 Digital Forensic Investigator of the Year
  • Citation for Special Achievement, Director of the FBI
  • Certificate of Recognition, Operational Technology Division
  • Department of Defense Intelligence Award
  • SANS Lethal Forensicator Award
  • 2011 National Counterintelligence Award for Insider Threat Team

Forensic Tool Development - Collaboration

  • LECmd (Link .lnk Explorer) and PECmd (Prefetch .pf Explorer)
  • Registry Explorer and Windows Registry ShellBag Explorer
  • eMule Parser
  • FTK/LAB v5.1 Report Optimization Tool (underlying coding and styling adopted by AccessData Group Inc., as official in commercial releases >v5.1 of their forensic suite software)
  • osTriage v2 Live Response & Triage Tool
  • Sanderson Forensics’ Reconnoitre
  • FTK/LAB v4.0 and v5.0 Report Cleanup Tool
 

More from Devon Ackerman

There are no items available.