Devon Ackerman is a managing director with Kroll's Cyber Risk practice, based in New York. Devon is an authority on digital forensics and has extensive experience in the investigation and remediation of cyber-related threats and incidents from his years with the Federal Bureau of Investigation as well as in the private sector. In his current role, Devon leads engagements for clients across a wide range of industries involving investigative digital forensics, intrusion response (unauthorized access), and malware analysis. He also serves as a Senior Forensic Science Team Lead, where he conducts and oversees digital evidence collection, triage, and preservation.

Devon’s extensive cyber investigative experience includes physical and cyber-based corporate espionage and sabotage investigations; ransomware and malware cyber intrusion events; unauthorized user access; PII and PHI compromise; malicious spear phishing and whaling campaigns; Office 365 and G Suite compromises and related log analytics; data destruction events;breach response; and other events involving misuse of networked endpoints and infrastructure.

Devon joined Kroll from the FBI, where he was a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner in the Digital Evidence Field Operations Unit. In this role, he oversaw and coordinated all FBI Digital Forensics-related field operations across the United States, spanning a variety of matters such as domestic terrorism, mass shootings, critical incident response events, and large-scale electronic evidence collections. Devon has also provided expert witness testimony in federal and state courts.

During this time, Devon developed a number of forensic tools that are still widely used. He was also the course material revision architect and co-author for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums. He began his career with the FBI in 2008, where he co-founded the FBI’s first North Carolina Cyber Security and Intrusion Working Group (eShield).


Selected Media Appearances
  • “It’s Cloud First, as Companies Scramble to Fix Latest Computer Bugs,” Wall Street Journal Pro Cybersecurity
  •  “Forensically Sound Incident Response in Microsoft’s Office 365,” Forensic Lunch with David Cowen
  •  “Intel Corporation Security Flaw – Spectre and Meltdown,” Legaltech News
  •  “Critical Computer Flaws Set up Security Challenge in Washington,” The Hill
  •  “Massive Hack That Hit DLA Piper, Others May Be New Norm,” Law360
  •  “Petya Ransomware Attack,” Wall Street Journal
  •  “Your Law Firm Got Hacked. What Do You Do Now?” Legaltech News


  • Digital Forensics/Incident Response - The Definitive Compendium Project
  • Digital Evidence - A Critical Response Workflow
  • Special Agents in CART - Investigative Forensic Examiners
  • Computer Analysis Response Team - Professional Development Career Ladder
  • Representative Speaking Engagements and Presentations
  • “Forensics, Insider Threats, and the state of Cyber Law in America,” University of Chapel Hill, North Carolina
  • “The Emerging Law of Active Cyber Defense” panel for Privacy + Security Forum 2017, Washington, D.C.
  • “Cyber Threats and Trends for Data Centers,” Association for Computer Operations Management (AFCOM) 2017
  • “Enemy in the Ranks - Corporate Espionage,” Katalyst Summit 2017
  • “Cyber Threats and Trends for Elected Officials,” Illinois House of Representatives, Springfield, Illinois
  • “State of the Hack,” Contingency Planning Association of the Carolinas (CPAC), Charlotte, North Carolina
  • “Digital Forensics in the FBI,” to Belgian Federal Police delegation; also to New South Wales delegation
  • “Digital Forensic Capabilities of the 21st Century FBI,” to Turkish cyber leadership and accompanying foreign delegation officials; also to Bulgarian foreign delegation officials
  • “Digital Evidence and Federal Law,” Methodist University
  • “Cyber Threats and Trends,” North Carolina chapter, AFCOM
  • “Federal Cyber Law and Digital Forensics,” Campbell University


Education and Certifications
  • M.S., magna cum laude, Digital Forensic Science, Champlain College
  • B.S., magna cum laude, Computer & Information Systems, Digital Forensics emphasis, Champlain College
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Forensic Examiner (GCFE)
  • Certified Forensic Computer Examiner (CFCE)
  • Cyber Investigator Certification Program (CICP)
  • Certified Computer Examiner (CCE)


Affiliations & Memberships
  • International Association of Computer Investigative Specialists
  • International Society of Forensic Computer Examiners
  • FBI North Carolina Cyber Security and Intrusion Working Group (eShield)
  • Scientific Working Group on Digital Evidence (2013 - 2016)
  • FBI AccessData and Live Capture Subject Matter Expert Groups (2012 - 2016)
  • Anti-Phishing Working Group (2008 - 2013)


Awards & Recognition
  • Forensic 4:Cast 2018 Digital Forensic Investigator of the Year
  • Citation for Special Achievement, Director of the FBI
  • Certificate of Recognition, Operational Technology Division
  • Department of Defense Intelligence Award
  • SANS Lethal Forensicator Award
  • 2011 National Counterintelligence Award for Insider Threat Team


Forensic Tool Development - Collaboration
  • LECmd (Link .lnk Explorer) and PECmd (Prefetch .pf Explorer)
  • Registry Explorer and Windows Registry ShellBag Explorer
  • eMule Parser
  • FTK/LAB v5.1 Report Optimization Tool (underlying coding and styling adopted by AccessData Group Inc., as official in commercial releases >v5.1 of their forensic suite software)
  • osTriage v2 Live Response & Triage Tool
  • Sanderson Forensics’ Reconnoitre
  • FTK/LAB v4.0 and v5.0 Report Cleanup Tool
Ackerman /en/our-team/devon-ackerman /-/media/kroll/images/headshots/managing-directors/devon-ackerman.ashx people {78D3F940-BF08-40FB-A7F6-B55FB2D9165B} {3C7B541B-9C46-4B7C-B32F-5171B3FA949B} {A3B7E209-8F10-4915-AF25-183D9A8364FC} {1AB4A94D-BDC5-4744-81D9-A9DF250E9807} {2DEEE4D2-8278-4C50-B3FF-1563BB257804}

Related Services

Cyber Risk

Cyber Risk

End-to-end cyber security services provided by unrivaled experts.

Cyber Risk