Devon Ackerman is a managing director and head of incident response for North America with Kroll's Cyber Risk practice, based in New York. Devon is an authority on digital forensics and has extensive experience in the investigation and remediation of cyber-related threats and incidents from his years with the Federal Bureau of Investigation as well as in the private sector. In his current role, Devon leads engagements for clients across a wide range of industries involving investigative digital forensics, intrusion response (unauthorized access), and malware analysis. He also serves as a Senior Forensic Science Team Lead, where he conducts and oversees digital evidence collection, triage, and preservation.
Watch Managing Director Devon Ackerman discuss the role endpoint detection and response should play in cyber risk in 2021.
Devon’s extensive cyber investigative experience includes physical and cyber-based corporate espionage and sabotage investigations; ransomware and malware cyber intrusion events; unauthorized user access; PII and PHI compromise; malicious spear phishing and whaling campaigns; Office 365 and G Suite compromises and related log analytics; data destruction events;breach response; and other events involving misuse of networked endpoints and infrastructure.
Devon joined Kroll from the FBI, where he was a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner in the Digital Evidence Field Operations Unit. In this role, he oversaw and coordinated all FBI Digital Forensics-related field operations across the United States, spanning a variety of matters such as domestic terrorism, mass shootings, critical incident response events, and large-scale electronic evidence collections. Devon has also provided expert witness testimony in federal and state courts.
During this time, Devon developed a number of forensic tools that are still widely used. He was also the course material revision architect and co-author for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums. He began his career with the FBI in 2008, where he co-founded the FBI’s first North Carolina Cyber Security and Intrusion Working Group (eShield).
Selected Media Appearances
- “It’s Cloud First, as Companies Scramble to Fix Latest Computer Bugs,” Wall Street Journal Pro Cybersecurity
- “Forensically Sound Incident Response in Microsoft’s Office 365,” Forensic Lunch with David Cowen
- “Intel Corporation Security Flaw – Spectre and Meltdown,” Legaltech News
- “Critical Computer Flaws Set up Security Challenge in Washington,” The Hill
- “Massive Hack That Hit DLA Piper, Others May Be New Norm,” Law360
- “Petya Ransomware Attack,” Wall Street Journal
- “Your Law Firm Got Hacked. What Do You Do Now?” Legaltech News
- Digital Forensics/Incident Response - The Definitive Compendium Project
- Digital Evidence - A Critical Response Workflow
- Special Agents in CART - Investigative Forensic Examiners
- Computer Analysis Response Team - Professional Development Career Ladder
- Representative Speaking Engagements and Presentations
- “Forensics, Insider Threats, and the state of Cyber Law in America,” University of Chapel Hill, North Carolina
- “The Emerging Law of Active Cyber Defense” panel for Privacy + Security Forum 2017, Washington, D.C.
- “Cyber Threats and Trends for Data Centers,” Association for Computer Operations Management (AFCOM) 2017
- “Enemy in the Ranks - Corporate Espionage,” Katalyst Summit 2017
- “Cyber Threats and Trends for Elected Officials,” Illinois House of Representatives, Springfield, Illinois
- “State of the Hack,” Contingency Planning Association of the Carolinas (CPAC), Charlotte, North Carolina
- “Digital Forensics in the FBI,” to Belgian Federal Police delegation; also to New South Wales delegation
- “Digital Forensic Capabilities of the 21st Century FBI,” to Turkish cyber leadership and accompanying foreign delegation officials; also to Bulgarian foreign delegation officials
- “Digital Evidence and Federal Law,” Methodist University
- “Cyber Threats and Trends,” North Carolina chapter, AFCOM
- “Federal Cyber Law and Digital Forensics,” Campbell University
Education and Certifications
- M.S., magna cum laude, Digital Forensic Science, Champlain College
- B.S., magna cum laude, Computer & Information Systems, Digital Forensics emphasis, Champlain College
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensic Examiner (GCFE)
- Certified Forensic Computer Examiner (CFCE)
- Cyber Investigator Certification Program (CICP)
- Certified Computer Examiner (CCE)
Affiliations and Memberships
- International Association of Computer Investigative Specialists
- International Society of Forensic Computer Examiners
- FBI North Carolina Cyber Security and Intrusion Working Group (eShield)
- Scientific Working Group on Digital Evidence (2013 - 2016)
- FBI AccessData and Live Capture Subject Matter Expert Groups (2012 - 2016)
- Anti-Phishing Working Group (2008 - 2013)
Awards and Recognition
- Forensic 4:Cast 2018 Digital Forensic Investigator of the Year
- Citation for Special Achievement, Director of the FBI
- Certificate of Recognition, Operational Technology Division
- Department of Defense Intelligence Award
- SANS Lethal Forensicator Award
- 2011 National Counterintelligence Award for Insider Threat Team
Forensic Tool Development - Collaboration
- LECmd (Link .lnk Explorer) and PECmd (Prefetch .pf Explorer)
- Registry Explorer and Windows Registry ShellBag Explorer
- eMule Parser
- FTK/LAB v5.1 Report Optimization Tool (underlying coding and styling adopted by AccessData Group Inc., as official in commercial releases >v5.1 of their forensic suite software)
- osTriage v2 Live Response & Triage Tool
- Sanderson Forensics’ Reconnoitre
- FTK/LAB v4.0 and v5.0 Report Cleanup Tool
Cyber Risk Assessments
Delivering actionable recommendations using the best technology and expertise available.
Incident Response and Litigation Support
Elite investigators provide rapid, expert responses to support any cyber incident or litigation.
24x7 Endpoint Detection and Response
Combining advanced AI and analyst-driven threat hunting deep incident response expertise.
Kroll CyberDetectER® - Cyber Threat Detection and Response
Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.
Enhanced Elasticsearch Security – 10 Hardening Recommendations to Help Avoid Exploits
Evolving World of Cybercrime – Banking Trojans and Ransomware Deployment
Understanding and Fighting Against Banking Trojans – The Monitor, Issue 4
Ryuk and the Resurgence of Ransomware – The Monitor, Issue 2
Office 365 Business Email Compromise Investigation Leads to Stronger Security
Planned Methodology for Forensically Sound Incident Response in Office 365
Kroll Expands Cyber Risk Offering with Acquisition of Redscan
Kroll Named a Cyber Security Services Pacesetter by ALM Intelligence
Kroll Recognized Among Top Managed Security Service Providers Worldwide by MSSP Alert
Alan Brill Discusses Ransomware Attack with Information Security Media Group