Home / Contributors

Devon Ackerman

is the digital forensicator and incident responder behind the DFIR Definitive Compendium Project.  Currently employed as an Associate Managing Director with Kroll’s Cyber Security and Investigations practice.  Devon (@AboutDFIR) is an authority on digital forensics and incident response and has extensive experience in the investigation and remediation of cyber-related threats and incidents from his years with the Federal Bureau of Investigation as well as in the private sector.  Devon joined Kroll from the FBI, where he was a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner in the Digital Evidence Field Operations Unit of Operational Technology Division.  In this role, he had responsibility for oversight and coordination in FBI Digital Forensics-related field operations across the United States, spanning a variety of matters such as domestic terrorism, mass shootings, critical incident response events, and large-scale electronic evidence collections.  In addition, Devon has provided expert witness testimony in federal and state courts.   Devon has collaborated on the development of a number of widely used forensic tools.  He was also the course material revision architect and co-author of approximately 80 hours of instructional material for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums.  He has spoken at the annual SANS DFIR Summit, been awarded Digital Forensic Investigator of the Year, has been published in PenTest Magazine.  In addition to presenting on technical topics to colleagues, computer scientists, and forensic examiner trainees at the FBI Academy in Quantico, Devon has spoken at numerous industry and educational conferences.  He began his career with the FBI in 2008, where he later co-founded the FBI’s first North Carolina Cyber Security and Intrusion Working Group (eShield).  Before joining the FBI, Devon owned and operated his own technical services firm for six years, specializing in managing the technology needs of corporate clients, to include desktop, laptop, and server IT solutions.

Mary Ellen Kennel

is a current contributor to the DFIR Definitive Compendium Project as of 2017 and is employed as Vice President, Incident Response in the Financial Industry.  Prior to her current work, Mary Ellen (@icanhaspii) was a Senior Cyber Threat Analyst at First Data and before that a Senior Consultant with AccessData’s Incident Response and Digital Forensics Professional Services Division.  Mary Ellen has over 10 years of experience in the field and has performed numerous investigations for Fortune 500 companies regarding possible hacking, breach, ip-theft, and data compromise.  Her tasks and responsibilities include analysis of the evidence for case relevance, documentation of case findings, malware analysis, and executive summary report writing.  Mary Ellen has been published and featured in “Hakin9” Magazine, and has been awarded “Super Honorable Mention” from the annual SANS Holiday Hack Challenge.  Mary Ellen is adept at relaying technical terms to non-technical people and has presented to the United States Secret Service and the United States Postal Inspectors.  Mary Ellen was a contributing author for SANS Institute’s SEC565 “Data Leak Prevention” course and has held the role of SANS Advisory Board Member.  She is a graduate of NYU’s IT Security program with a GPA of 4.0; courses including but not limited to: Advanced IT Security, Fast Track CISSP, Firewalls/Packet Analysis, and Network Intrusion Detection: Hacking Understood.  Lastly, Mary Ellen is a Mennonite from Lancaster County and author of the Manhattan Mennonite Blog, and she once won an award for building a computer from scratch in 10 minutes and 38 seconds. Background

What launched in 2014 as a Google Sheet with single category of information tracking fewer than 30 DFIR-related certifications, the Digital Forensics / Incident Response – The Definitive Compendium Project has grown over the years into an expansive project worthy of its name.  Now consisting of more than 20 categories of DFIR-related information, it is one of the single, largest compendiums of DFIR information known to exist on the Internet where the content has been culled by its authors on a per/link and resource basis, not by taking from others.

The Digital Forensics and Incident Response industries are growing every month, if not every week. Whether you are looking for trends reports, wanting to learn, breaking into the scene, studying for a certification, or just maintaining your skillsets – has you covered.  No one knows it all, no one is a master of it all, and all of us are constantly learning as technology adapts and evolves all around us.

In early 2017, Devon Ackerman and Mary Ellen Kennel worked together on behalf of the community to merge their independent projects.  This effectively grew the DFIR – Definitive Compendium with new categories to include Challenges & Capture the Flag training, DFIR Research, Annual Industry Reports, Threat Hunting, Threat Intelligence, and Forensic Tools.  In addition, several thousand new items were reviewed and added to the Blogs, Social Resources, and Books pages.

The DFIR – Definitive Compendium Project is not simply a link repository though, but has been edited and administrated over the years with intentional precision.  Not everything that is authored, created, or tagged as “digital forensics” and “incident response” is worth an examiner or analysts’ time or furthermore, is accurate.  Examples of this include not referencing every tool that can possibly be used for forensics, but choosing tools that the editors have personally used, abused, and tested.  Not every script or custom tool needs to be added just because it exists – if one tool exists that does what 15 other scripts do independently, but the one tool works the most effectively and reliably, then it is more likely to be included.  Another example is that the editors of this project have specifically weeded out blogs that are not maintained (>2 years since last post) and books that are significantly out-of-date with evolving forensics.

A myriad of choices have gone into deciding what information should be included in order to maintain the usefulness of the project and to separate it from just being branded “another link repository.”