Andrew Rathbun
…is a current contributor to the DFIR Definitive Compendium Project as of 2019 and is currently a Vice President with Kroll’s Cyber Risk division. He was previously a Forensic Computer Examiner with the US Department of Health and Human Services – Office of Inspector General. With the federal government, Andrew (@bunsofwrath12) led and assisted in the identification, acquisition, preservation, and analysis of electronically stored information (ESI) in support of various white-collar crime investigations involving health care fraud. Before this, he was a patrol officer for four years and Detective for three years with the Michigan State University Police Department. He served in the Investigative Division’s Digital Forensics and Cyber Crime Unit (DFCCU) where he conducted digital forensic examinations on computers and mobile devices and general criminal investigations. As a passion project, Andrew co-founded and currently serves as an administrator for the Digital Forensics Discord Server, which continues to grow and serve as a real-time resource for digital forensic examiners worldwide. To join, please send a blank email to digitalforensicsdiscord@gmail.com. Andrew is most notably known for his involvement in a unique case involving using a dead victim’s fingerprint to unlock a Galaxy S6 important to a homicide investigation. Andrew also served as a Rifleman (0311) in the United States Marine Corps Reserve. He served one combat tour to Fallujah, Iraq, in 2006-2007 with his infantry unit based out of Lansing, Michigan. Andrew has been published in PoliceOne and collaborated, edited, and contributed to various instructional guides used within the Digital Forensic and Incident Response community. Andrew earned a Bachelor’s degree in Criminal Justice/Sociology from Western Michigan University in Kalamazoo, Michigan, as well as a Master’s degree in Human Resources Administration from Central Michigan University in Mount Pleasant, Michigan. Feel free to connect with Andrew on LinkedIn!