…is the primary digital forensicator and incident responder behind the DFIR Definitive Compendium Project. Currently employed as a Managing Director with Kroll’s Global Cyber Risk practice, Devon (@AboutDFIR) is an authority on digital forensics and incident response and has extensive experience in the investigation and remediation of cyber-related threats and incidents from his years with the Federal Bureau of Investigation as well as in the private sector. Devon joined Kroll from the FBI, where he was a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner in the Digital Evidence Field Operations Unit of Operational Technology Division. In this role, he had responsibility for oversight and coordination in FBI Digital Forensics-related field operations across the United States, spanning a variety of matters such as domestic terrorism, mass shootings, critical incident response events, and large-scale electronic evidence collections. In addition, Devon has provided expert witness testimony in federal and state courts. Devon has collaborated on the development of a number of widely used forensic tools. He was also the course material revision architect and co-author of approximately 80 hours of instructional material for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums. He has spoken at the annual SANS DFIR Summit, been awarded Digital Forensic Investigator of the Year, spoken on NPR’s Planet Money show, spoken on Jessica Hyde’s Cache Up, and has been published in PenTest Magazine. In addition to presenting on technical topics to colleagues, computer scientists, and forensic examiner trainees at the FBI Academy in Quantico, Devon has spoken at numerous industry and educational conferences. He began a career with the FBI in 2008, where he later co-founded the FBI’s first North Carolina Cyber Security and Intrusion Working Group (eShield). Before joining the FBI, Devon owned and operated his own technical services firm for six years, specializing in managing the technology and computer design needs of small to medium businesses.
What launched in 2014 as a Google Sheet with single category of information tracking fewer than 30 DFIR-related certifications, the Digital Forensics / Incident Response – The Definitive Compendium Project has grown over the years into an expansive project worthy of its name. Now consisting of more than 50 categories of DFIR-related information, it is one of the single, largest compendiums of DFIR information known to exist on the Internet where the content has been culled by its authors on a per/link and resource basis, not by taking from others.
The Digital Forensics and Incident Response industries are growing every month, if not every week. Whether you are looking for trends reports, wanting to learn, breaking into the scene, studying for a certification, or just maintaining your skill sets – AboutDFIR.com has you covered. No one knows it all, no one is a master of it all, and all of us are constantly learning as technology adapts and evolves all around us.
In early 2017, Devon Ackerman and Mary Ellen Kennel worked together on behalf of the community to merge their independent projects. This effectively grew the DFIR – Definitive Compendium with new categories to include Challenges & Capture the Flag training, DFIR Research, Annual Industry Reports, Threat Maps, Threat Intelligence, and Forensic Tools. In addition, several thousand new items were reviewed and added to the Blogs, Social Resources, and Books pages.
The DFIR – Definitive Compendium Project is not simply a link repository though, but has been edited and administrated over the years with intentional precision. Not everything that is authored, created, or tagged as “digital forensics” and “incident response” is worth an examiner or analysts’ time or furthermore, is accurate. Examples of this include not referencing every tool that can possibly be used for forensics, but choosing tools that the editors have personally used, abused, and tested. Not every script or custom tool needs to be added just because it exists – if one tool exists that does what 15 other scripts do independently, but the one tool works the most effectively and reliably, then it is more likely to be included. Another example is that the editors of this project have specifically weeded out blogs that are not maintained (>2 years since last post) and books that are significantly out-of-date with evolving forensics.
A myriad of choices have gone into deciding what information should be included in order to maintain the usefulness of the project and to separate it from just being branded “another link repository.”