…is the primary digital forensicator and incident responder behind the DFIR Definitive Compendium Project. Currently employed as a Managing Director with Kroll’s Global Cyber Risk practice, Devon (@AboutDFIR) is an authority on digital forensics and incident response and has extensive experience in the investigation and remediation of cyber-related threats and incidents from his years with the Federal Bureau of Investigation as well as in the private sector. Devon joined Kroll from the FBI, where he was a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner in the Digital Evidence Field Operations Unit of Operational Technology Division. In this role, he had responsibility for oversight and coordination in FBI Digital Forensics-related field operations across the United States, spanning a variety of matters such as domestic terrorism, mass shootings, critical incident response events, and large-scale electronic evidence collections. In addition, Devon has provided expert witness testimony in federal and state courts. Devon has collaborated on the development of a number of widely used forensic tools. He was also the course material revision architect and co-author of approximately 80 hours of instructional material for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums. He has spoken at the annual SANS DFIR Summit, been awarded Digital Forensic Investigator of the Year, spoken on NPR’s Planet Money show, and has been published in PenTest Magazine. In addition to presenting on technical topics to colleagues, computer scientists, and forensic examiner trainees at the FBI Academy in Quantico, Devon has spoken at numerous industry and educational conferences. He began a career with the FBI in 2008, where he later co-founded the FBI’s first North Carolina Cyber Security and Intrusion Working Group (eShield). Before joining the FBI, Devon owned and operated his own technical services firm for six years, specializing in managing the technology and computer design needs of small to medium businesses.
Mary Ellen Kennel
…is a current contributor to the DFIR Definitive Compendium Project as of 2017 and is employed as Vice President, Incident Response in the Financial Industry. Prior to her current work, Mary Ellen (@icanhaspii) was a Senior Cyber Threat Analyst at First Data and before that a Senior Consultant with AccessData’s Incident Response and Digital Forensics Professional Services Division. Mary Ellen has over 10 years of experience in the field and has performed numerous investigations for Fortune 500 companies regarding possible hacking, breach, ip-theft, and data compromise. Her tasks and responsibilities include analysis of the evidence for case relevance, documentation of case findings, malware analysis, and executive summary report writing. Mary Ellen has been published and featured in “Hakin9” Magazine, and has been awarded “Super Honorable Mention” from the annual SANS Holiday Hack Challenge. Mary Ellen is adept at relaying technical terms to non-technical people and has presented to the United States Secret Service and the United States Postal Inspectors. Mary Ellen was a contributing author for SANS Institute’s SEC565 “Data Leak Prevention” course and has held the role of SANS Advisory Board Member. She is a graduate of NYU’s IT Security program with a GPA of 4.0; courses including but not limited to: Advanced IT Security, Fast Track CISSP, Firewalls/Packet Analysis, and Network Intrusion Detection: Hacking Understood. Lastly, Mary Ellen is a Mennonite from Lancaster County and author of the Manhattan Mennonite Blog, and she once won an award for building a computer from scratch in 10 minutes and 38 seconds.
….is a current contributor to the DFIR Definitive Compendium Project as of 2019 and has spent 10 years working within Digital Forensics in various roles. Currently, he works as the lead Senior Forensic Investigator for Medtronic. His experience is within IP Theft, white collar and cyber events. He spent 6 years with the FBI, where he not only worked law enforcement cases but also assisted in the development of various training taught to the RCFL’s and local field offices alike. Additionally, he also currently works as a Subject Matter Expert for the SANS Institute assisting students across the SANS curriculum. Mr. Knutson currently holds two Masters degrees in Digital Forensics and Information Security respectively. Among his certifications are 9 GIAC certifications and various vendor certifications. He has published a white paper on Filesystem Timestamps through the SANS Institute as well. Tony is also an Air Force veteran serving 12 years between Active Duty and Reserves with time spent in various engagements around the world, to include deployments to OIF.
…is a coder for AboutDFIR.com with 10+ years experience in web development. He has worked in a variety of web technologies – specializing in Node, PHP, and databases (SQL or not). He hates SOAP, but loves JSON, and wonders why some developers use more buzzwords than marketing agencies. Over the years, he has done work for a variety of companies, profit and non, working on a variety of projects, internal and external, yet is consistently surprised by the expectations of clients. While both a dog-person and a cat-person, he has recently developed a loathing of squirrels and wishes they were less cute so that thoughts of their total eradication would be less bittersweet. For some reason, he enjoys things that are under-appreciated and getting harder to find – like nature, bookstores, and manual transmissions. He also has a couple college degrees around here somewhere, and they definitely came in handy in the real world and are almost paid for.
…is a current associate with Kroll’s Cyber Risk practice where she focuses primarily on mobile forensics and Office 365 incident response investigations. Krystina is also an adjunct professor with Utica College, where she teaches for both the undergraduate and graduate level Cybersecurity programs. At Utica College, Krystina currently teaches the Capstone courses for the graduate Cybersecurity program and Software Foundations for Cybersecurity within the undergraduate program. Krystina has also taught Intrusion Detection and Network Forensics, Principles of Cybersecurity, and Information Security at Utica College. Krystina is most notably known for her dedication and work within Cellebrite Advanced Services, where she unlocked and extracted Apple ® and Samsung ® devices for criminal investigations. While performing the latest unlocking and extraction breakthroughs, Krystina grew the Cellebrite Advanced Services North American team, improved processes, and increased recognized revenue drastically over her two-year tenure. Also, while employed with Cellebrite Advanced Services, Krystina spoke at TechnoSecurity in San Antonio, Texas in 2017. Krystina has been published and featured in eForensics Magazine and has authored knowledge-based articles for Cellebrite. Krystina holds a Bachelor of Science in Accounting and a Master of Business Administration from Mount Saint Mary College in Newburgh, New York; as well as a Master of Science in Cybersecurity degree from Utica College in Utica, New York.
…is a coordinator of Marketing and SEO for the DFIR Definitive Compendium Project as of 2019. Eva is also Coordinator, Client Services with Michelin Raceway Road Atlanta where she handles all hospitality, vendor, and social media marketing functions. Eva is a student at The University of North Georgia pursuing a Bachelor’s degree in Business Marketing. Eva has spent her career growing in the motorsport industry. As the owner of a 1969 Volkswagen Beetle and an avid car enthusiast, Eva often wonders why more people don’t daily drive classic cars. Eva enjoys filling her free time with running, hiking, off-roading classic Porsches and getting lost in a good book. Most mornings you can find Eva holed up in her office, unable to process until she has had at least one cup of iced coffee.
…is a current contributor to the DFIR Definitive Compendium Project as of 2019 and is currently a Forensic Computer Examiner with the US Federal Government. Andrew (@bunsofwrath12) currently leads and assists in the identification, acquisition, preservation, and analysis of electronically stored information (ESI) in support of various white collar crime investigations involving health care fraud. Prior to this, he was a patrol officer for 4 years and Detective for 3 years with the Michigan State University Police Department. He served in the Investigative Division’s Digital Forensics and Cyber Crime Unit (DFCCU) where he conducted digital forensic examinations on computers and mobile devices as well as general criminal investigations. As a passion project, Andrew co-founded and currently serves as an administrator for the Digital Forensics Discord Server that continues to grow and serve as a real-time resource for digital forensic examiners worldwide. To join, please send a blank email to email@example.com. Andrew is most notably known for his involvement in a unique case that involved using a dead victim’s fingerprint to unlock a Galaxy S6 that was important to a homicide investigation. Andrew also served in the United States Marine Corps Reserve as a rifleman. He served one combat tour to Fallujah, Iraq in 2006-2007 with his infantry unit based out of Lansing, Michigan. Andrew has been previously published in PoliceOne as well as collaborated, edited, and contributed to various instructional guides used within the Digital Forensic and Incident Response community. Andrew earned a Bachelor’s degree in Criminal Justice/Sociology from Western Michigan University located in Kalamazoo, Michigan; as well as a Master’s degree in Human Resources Administration from Central Michigan University located in Mount Pleasant, Michigan.
…is a current contributor to the DFIR Definitive Compendium Project as of 2019 and is currently the Threat Intelligence Manager at Jamf. Prior to this, she has worked in various roles in both the private sector and for the Department of Defense, always related to network security and defense. Mary is also a proud United States Marine Corps veteran and a die-hard Dallas Cowboys fan.
What launched in 2014 as a Google Sheet with single category of information tracking fewer than 30 DFIR-related certifications, the Digital Forensics / Incident Response – The Definitive Compendium Project has grown over the years into an expansive project worthy of its name. Now consisting of more than 50 categories of DFIR-related information, it is one of the single, largest compendiums of DFIR information known to exist on the Internet where the content has been culled by its authors on a per/link and resource basis, not by taking from others.
The Digital Forensics and Incident Response industries are growing every month, if not every week. Whether you are looking for trends reports, wanting to learn, breaking into the scene, studying for a certification, or just maintaining your skill sets – AboutDFIR.com has you covered. No one knows it all, no one is a master of it all, and all of us are constantly learning as technology adapts and evolves all around us.
In early 2017, Devon Ackerman and Mary Ellen Kennel worked together on behalf of the community to merge their independent projects. This effectively grew the DFIR – Definitive Compendium with new categories to include Challenges & Capture the Flag training, DFIR Research, Annual Industry Reports, Threat Hunting, Threat Intelligence, and Forensic Tools. In addition, several thousand new items were reviewed and added to the Blogs, Social Resources, and Books pages.
The DFIR – Definitive Compendium Project is not simply a link repository though, but has been edited and administrated over the years with intentional precision. Not everything that is authored, created, or tagged as “digital forensics” and “incident response” is worth an examiner or analysts’ time or furthermore, is accurate. Examples of this include not referencing every tool that can possibly be used for forensics, but choosing tools that the editors have personally used, abused, and tested. Not every script or custom tool needs to be added just because it exists – if one tool exists that does what 15 other scripts do independently, but the one tool works the most effectively and reliably, then it is more likely to be included. Another example is that the editors of this project have specifically weeded out blogs that are not maintained (>2 years since last post) and books that are significantly out-of-date with evolving forensics.
A myriad of choices have gone into deciding what information should be included in order to maintain the usefulness of the project and to separate it from just being branded “another link repository.”
|1||Twitter user||fantastic work; I will 100% share this with my students. They all must check it. Thanks Devon.|
|2||Twitter user||great work! An amazing one-stop DFIR resource!|
|3||LinkedIn user||You sir, are awesome! Great job!|
|4||LinkedIn user||This is a tremendous contribution! Thank you for creating and then sharing it!|
|5||LinkedIn user||Great resource well done!|
|6||LinkedIn user||Awesome! Thanks for doing this!|
|7||LinkedIn user||Great Resource!!!! Well done!|
|8||Reddit user||Yay! As someone who is just starting to study this field I am very excited to have this resource available to me! Thanks!|
|9||Site user||The new site looks great by the way, good job 🙂|
|10||Reddit user||On a side note, I am thrilled to have discovered this site as well as the Reddit thread it seemingly developed from. Great job thus far and cheers to the future.|