In his current role, Devon leads engagements for clients across a wide range of industries involving investigative digital forensics, intrusion response (unauthorized access), and malware analysis. He also serves as a Senior Forensic Science Team Lead, where he conducts and oversees digital evidence collection, triage, and preservation.
Devon’s extensive cyber investigative experience includes physical and cyber-based corporate espionage and sabotage investigations; ransomware and malware cyber intrusion events; unauthorized user access; PII and PHI compromise; malicious spear phishing and whaling campaigns; Office 365 and G Suite compromises and related log analytics; data destruction events; breach response; and other events involving misuse of networked endpoints and infrastructure.
Devon joined Kroll from the FBI, where he was a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner in the Digital Evidence Field Operations Unit. In this role, he oversaw and coordinated all FBI Digital Forensics-related field operations across the United States, spanning a variety of matters such as domestic terrorism, mass shootings, critical incident response events, and large-scale electronic evidence collections. Devon has also provided expert witness testimony in federal and state courts.
During this time, Devon developed a number of forensic tools that are still widely used. He was also the course material revision architect and co-author for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums. He began his career with the FBI in 2008, where he co-founded the FBI’s first North Carolina Cyber Security and Intrusion Working Group (eShield).
Selected Media Appearances
- “It’s Cloud First, as Companies Scramble to Fix Latest Computer Bugs,” Wall Street Journal Pro Cybersecurity
- “Forensically Sound Incident Response in Microsoft’s Office 365,” Forensic Lunch with David Cowen
- “Intel Corporation Security Flaw – Spectre and Meltdown,” Legaltech News
- “Critical Computer Flaws Set up Security Challenge in Washington,” The Hill
- “Massive Hack That Hit DLA Piper, Others May Be New Norm,” Law360
- “Petya Ransomware Attack,” Wall Street Journal
- “Your Law Firm Got Hacked. What Do You Do Now?” Legaltech News
Publications
- Digital Forensics/Incident Response - The Definitive Compendium Project
- Digital Evidence - A Critical Response Workflow
- Special Agents in CART - Investigative Forensic Examiners
- Computer Analysis Response Team - Professional Development Career Ladder
- Representative Speaking Engagements and Presentations
- “Forensics, Insider Threats, and the state of Cyber Law in America,” University of Chapel Hill, North Carolina
- “The Emerging Law of Active Cyber Defense” panel for Privacy + Security Forum 2017, Washington, D.C.
- “Cyber Threats and Trends for Data Centers,” Association for Computer Operations Management (AFCOM) 2017
- “Enemy in the Ranks - Corporate Espionage,” Katalyst Summit 2017
- “Cyber Threats and Trends for Elected Officials,” Illinois House of Representatives, Springfield, Illinois
- “State of the Hack,” Contingency Planning Association of the Carolinas (CPAC), Charlotte, North Carolina
- “Digital Forensics in the FBI,” to Belgian Federal Police delegation; also to New South Wales delegation
- “Digital Forensic Capabilities of the 21st Century FBI,” to Turkish cyber leadership and accompanying foreign delegation officials; also to Bulgarian foreign delegation officials
- “Digital Evidence and Federal Law,” Methodist University
- “Cyber Threats and Trends,” North Carolina chapter, AFCOM
- “Federal Cyber Law and Digital Forensics,” Campbell University
Education and Certifications
- M.S., magna cum laude, Digital Forensic Science, Champlain College
- B.S., magna cum laude, Computer & Information Systems, Digital Forensics emphasis, Champlain College
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensic Examiner (GCFE)
- Certified Forensic Computer Examiner (CFCE)
- Cyber Investigator Certification Program (CICP)
- Certified Computer Examiner (CCE)
Affiliations and Memberships
- International Association of Computer Investigative Specialists
- International Society of Forensic Computer Examiners
- FBI North Carolina Cyber Security and Intrusion Working Group (eShield)
- Scientific Working Group on Digital Evidence (2013 - 2016)
- FBI AccessData and Live Capture Subject Matter Expert Groups (2012 - 2016)
- Anti-Phishing Working Group (2008 - 2013)
Awards and Recognition
- Forensic 4:Cast 2018 Digital Forensic Investigator of the Year
- Citation for Special Achievement, Director of the FBI
- Certificate of Recognition, Operational Technology Division
- Department of Defense Intelligence Award
- SANS Lethal Forensicator Award
- 2011 National Counterintelligence Award for Insider Threat Team
Forensic Tool Development - Collaboration
- LECmd (Link .lnk Explorer) and PECmd (Prefetch .pf Explorer)
- Registry Explorer and Windows Registry ShellBag Explorer
- eMule Parser
- FTK/LAB v5.1 Report Optimization Tool (underlying coding and styling adopted by AccessData Group Inc., as official in commercial releases >v5.1 of their forensic suite software)
- osTriage v2 Live Response & Triage Tool
- Sanderson Forensics’ Reconnoitre
- FTK/LAB v4.0 and v5.0 Report Cleanup Tool