For Ovie Carroll, digital forensics is all about the hunt for evidence in digital places that are hiding critical clues, followed by deep analysis to prove something that the evidence was never intended to prove. That's why Ovie, a cybercrime expert and veteran law enforcement officer, loves teaching the SANS FOR408 Windows Forensic Analysis course.
"I love exposing students to how exciting digital investigative analysis is," Ovie says. "My passion is for digital evidence and digital investigative analysis. I leverage my abilities, expertise, and my current experience with the U.S. Department of Justice to see across investigative activities around the world, use that vantage point to see the whole picture of where we are in digital investigative analysis and cybercrime fighting, and identify the future challenges in both investigative practices and the courts. And I try to bring all of that to my students."
Ovie's students are clearly getting what he's bringing - many of them finish his classes with renewed career plans. "They leave my class saying that they originally had no intention of going into digital evidence but now see it is more exciting than any other aspect of cybercrime fighting or incident response," he says.
Ovie's teaching philosophy centers on sharing and demonstrating his passion for digital investigative analysis. Drawing on 31 years of law enforcement and cyber investigation experience, his dynamic presentations not only deliver the technical material but also show how each digital artifact can be used to help solve cases.
Ovie's career in digital forensics has its roots in his years-long interest in computers - how they work and how they can and are being used in everyday life. Of particular interest is how companies are collecting, manipulating, analyzing, and monetizing people's every behavior online. "I am always interested in investigating how we can possibly tap into the information computers and companies are collecting to use it for good and to bring justice to victims," he explains.
In addition to teaching digital forensics at SANS and co-authoring the FOR408 Windows Forensic Analysis course, Ovie is the Director of the Cybercrime Lab of the Computer Crime and Intellectual Property Section (CCIPS) at the Department of Justice (DOJ). The lab provides advanced computer forensics, cybercrime investigation, and other technical assistance to DOJ prosecutors to support implementation of the department's national strategies for digital evidence and to combat electronic penetration, data theft, and cyberattacks on critical information systems. He also teaches two classes as an adjunct professor at George Washington University in Washington, DC.
Prior to joining the DOJ, Ovie was a Special Agent in Charge overseeing the Technical Crimes Unit of the Postal Inspector General's Office, where he was responsible for all computer intrusion investigations within the postal service network infrastructure and for providing all digital forensic analysis in support of criminal investigations and audits. He also served as a special agent in the Air Force Office of Special Investigations, investigating computer intrusions and working both general crimes and counterintelligence as well as conducting investigations into offenses including murder, rape, fraud, bribery, theft, and gangs and narcotics.
Computers are front and center in Ovie's free time as well, but he also enjoys plenty of offline activities, including public speaking, scuba diving, travel, and meeting new people.
- 31 years of law enforcement experience and over 20 years of cyber investigative experience
- Director of the Cybercrime Lab of the Computer Crime and Intellectual Property Section (CCIPS) at the Department of Justice (DOJ)
- Adjunct professor at George Washington University
- FOR408 Windows Forensic Analysis co-author and instructor
Get to Know Ovie Carroll:
- Co-host of the Cyberspeak Podcast
- In the News- NYC4SEC Meetup with Ovie Carroll
- Author of Challenges in Modern Digital Investigative Analysis, the U.S. Attorney's Bulletin on Forensic Science and Forensic Evidence I, January 2017
- Co-author of the section on Using "Digital Fingerprints" (or Hash Values) for Investigations and Cases Involving Electronic Evidence of the U.S. Attorney's Bulletin on Gang Prosecution
- Co-author of Computer Forensics: Digital Forensic Analysis Methodology, U.S. Attorney's Bulletin on Computer Forensics
- Co-author of Managing Large Amounts of Electronic Evidence, U.S. Attorney's Bulletin on Computer Forensics
- Co-author of Rethinking the Storage of Computer Evidence, U.S. Attorney's Bulletin on Computer Forensics
This is what students are saying about SANS Principal Instructor Ovie Carroll:
"Ovie is just an awesome instructor. He has a wealth of knowledge and really made the course a live and exciting joy." - Mohamed Abdelsalam, Glencore
"Ovie has got this thing down, pat! He is informative, personal, very very knowledgeable, and, entertaining on top of it all! Really enjoy his teaching methods." - Mike Bowden, Boeing
"Ovie is a great instructor, always has an answer to any question." - Brian Pitchford, Marriott
"He is wonderful. It is high energy. Keeps the student alert." - Selean Jones, Verizon
"Very energetic and extremely knowledgeable. Great instruction and content. Keep up the good work Ovie, it shows in the way you teach that you are very passionate about teaching forensics. I will take additional SANS DFIR classes, but for the money, I will make certain Ovie is teaching. You're just not gonna find an instructor as engaged/entertaining/knowledgable as Mr. Carroll. Very outstanding instruction." - Chad Gish, Metro Nashville PD.
"Great class! The hands on training exercises, SANS material, plus real-life examples have been a tremondous help especially since I have limited experience." - Jamie Schroeder, John Deere