21st August 2025

Blue Light Wellbeing’s Support For Digital Forensic Investigators
Hero Image

Discover how tailored, culturally aware mental health support can help digital forensic investigators cope with the hidden trauma of their work....

Read More
Forensic Focus Digest, August 22 2025

Forensic Focus Digest, August 22 2025

22nd August 2025

Discover what’s new on Forensic Focus – explore Blue Light Wellbeing’s support for digital forensic investigators, meet Neal Ysart of the Coalition of Cyber Investigators, examine the balance between examiners and technicians in digital forensics, and more....read more

Digital Forensics Round-Up, August 20 2025

Digital Forensics Round-Up, August 20 2025

20th August 2025

Read the latest digital forensics news – SANS releases DFIR Summit playlist, UAC launches v3.2.0, Neal Ysart discusses the Coalition of Cyber Investigators, and more....read more

Wrapping Up The S21 Transcriber Spotlight Session – What We’ve Covered

Wrapping Up The S21 Transcriber Spotlight Session – What We’ve Covered

20th August 2025

Explore S21 Transcriber: a fully offline, court-ready tool with free 30-day access and training....read more

UPCOMING WEBINAR – Retail Under Siege: Fighting Back Against Ransomware With Next-Gen Forensics

REGISTER NOW HERE

Retailers are under attack. Recent ransomware and malware campaigns have exposed critical weaknesses in how retail organisations detect, investigate, and respond to cyber threats. These attacks don’t just disrupt operations — they steal sensitive customer data, paralyze supply chains, and cause lasting reputational damage.

In today’s high-speed threat landscape, traditional investigation methods are too slow and fragmented. You need to act within minutes, not days!

Join this webinar to learn how modern forensic techniques can help your team launch immediate, coordinated investigations — no matter where the data resides. We’ll explore how to gain visibility across all endpoints, enable real-time collaboration between teams, and recover critical evidence from remote or mobile environments.

If you’re responsible for protecting your brand, your data, and your customers — this is a session you can’t afford to miss.

Key Takeaways:

  • Launch Investigations Instantly
    Remotely collect and analyze evidence the moment a breach is detected.
  • Collaborate in Real Time
    Enable multiple investigators to work on the same case – securely and simultaneously.
  • Capture Remote & Mobile Evidence
    Extend visibility to remote endpoints and mobile devices without delay.

Date:

Thursday, September 4, 2025

Time:

4:00 PM (CEST) | 3:00 PM (BST) | 7:00 AM (EDT)

Speakers:

Exterro Marketing

Harsh Behl, Vice President Product, Exterro

Matt Blackband, Associate Director – Head of Digital Forensics, Grant Thornton

Register Now

Digital Forensics Jobs Round-Up, August 18 2025

A selection of the latest DFIR job vacancies (got a job you want to feature in the next round-up? Submit the details here):

USA

Digital Forensic Analyst / FSB / IOD / Cyber East / Livonia CCU

State of Michigan

Livonia, MI

This role involves conducting digital forensic investigations, supporting law enforcement agencies, providing expert courtroom testimony, maintaining forensic networks, and assisting with training. Requires relevant education or experience, certifications, and a commitment to equity and bias-free practices.

View Job

Analyst, Digital Investigations & Cyber Risk

Nardello & Co.

New York

This San Francisco-based role supports digital investigations, incident response, and cybersecurity advisory for diverse clients. Responsibilities include forensic data collection, analysis, reporting, and client presentations. Requires 1–3 years’ experience, strong technical and communication skills, and relevant certifications preferred.

View Job

Principal Digital Forensics Examiner

SAIC

Chantilly, VA

Seeking experienced professionals with an active TS/SCI with Polygraph to provide technical leadership in digital forensics, conduct forensic analysis on digital devices, generate analytical reports, and support tool maintenance. Relevant degrees, certifications, and tool experience required.

View Job

Digital Forensics & Cyber Investigtions Instructor- SME

Cybervance, Inc.

Kensington, MD

Seeking a bilingual (English/Spanish) instructor with at least 10 years of law enforcement experience in digital forensics and cyber investigations to deliver advanced, hands-on cybersecurity training internationally. Requires U.S. citizenship, instructional expertise, and frequent travel.

View Job

Digital Forensics Investigator : Corporate Information Security

Hoag Health System

Costa Mesa, CA

This role involves conducting forensic analyses of digital evidence for investigations, producing expert reports, advising on evidence handling, and maintaining forensic standards. Requires advanced digital forensics experience, relevant certification, and strong communication and analytical skills.

View Job

Cyber Security Forensics Analyst

Con Edison

New York, NY

Seeking an experienced cyber security professional to conduct forensic investigations, manage incident response across IT and OT environments, analyze threats, present findings to leadership, and improve forensic processes. Requires relevant experience, strong analytical skills, and availability for emergency response.

View Job

Digital Forensic Examiner

City of Fort Myers

Fort Myers, FL

This role involves conducting forensic examinations of electronic devices, collecting and preserving digital evidence, recovering inaccessible data, and preparing detailed reports. It offers comprehensive benefits, paid time off, pension, and may require emergency response availability.

View Job

Forensics / Malware Analyst (Remote)

Jobright.ai

Washington, DC

Seeking an experienced professional to conduct digital forensics and advanced malware analysis for federal systems, respond to security incidents, mentor junior staff, and collaborate on threat detection. Requires active security clearance, 10+ years’ IT experience, and relevant certifications preferred.

View Job

Forensic Audio-Video Examiner (46858)

SecureStrux®

Maryland

This full-time, on-site role in Bethesda, MD involves analyzing audio and video evidence for a federal program. Requires advanced degree or equivalent experience, TS/SCI with CI Poly, expertise in digital forensics, and proficiency with industry-standard editing and authentication tools.

View Job

UK

Senior Incident Responder / IR Consultant – Bristol

TieTalent

Bristol

This hybrid role involves leading cyber security incident response, conducting forensic investigations, advising clients on containment and recovery, and producing post-incident reports. Requires 5+ years’ experience, strong technical skills, and excellent communication under pressure.

View Job

Digital Forensic Compliance Lead

HM Revenue & Customs

London

This senior digital forensics role involves leading complex investigations, managing and mentoring teams, ensuring compliance with forensic standards, collaborating with law enforcement partners, and providing expert advice and quality assurance across multiple sites within a government fraud investigation service.

View Job

Digital Forensic Investigator

Alexander Associates Technical Recruitment

Leicester

A leading digital forensics organisation seeks experienced professionals to conduct complex investigations, analyse electronic evidence, and provide expert testimony. Candidates need 3+ years’ experience, UK residency, security clearance, and proficiency with major forensic tools. Flexible working and comprehensive benefits offered.

View Job

Digital Forensics Analyst

INOVERSE GROUPE

West Midlands

Seeking an experienced professional to conduct forensic examinations of digital devices for legal, law enforcement, and commercial clients. Requires a relevant degree, two years’ accredited lab experience, proficiency with forensic tools, and compliance with industry standards. Security clearance eligibility essential.

View Job

DFIR Consultant

Pentest People

Leeds

A UK-based security consultancy seeks an experienced professional to join its Incident Response team, conducting digital forensics, threat intelligence, and live incident management. Strong analytical, communication, and stakeholder management skills are essential. UK residency and occasional travel required.

View Job

Digital Forensic Investigator

Alexander Associates Limited

Manchester

Seeking an experienced digital forensics professional to conduct complex investigations, analyse electronic evidence, and provide expert testimony. Requires 3+ years’ experience, UK residency, security clearance, and proficiency with major forensic tools. Offers flexible working, pension, and additional benefits.

View Job

Digital Forensic Evidence Examiner

Greater Manchester Police

Chadderton

This role involves conducting intelligence-led digital forensic examinations on various devices to support police investigations, requiring expertise in data acquisition, processing, and communication of forensic methodologies to investigators, prosecutors, and courts. The position involves handling sensitive material.

View Job

Digital Forensic Investigator

Greater Manchester Police

Chadderton

Seeking experienced professionals to conduct intelligence-led digital forensic investigations, analyse data from diverse digital devices, and present complex evidence in support of high-profile police cases. The role involves collaboration, research, and handling sensitive material within a dynamic forensic team.

View Job

Digital Forensic Examiner

Surrey Police

Guildford

Seeking experienced individuals in mobile phone examinations to join a digital forensics team in Guildford, Surrey. Responsibilities include independent forensic analysis, supporting frontline officers, delivering training, and maintaining technology, with fixed shift patterns including weekends.

View Job

Australia

Forensic Technology Services/eDiscovery – Associate

Alvarez & Marsal

Perth, Western Australia

A global consulting firm seeks professionals with experience in digital forensics, eDiscovery, and cybersecurity to support forensic investigations, data analysis, and incident response across diverse, high-stakes projects in a collaborative, inclusive, and fast-paced environment.

View Job

Incident Response Specialist

BAE Systems Digital Intelligence

Canberra, Australian Capital Territory

Seeking an experienced cyber security professional to lead incident response investigations, develop detection tools and playbooks, mentor junior staff, and collaborate with stakeholders. Requires strong technical, forensic, and communication skills, NV1 clearance, and familiarity with Australian government standards.

View Job

Digital Forensic Specialist

Datacom

Brisbane

Seeking an experienced professional to lead digital forensics and incident response engagements, deliver proactive cybersecurity advisory services, and support organisations in Australia or New Zealand. Strong investigative, communication, analytical, and problem-solving skills required.

View Job

Canada

Cybercrime Investigator, Cybercrime & Security Investigations

Scotiabank

Toronto, Ontario

This role involves conducting digital forensic investigations, analyzing electronic evidence, and supporting cyber and security inquiries. Requires expertise in digital forensics, strong communication skills, and experience with forensic tools. Offers professional development, inclusive culture, and competitive benefits.

View Job

Senior Associate/Cybersecurity & Incident Response (Forensic Services practice)

Charles River Associates

Toronto, Ontario

This role involves leading forensic and cybersecurity investigations, managing teams, supporting client communications, and ensuring compliance with industry frameworks. Candidates should have 5–7 years’ relevant experience and strong technical, analytical, and leadership skills. Comprehensive training and benefits provided.

View Job

Senior Manager Advisory

KPMG Canada

Toronto, Ontario

Seeking an experienced leader to manage cyber incident response and forensic investigations, mentor teams, and drive business development. Requires strong technical expertise, relevant certifications, and a commitment to fostering an inclusive, growth-oriented environment. Minimum five years’ experience preferred.

View Job

Enterprise Turns To AI For Speed And Accuracy In DFIR

In just one year, enterprise DFIR teams—as well as third-party service providers—have undergone a radical change due to the nearly universal integration of artificial intelligence.

As businesses face constant pressure to detect and respond to incidents with greater speed and precision, companies are increasingly taking advantage of the benefits of AI-powered digital forensics.

In this blog from Magnet Forensics, learn more about how enterprises are leaning on AI for speed and accuracy in their digital investigations, including:

  • Why AI adoption is accelerating
  • How AI is being increasingly using in DFIR workflows
  • How enterprises are prioritizing usability and seamless integration in AI tools
  • Why AI is a double-edged sword
  • What the future of AI looks like in enterprise DFIR
  • How to make AI work for you

Read the blog here.

Breaking Digital Barriers: Galaxy S25 & Z Flip Fully Supported

Comprehensive Data Extraction for Critical Investigations

MD-NEXT introduces Full Filesystem (FFS) extraction capabilities for the latest Samsung Galaxy devices of Android 16, including the Samsung Galaxy S25 and Samsung Galaxy Z Flip. This breakthrough enables forensic professionals to conduct thorough investigations with unprecedented access to critical digital evidence.

Technical Capabilities

MD-NEXT FFS extraction provides comprehensive data access, ensuring complete recovery of system files, application data, deleted content, and forensic artifacts that conventional partial extraction methods cannot retrieve. MD-NEXT’s advanced architecture supports seamless integration with industry-leading System-on-Chip (SoC) platforms, including Qualcomm ,Exynos, MTK and UNISOC chipsets.

Our development team maintains continuous compatibility updates, ensuring immediate support for emerging flagship devices upon market release. This proactive approach eliminates investigative delays caused by unsupported models.

Core Technical Advantages

Universal Device Compatibility: MD-NEXT supports comprehensive data extraction across diverse device categories including smartphones, feature phones, IoT devices, smart televisions, unmanned aerial vehicles, and cloud services, providing a unified solution for multi-platform investigations.

Extensive Operating System Support: Our platform maintains compatibility with over 15,000 device models across multiple operating systems including Android, iOS, HarmonyOS, Windows, Tizen, KaiOS and more.

Advanced Physical Extraction Methods: MD-NEXT employs multiple extraction vectors including Bootloader manipulation, AnyLock Bypass protocols, ADB Pro (T1-T5) advanced debugging protocols, Fastboot interface utilization, JTAG boundary scan testing, and chip-off memory analysis for maximum data recovery potential.

Next-Generation Hardware Integration: Our proprietary MD-PLUG hardware platform delivers full filesystem access through both generic extraction methods and exclusive hardware-accelerated acquisition protocols, ensuring optimal performance and data integrity for mission-critical investigations.

Evolving Logical Extraction : ADB Backup, iOS Backup, Manufacturers’ backup protocol, App Downgrade, App Backup, App Plus and next thing by evolving new logical extraction technology.

Professional Implementation

MD-NEXT represents a comprehensive mobile forensic solution designed for law enforcement agencies, corporate security teams, and digital investigation professionals requiring reliable, court-admissible evidence extraction from modern mobile devices.

 Contact our sales team to request a demo of MD-NEXT in your forensic investigation and discover how our advanced capabilities can expand the scope of your investigations.

Digital Forensics Round-Up, August 13 2025

A round-up of this week’s digital forensics news and views:

Digital forensics experts reveal Bryan Kohberger’s preparation for Idaho murders

Digital forensics experts who were set to testify at Bryan Kohberger’s trial reveal evidence showing the convicted killer prepared extensively for the quadruple murders of University of Idaho students. Heather Barnhart and Jared Barnhart from Cellebrite discovered that Kohberger deliberately powered off his phone during the exact window of the November 2022 killings, downloaded detailed reports on serial killers, and used VPN technology to hide his online activity. Analysis of his digital footprint showed obsessive research into murder cases, scrubbed files, and evidence his phone had connected to WiFi at a restaurant where two victims worked.
Read more (the-independent.com)

FBI and NSPCC alarmed at ‘shocking’ rise in online sextortion of children

Tech companies reported more than 9,600 cases of adults grooming children online in the UK during just six months last year, equivalent to about 400 cases per week. Law enforcement agencies including the FBI and UK’s National Crime Agency express growing alarm about sextortion threats targeting teenagers, with victims being blackmailed into sharing explicit images. Snapchat logged approximately 20,000 cases of concerning material in the first half of 2024, more than all other major social media platforms combined. The Guardian reports that some teenage victims have taken their own lives due to this abuse, prompting unprecedented awareness campaigns.
Read more (theguardian.com)

Brian Carrier Launches Course on Automation and AI

Digital forensics has always depended on automation, from early tools like EnCase v1 and FTK v1 that automatically detected and parsed file systems. Brian Carrier explains that automation handles intermediate steps in investigations but still requires skilled investigators to ask the right questions and understand context. He is developing a comprehensive mini-course on automation and AI in forensics through LinkedIn posts, blogs, webinars, and eventually video content.
Read more (linkedin.com)

Hannah Bailey Discusses Mental Health Support for Digital Forensics and Police

Hannah Bailey, founder of Blue Light Wellbeing and former police officer with 15 years of frontline experience, discusses critical mental health challenges facing digital forensics investigators and law enforcement. Hannah, who left policing after experiencing PTSD and cancer, now works as a psychotherapist specializing in trauma therapy for high-risk professions. She emphasizes the need for proactive mental health support rather than reactive approaches, noting that digital forensics investigators face constant trauma exposure with added isolation from working alone with screens. Bailey advocates for regular supervision sessions and culturally-aware therapists who understand the unique stresses of law enforcement work.
Read more (forensicfocus.com)

Unfurl v2025.08 Released with Enhanced TikTok ID Parsing

Version 2025.08 of Unfurl has been released with improved TikTok ID analysis capabilities. Enhanced parser now extracts milliseconds, entity types, sequence numbers, and machine IDs from TikTok identifiers, thanks to research by Benjamin Steel. The update also fixes a bug in Google Search EI timestamp parsing where leading zeros in microseconds caused incorrect conversions.
Read more (dfir.blog)

Researchers Develop Hybrid Framework for Drone Forensics Investigation

Researchers have developed a new forensic framework that combines live, digital, and physical evidence collection to investigate drone-related crimes and accidents. Dongkyu Lee and Wook Kang propose a systematic analysis algorithm specifically designed for unmanned aerial vehicle evidence, addressing the growing need for post-incident investigation capabilities. Current drone security strategies focus primarily on real-time defense measures like detection and neutralization, but this research emphasizes the importance of forensic analysis to identify flight paths, pilot information, and accident causes. The framework aims to enhance the legal admissibility of drone forensic evidence in criminal and civil proceedings.
Read more (sciencedirect.com)

LinkedIn Timestamps Decoded for Open Source Investigations

LinkedIn provides only rough time estimates like “1d” for posts, frustrating investigators who need precise timestamps for fact timelines. Researcher Ollie Boyd discovered that LinkedIn post URLs contain hidden timestamps – the 19-digit number at the end, when reduced to its first 41 bits, reveals the exact Unix timestamp of publication. This technique has been integrated into Bellingcat’s Uniform Timezone Chrome extension to help investigators extract precise publication times from LinkedIn posts and comments.
Read more (maynier.eu)

Mental Health Challenges in Digital Forensics Explored

A new episode of Truth in Data examines the psychological impact on professionals working in digital forensics and incident response (DFIR). Episode 14 focuses on the often overlooked mental health toll that forensic investigators face while dealing with disturbing digital evidence and high-pressure cases. Mental health support and awareness in the cybersecurity field remains a critical but underaddressed concern.
Read more (youtube.com)

Well-Being In Digital Forensics And Policing: Insights From Hannah Bailey

The following transcript was generated by AI and may contain inaccuracies.

Paul: Welcome to this special episode of the Forensic Focus podcast. Today I am honored to be joined by someone whose journey and work are having a profound effect on the well-being of those in high-pressure, high-risk roles. Hannah Bailey is a subject matter expert in mental health and well-being, and founder of Blue Light Wellbeing.

She works as a psychotherapist, trauma therapist and well-being coach, supporting individuals and organizations through therapy, coaching, training, and education. But what makes Hannah’s perspective so valuable, especially in digital forensics and frontline responders, is her own lived experience.

Hannah served in frontline policing for 15 years, including roles in emergency response, CID, and major crime. Her career, while fulfilling, was not without significant personal cost. She experienced burnout, PTSD, and overcame a breast cancer diagnosis – challenges that ultimately led her to leave policing and embark on a journey of recovery and reinvention through Blue Light Wellbeing.

Hannah now dedicates her life to helping others in similar roles navigate the mental health challenges they may face. She brings not only clinical expertise, but also cultural credibility. She understands what it’s like to be in these roles, the toll it can take, and what real practical support looks like.

In this episode, we’ll be exploring Hannah’s powerful journey, the founding of Blue Light Wellbeing, and how informed approaches can make a difference for those working in digital forensics and across the broader blue light community. So whether you are on the front lines, behind the screens, or supporting those who are, this is a conversation you will not want to miss. Welcome to the podcast, Hannah.

Hannah: Thank you Paul, and thank you for that lovely introduction. I’m really delighted to be here.

Paul: It is really good of you to join us tonight. So can we begin with your background?

Hannah: Yeah, of course. I know you touched on it in that introduction. So I was a serving police officer in West Midlands Police here in the UK for 15 years. And as you rightly said, Paul, this was a career I loved – really loved.

I joined at 21. I didn’t have a degree in anything else. I hadn’t done any other career, so it was absolutely the career for me. I was very passionate about it. It was my identity. I just loved it.

And I have to say Paul, because of the work and the roles and the jobs we went to, as difficult as some of them were, I would say we laughed every day. I had a great team, great sergeant. We laughed every single day and I’m sure that was part of why it was going so well at the start for me.

But things changed. As much as I absolutely felt I was going to do 30 years service in the police, as we do in the UK, and that was going to be me… As you will know, life throws us curve balls, doesn’t it? Changes that we did not plan along the way. And I certainly didn’t.

It absolutely does, doesn’t it? And so I’ve learned that’s probably the biggest lesson I’ve learned. It did exactly that to me. So I would say probably for about two years before I left, my mental and emotional health went downhill.

It wasn’t one big thing that happened or one awful job, because I know that can be the case for some people. But I think probably the majority of officers or frontline workers who are struggling – it’s probably that repeated exposure, that sort of drip effect that we hear a lot about in frontline roles.

And I’d say that was the same for me. I didn’t think there was anything that had particularly affected me. I felt I dealt with it all really well, but obviously not. We had no training, did we Paul? No education, no awareness of it. There was a huge stigma and taboo, which I was part of by the way. I was part of that culture because I didn’t know any different.

And I would say there were a lot of changes at work as well. It wasn’t just the jobs that we were dealing with – there were a lot of changes within the structure and teams at work. And I had a lot going on at home as well for about those two years. Some issues at home.

So I think it was like a sort of melting pot for me – everything coming at once. I just didn’t have any space to deal with anything, think about anything, have a breathing space. Nothing at all. And I became quite unwell.

So as you touched upon, I had undiagnosed PTSD at the time. I wouldn’t have known what that was. I wouldn’t have even really known that phrase, I don’t think Paul, at the time. And I think I would’ve just carried on. And I did carry on because I had no idea what to say, who to turn to, who to talk to.

So I did try and carry on. And I think I probably would’ve done that until I broke. But another intervention came and I found a lump in my breast. And as you said, I had breast cancer.

So I went through breast cancer the way I think you should – the way I was taught to in the police – which was grit your teeth, put a smile on your face and get on with it. And I did. I was determined I was going to fight it and battle it and get through it and put it behind me. And so I did that.

And I didn’t face anything about how I’d got to that point, Paul, at all, or how sick I really was at the time. So after nine months off work, I went back to policing. Even with everything I had been through, I still wanted to be a police officer.

I didn’t know how else to be or where else to work or where else I might fit if I wasn’t a police officer. I had no idea. So the only option I felt was to go back to policing, determined that I would do something different and it would be different and I might look after myself. But again, I had no idea how to do that or what that entailed or what that meant.

So actually I had cancer twice. My cancer came back within a year. It had mutated, so very rare, very aggressive, with a very poor prognosis of survival.

And I think it was only then – and it probably should have been earlier than that – but only then did I wake up really and think, “I have actually got to face what’s going on here and why I am so sick.” So actually, in the end, I didn’t do chemotherapy or radiotherapy that second time.

My prognosis with those treatments was so poor and I just realized I had to rethink everything. Actually, Paul, reassess everything. I learned how to… I went to Germany for medical treatment in the end. But I researched how to be well long term – mentally, emotionally, physically, spiritually even.

I just thought there’s going to be no stone unturned. I’m going to find out how I get better and how I stay better, which I think is really important – to consistently be well, not just put a bit of a sticking plaster on and hope it will all go away, which is what I’d done so far.

And so yeah, part of that was resigning from the police for me, which even with everything I’d been through was so difficult. I was devastated to leave policing. I can see you nodding your head, so I’m sure you felt the same as well. Even with everything, I was devastated.

But it was the right choice for me, and I became very well. I faced it all – what I needed to through therapy – but physically as well. I changed my lifestyle and how I looked after myself and became very well. I realized that I probably had some skills there from policing that I could actually help others with and turn it around. I decided to retrain professionally, as you said, and come into a different career. So yeah, that’s how I come to be here today.

Paul: I think you’ve touched on so much there. Can I ask, during the period where you did become unwell through suffering from PTSD, et cetera, and then of course that awful news about breast cancer on top of that, what support did you get from the force you were working with?

Hannah: None at all. I’m sorry to say that. And I want to stress here – my sergeant and inspector were nice guys, by the way, so this is not about them being horrible people. They were nice people. And I had good practical support in that I had nine months full pay.

There are lots of jobs that would not do that. And that was an incredible gift financially – to give us that security through that time. I’m not somebody who sits here and police bashes because that’s not what it’s about. And it’s not useful. It isn’t.

But it’s about learning, because nobody had a clue mentally or emotionally, including me, how to support me through any of that at all. So yeah, no emotional and mental support at all. But practically, yes, good. And they were clear that I had the time that I needed to physically get well.

I just had no idea how to mentally and emotionally get well, and nor did they, to be honest, Paul. So yeah, we were all blind leading the blind a little bit through that period of time.

Paul: I asked the question because I quite often hear from DFIs and other people still in policing that the support they are provided is minimal at best, but in quite a few cases there actually isn’t any. And I still find that astounding.

When you consider – and I’ve said this many times now – you send a cop out onto the street, they go out with body armor, tasers, gas, you name it. They’re fully equipped to be protected physically. When it comes to mental health support, there are apps, but there is next to nothing there.

For me, that just doesn’t make sense because once someone becomes susceptible to the stressor, then it takes an awful long time to recover from that. So you’re losing that staff member or those staff members while they’re recovering. Yet that could be averted by putting in a proactive approach to doing this.

For me, it just doesn’t make financial sense not to have it there, not to have it available when it’s needed.

Hannah: Yeah, a hundred percent. And not only available when it’s needed, but – and I think you and I are probably both passionate about this – in a proactive sense as well. Because I just think policing is very reactive, isn’t it?

It’s very reactive and certainly when I was in there, we reacted to hotspots and crime spots and so on and so forth. And it’s got better over the years at looking at that proactively. How do we fight crime or hotspots or that sort of school to prison pipeline? How do we look at that proactively? And I’m like, surely that applies to mental health and wellbeing as well.

If we look at it proactively, how much of a difference we could make – not just to those individuals but the organization as a whole, the community. Every single person and group benefits if we look at it proactively.

Paul: I cannot agree more. Police have developed over the years. They are professionals out there. I’m absolutely not here to police bash if you like, because I’ve got the utmost respect for those men and women who go out on the streets and put their lives on the line on a daily basis.

Hannah: Yeah, absolutely.

Paul: In the same way, DFIs sit in front of screens every day and they are exposed to the depths of humanity. And in both cases, their caseloads are ever expanding. And there are a lot of stats out there to prove this. Yet when it comes to the development of mental health services, they stay stagnant. They haven’t changed for years.

Hannah: It is astounding. And what I would say is the shame as well, Paul, is that it’s not uniform – excuse the pun – but it’s not uniform across the forces. And I don’t know in terms of the digital forensic world, but I’m sure you could tell me if it’s uniform across different companies and organizations.

But I’m lucky enough because I’m freelance – I work with so many different police forces, and you get forces with no mental health and well-being budget. Zero. And you get forces that are really getting there with that proactive aspect coming in. They have good support, good awareness, less stigma.

So it’s really different across different police forces as well, which is such a shame because it is a little bit of a postcode lottery, and that’s a shame.

Paul: You’ve just taken the words out of my mouth. I was just going to say to you, I talk to so many DFIs across the country and some DFIs have got a great service going on. Outside of law enforcement, I know there are some private companies who are really proactive around the mental health of their employees because they want to protect them and realize the value in them.

But then you talk to other DFIs who tell you there is either nothing or the bare minimum, which isn’t even a sticking plaster in some cases. And you are exactly right. I think you used the term postcode lottery. It is exactly that. It depends where you work and what the budget is for that force, whether you get a reasonable amount of support or not.

But that shouldn’t be the case. It should be unified across the country with standards set so that DFIs are fully supported. That’s what I’ve been campaigning for a very long time now.

Hannah: Also because I think certain roles are seen as more high risk. And I do think with digital forensics – because it’s perhaps not the same physical risk for them – I don’t think it’s seen, perhaps sometimes by forces, as the risk that it is. And I would say the role they do with the constant viewing that they are exposed to – certainly in terms of mental health and well-being – they must be one of the most high risk. I would suggest that.

Paul: Absolutely. I can’t think of another job either in or outside of law enforcement which is such a constant trauma-facing role.

Hannah: Yeah, I agree. And also, because when you are looking at stuff on screens or any of the digital formats all the time, you are not getting that same human connection that you might do on a team going out to a job or even just being crewed up in a car with somebody. And then, I don’t know, like all going out to a job as a team to put a door in or something.

So you’ve got more isolation kicking in, I would say, in a digital forensics role than you do in traditional sort of frontline policing. And that would then always increase the risk of the trauma exposure.

Paul: I would absolutely agree. Can we talk about some of the work that you do with DFIs and other forces and such?

Hannah: Yeah, absolutely. Thank you. So I do a mix of things really. In terms of going into different forces or other similar organizations like the NCA – those kinds of law enforcement or investigation roles – I go in and really do different types of training and education, I would say.

Depending on what a team is struggling with at the time. So often around resilience, overwhelm, burnout, PTSD. I go in and talk about my personal experience, because as you just said, that helps a little bit with that credibility, that connection. They know I understand their world.

It really does because they know that what I’m talking about, I really genuinely understand. And I’m genuinely trying to find those ways to help them – not in a bit of a tick box type way. So that would probably be the most common areas that I go in and help those roles with.

But sometimes it’s quite specific, so it might be around FLOs, SIOs. So particular types of roles they’re undertaking. Child sexual exploitation is a really common one because the level of trauma is just so high.

Sometimes the other one as well is change management. So a lot of companies and businesses have change management specialists and that sort of thing. I’m not one of those – I didn’t mean that badly either to change management specialists. Sorry. Nothing wrong with what you do, but I don’t do that.

But I do it in terms of the mental health side of significant change within an organization, because I know how much it affected me, Paul. At a time that I was struggling, we also went through significant change on the teams.

I didn’t know my supervisors, I didn’t know any of my colleagues. And I think that matters so much when you’re in such high risk and demanding frontline roles. You really need to feel comfortable to be able to speak out, and if you don’t know anybody or you don’t trust them…

And also Paul, I thought that they didn’t really know me, so they didn’t know my reputation – that this wasn’t me. It was really unlike me to struggle or not settle or not be able to deal with jobs in the same way. That was so unlike me. So I felt they didn’t know me either. So I didn’t want to speak up and say I was struggling.

Significant change in these types of roles in organizations is a massive impact on mental health and well-being. And so I often go in as well and deliver inputs and training around that. So yeah, that’s what I tend to do for organizations.

And then I work with individuals as well with trauma therapy and well-being coaching. And I think that’s really important to highlight because, again, you and I would be passionate about people… It would be so great if people came a bit earlier. It really would.

So I think it’s one of the myths I like to dispel if I can about therapy. I think people think – certainly in these roles – you go when you’re broken and you are on your knees. And I do get, of course, people who come at that stage, but it’s lovely if I actually get people that are coming earlier – maybe struggling or something not going quite right and they could just do with a bit of help, support, that coaching side.

And it’s really useful. And like you said, much quicker, that proactive side – much quicker to get you back on your feet and get you back into the role or work or life that you love. So yeah, it’s one of the myths I want to help dispel: please come earlier if you can, when you’re struggling and just need a bit of support.

Paul: This is why I’m a big advocate for the proactive approach to mental health, whether it be in digital forensics or uniform frontline cops or indeed, private companies who employ DFIs. Because for me, the proactive approach could take the form of psychoeducation prior – long before anybody succumbs to the stressor, should I say.

If, in my opinion, individuals are taught about what PTSD is, what it looks like, what the signs and symptoms are, how it can affect you physically, how it can affect you mentally, then the earlier they recognize those signs and symptoms and are then able to find the help to reduce them, then the stronger they become, the more resilient, the more productive they continue to be. And I advocate for that time and time again. Mental health support needs to develop.

And I think that echoes beautifully in what you’ve just said.

Hannah: Yeah, and it’s interesting that you said the word psychoeducation, because that is what I start nearly every training input with. Because if we don’t understand how the brain works well and how it processes stress, shock, and trauma – which our brains can do really well and really efficiently, and it’s set up to do that.

But what happens when it goes wrong? What does it look like when it goes wrong or feel like? As you said, what are those signs and symptoms? And then really importantly – we were discussing this, weren’t we, just before we started – the fact that we can put this right. Actually we can recover from this.

And you and I are sitting here as examples of that, having both been through our struggles with PTSD and mental health and are really well. Doing really well, really healthy, really balanced. That function in our brains to process stress and shock and trauma is back fully functioning again, and it’s absolutely repairable and recoverable. It’s such an important part of that education for them.

Paul: It absolutely is. Like you said earlier, taking that decision to resign was one of the hardest things you’ve ever done. I absolutely know where you are coming from. I will openly say, when I walked out of the station on my last day, I was in tears.

Hannah: Yeah.

Paul: But at that point, I had some level of insight into the fact that I was really unwell. And I remember vividly the first time I met the therapist who I worked with. I was absolutely terrified.

Hannah: Yeah.

Paul: Absolutely terrified to open that box and share what was inside. I’m thankful that the therapist that I worked with was absolutely amazing. She just got it.

Hannah: Good.

Paul: But I’m thankful also that she was culturally aware as you are. Because I recently attended a conference and this really shows how important it is to have a background such as yours.

I was recently at a conference where one of the delegates told me that they were a practicing DFI and they shared that they had a psychologist who regularly came in to see them, which they benefited from massively. But during a group session that was being held, one of the DFIs shared a particularly traumatic case, which upset her so much she left and never came back again.

Now I have to say from my point of view, the message that sends to a DFI is “nobody can deal with this.” Whereas, because you’ve lived it, you haven’t just done the job, but you’ve lived the experience of being unwell. You’ve lived through the stresses and you’ve come out the other end a much stronger, more resilient, better person. And I think the cultural awareness attached to therapy is highly underrated right now. I don’t think people realize the value of that.

Hannah: Yeah, no, I completely agree with you. In fact, I think the people going for therapy absolutely value that, like almost more than anything actually. But I don’t think perhaps leaders and organizations do, and they set up, let’s say an EAP, and as long as that’s provided and funded… I think sometimes, if I’m honest, they’re not that bothered how effective it is. It’s just set up and it’s available. That’s being honest.

And you are absolutely right and I hear this actually time and time again, exactly what you’re saying. I had a client who was involved in something incredibly traumatic and before she came to me was detailing that to her counselor. And the counselor got almost a little bit cross and said, “Look, you do know this is distressing for me, don’t you, as well?” when my client was crying. I know. I can see you shaking your head. Exactly. That’s what I was like. I just don’t think you should be a therapist, I’m going to be honest, if you can’t hear other people’s trauma.

But yes, that cultural awareness. And so of course my client felt like she couldn’t talk about that, that she was upsetting the counselor. But also, as you said, you just think “my trauma must be so awful. A counselor can’t hear it and a counselor’s upset by it.”

So you just start to think that you’re in this most awful place that you can’t recount this hideousness that’s in your head and that you can’t get better from it or be relieved from those traumas that it’s causing. And that’s not the case at all.

And yeah, you are right. For me, I don’t want to sound like “aren’t I hard-nosed?” But it doesn’t shock me and there isn’t anything that’s going to shock me I don’t think anymore. I can listen to that as both a therapist and an ex-police officer who has been on both sides of those, and I think that’s really important.

Paul: I think it’s super important.

Hannah: Yeah.

Paul: The sad thing is there aren’t that many culturally aware therapists.

Hannah: And that is the shame, isn’t it? We need people to leave policing and come and be a therapist. And I think that’s growing, Paul, if I’m honest. As we’re talking, I think it’s growing, but you’re right. There’s not enough.

I think you can be… Are there people out there that I’ve met as therapists and they’re not ex-police or whatever, and just seem to have an innate understanding, to be fair to them? Yeah. I don’t know where that comes from, but they do seem to have an innate understanding and a way of taking on that type of job and trauma.

So can it exist without our backgrounds? Yes, it can. But is it much more credible or likely if you’ve had our backgrounds? Yes. Probably.

Paul: Yeah, I agree. So I know you trained in Brain Working Recursive Therapy. Can you tell us about that and how that applies to the therapeutic process?

Hannah: Absolutely. So just to say again from a client perspective, how I found BWRT was looking for a therapy for my PTSD. So I had been in probably more traditional therapy, if you want to call it that, for about 18 months, two years. And it was useful. This is not me saying that’s not useful – it was, and I had got to a much better place and was doing much better.

But I still had what I would phrase as hideous flareups of PTSD. Hideous. And they would just overcome me, probably last for about three days of physical pain, almost paralysis, anger, shame, bitterness – it all came out Paul in those three days. So it was not a pretty sight.

I couldn’t work, that kind of thing. I just survived really for the three days or so, and then felt like I’d been in a punch up and a fight for about a week afterwards. And then would get back to life and my normal life as it was then – in a better place.

So I was searching really for something that I just thought, “I just don’t want this anymore. I don’t want to manage PTSD anymore. I do not want it.” And they are different things. The reason I found BWRT was through searching online.

One of the things I loved about it is that you actually don’t have to recount your trauma in great detail. And I hadn’t really heard of that before and I felt I’d done a lot of that with the two years of therapy I’d had. And you don’t, and that’s quite unusual for therapy.

So you obviously have to know some of the content of what people have been through, but I think if you think of policing, of DFIs, all that, you actually don’t have to recount the trauma in great detail. And it really spoke to me that would be something I’d like to do and it’s quite quick and effective.

And I just thought, “I’m going to go for it.” And it was brilliant and it was all that it just said and promised, and I have never, ever had since then any flare ups of PTSD. I’ve had no nightmares, no flashbacks, nothing like that, no symptoms at all of PTSD. So incredibly life changing for me. And so I decided to train in it as well.

I was already a well-being coach but I thought actually people were coming to me with more trauma because of my contacts and backgrounds. I didn’t really feel equipped to deal with that as just a well-being coach. I thought, “I’m going to train in this.” So I gained my qualifications in it as well.

Level one and level two – they’re not actually better than each other. Level one and level two are just different approaches, different ways of dealing with trauma. And it absolutely transformed how I dealt with trauma clients. It’s just been incredible since that time.

And I also wanted to do more qualifications. I like learning. So you can never stop learning about the brain and the body really, can you Paul? To be honest. So I do, I love learning as well, but I wanted to get those qualifications to be recognized in this field.

And so I did a level seven post-grad in trauma therapy as well. And as fantastic as that was, and as much as it massively added to my skillset, understanding, education – it is still BWRT that I go back to with nearly every client.

Paul: Incredible. It’s interesting that you’ve got such a wide skillset actually, because that must allow you to pull from each therapy if you like, to individualize it for a client.

Hannah: Yeah, absolutely. And I do love that bit of it because people might come with really similar stuff, but everybody’s different aren’t they? And there is not a one size fits all with therapy. So I do love that side and I love that.

Where I’d say my trauma therapy and BWRT comes in is helping almost with all your past stuff, if that would be the right word. We help resolve or move or shift that trauma. But the well-being coaching is like looking ahead and how do you move ahead now? Because therapy can be great, but I would like people to be well long term.

So how do I help them with that? What does that structure look like? The boundaries, what skills or experiences could they try or give a go or be open-minded to? So I love that it’s all encompassing. I hope with those different hats that I wear.

Paul: I’m actually smiling, because what you’ve just described is the therapeutic process that I went through myself.

Hannah: Brilliant.

Paul: So all I expected was for the therapist to deal with the weight I was carrying of the trauma that I had been exposed to. What I didn’t expect during the process is the fact that she was going to make me stronger going forward.

Hannah: Yeah. Brilliant.

Paul: And she absolutely did. The process itself – speaking from experience, for me personally, it was a difficult one to start with, but as the process went on, it became a lot… I don’t want to say easier, but a lot smoother. It became almost natural to open up and discuss really difficult things with her. And just like you, I came out the other end a much better, much stronger, much more resilient person for it.

I’ve been asked, like we discussed earlier, I’ve often been asked, “If you had to go back into therapy, would you do it?” In a heartbeat.

Hannah: Yeah, agreed.

Paul: Knowing what I know now, I would do it in a heartbeat.

Hannah: A hundred percent and I would do it earlier, certainly for me as well. When people say “I should have come to you earlier,” I say, “Look, I had PTSD and two lots of cancer before I woke up and realized I better have therapy.” So I get that. I’m the queen of avoiding therapy, but so I really understand.

But a hundred percent I would do it. I’d do it again and I’d do it earlier. And Paul, I have to have supervision for the work I do. And so it just becomes natural just to take this to them, talk it through, let’s find a solution. Let’s work it through.

If I need a cry, I don’t often now because I’m in a different place, but if I need a cry with some of the stuff I hear all the time, then I have a little cry or get angry or get despairing, and then we work it out and I’m good to go. So I know the benefit of it. So does my brain. It knows that. It knows it will be better once we’ve done that.

Paul: So you’ve just mentioned something really interesting there, and it’s something that I’ve thought if it was applied in digital forensics as a proactive approach, as part of the proactive approach, it would help spot those early warning signs. And that is, you mentioned supervision right now, just like you.

As I work in the NHS now as a psychologist, I get weekly supervision where I go and talk to a colleague of mine who is also a qualified psychologist, and we will talk about the caseload that I’ve got and how I feel about that.

It is an excellent opportunity, not just to offload, but to gain another opinion on difficult cases that you’re working with, which massively helps reduce stress that you’re carrying.

Hannah: Hugely.

Paul: I’ve often thought, and I’ll be interested to hear your views on this, if this was applied in digital forensics, whether it be a weekly or biweekly meeting with say a mental health first aid trained individual, I’ve often thought that would in itself help DFIs offload.

Hannah: I completely agree. And what we’re missing is there are so many benefits, not just the offloading as you said. I mean that in itself… And everybody knows that, don’t we Paul? If you just go and meet a mate at the pub and offload, that feels better, that feels nicer. So we know that helps people to come in, talk and offload.

There are so many other things as well. If you are sitting with somebody trained, they can look for certain signs, certain words, certain… even just facial expressions or how the energy or the mood drops when they talk about certain things or people about their job.

So that trained person could look for things as well. But the other thing we’re missing is, again, which I didn’t have, but I do have with supervision, is building that trust. And if you saw somebody every week or even every month, just even to chat if you want, about holidays…

What happens in the brain is that you start to build trust, connection, rapport, relatability, credibility, all those things so that if there’s a time that DFIs or anybody else needs to then say “this has actually been really shit,” or “I’m struggling with my workload” or whatever that is, it’s 10 times easier to say to somebody that you’ve been meeting every week, every month, and have gotten to know, and got to trust and got to relax around, and all those things that the brain likes. It loves all those things, and we would be providing that for them and it would make it 10 times easier to start having those conversations earlier.

Paul: Yeah, I absolutely agree. It’s all about building that safe, non-judgmental space where someone can genuinely offload and become far more relaxed and de-stressed than when they walked through the door, isn’t it? It’s about building up that trust.

Hannah: Yeah, and I think coming back to that, as you said, that cultural awareness and credibility, I think that trust already is built. When they come to people like you or me, because we’ve had those backgrounds and those roles, there’s already a level of trust there.

They know I’m not going to judge them. For example, if they want to… people talk to me as I’m sure they do to you about these horrific jobs and they often talk quite clinically, quite coldly, quite matter of factly. There’s no particular tears or distress about some of it. And they know I don’t judge that. That’s not because they’re these cold monsters or anything. That’s just how they have to talk about their work.

And that’s completely normal to me actually. And also making jokes about it and stuff – those are all completely normal. So that trust and that non-judgment bit is there already.

Paul: It is. And when you talk about the clients that come to you and the way they talk about the trauma that they’ve been exposed to, I think from my point of view, when I reflect, you talk about it so openly with someone who understands, and to quote you, in quite a cold manner because you become normalized to it.

Hannah: Yeah.

Paul: It’s what happens, it’s what you’re used to. It’s what you see every day.

Hannah: Actually weirdly as well, talking about it normally I think can help the brain process it.

Paul: The way people talk about the trauma, you’re right, it must come across to people who haven’t been exposed to that in quite a cold way, but you become normalized to it. It becomes their normal, doesn’t it?

Hannah: Yeah it really does. And I think actually that’s right. I think there’s a line, isn’t there, Paul? Between having to normalize what they see and deal with – they have to, or their brain won’t process it at all. If everything is this incredibly heightened times a hundred trauma, their brain won’t be able to process that every day.

So if they normalize it, you can process it much better. But I know it also moves into a line of when you’re so desensitized that you lose all emotion or all connection and stuff. And that starts to affect, obviously, as we know, your private life and your relationships.

And I think it’s quite a fine line to be fair for DFIs, for law enforcement – how emotionally involved you remain in your job, but in your life as well. So yeah, I think they have to normalize it to a level that hopefully remains healthy.

Paul: Yeah, we’re drawing to a close now. Hannah, do you have any final words for the DFIs and everyone else watching out there?

Hannah: I think we’ve touched on it a bit, but if you don’t mind me just finishing off, I want to dispel a few myths a little bit really with modern therapy because I think it’s part of the stigma of people not coming forward. So maybe we could dispel some of them.

Just to finish off, my first one I’ve already touched on: please don’t think you have to be broken to come for help. You really don’t. So come as early as you’d like. Even if just for a chat to talk something through, to get different boundaries, different structure, whatever. Come as early as you’d like. Please don’t wait if you just want some help.

The second is that, again, we’ve touched on this – modern therapies have really moved on and absolutely there is a place for talking in depth regularly with a counselor or a therapist, but there are lots of different modern therapies and BWRT is one of them, but there are lots of others.

That genuinely are moving people on differently, more effectively, more quickly. So come and explore the different therapy options. Chat to people, chat to specialists, get word of mouth, anything like that, but explore it before you shut it down and think “I’ll just be stuck in therapy for two years and not move on” or “lying on a couch” or whatever people think therapy has to be.

Paul: Which is not the case, not these days, right?

Hannah: Really not. No, it’s really not. It’s got much more modern. Do your research and find somebody. I think any therapist worth their salt would give you a free consultation. I do. So that you can chat, ask questions: what does it involve? How long, roughly might this take? Costs involved, that sort of thing. So yeah. It’s really different now. Give it a go and give it some research.

And then lastly – and I’m so glad we are both on this page – accepting that you need therapy is not some downward spiral to the end of your career or life. It’s really not. In fact, the opposite for you and I, isn’t it Paul? This was absolutely the door to me being well and stronger and more positive and having this amazing life that I have now.

So this is not a one way street with no light at the end of the tunnel. It can be a really positive, life changing for the good approach to take. So yeah, I’d love people to know those things about therapy.

Paul: Thanks for that. I really appreciate those final words. I think people watching will realize it’s not a sign of weakness to seek therapy. It’s actually strength.

Hannah: It really is. Yeah.

Paul: It really is. It takes a lot of strength to do it. It takes a bit of strength to begin it, but as you progress, it gets easier and you become a much healthier person.

Hannah: You really do and actually you’ve touched on the best bit, honestly. The hardest bit is probably writing that email or text or whatever to a therapist and then going to the first session. That probably is the hardest bit. And I promise after that, pretty much for me, you and all my clients, it gets easier from there on. It really does.

So yeah. Get through that really horrible first bit and it gets better.

Paul: It really does. And I speak from experience when I say that.

Hannah: Yeah. Me too.

Paul: Hannah, it’s been amazing. Thank you very much for joining us tonight. We will include your contact details. I’m sure if anybody sees this podcast – obviously we’ll share your contact details – if they reach out to you, I’m sure you’d be happy just to speak to them as well.

Hannah: Always. And I think that’s what we try to make as accessible as possible. Just reach out, drop me an email, we’ll have a chat. No pressure at all. Let’s just talk through where you are and what options there are and we can go from there.

Paul: Fantastic. Thanks again for joining us, Hannah.

Hannah: Thank you so much for having me on.

Paul: My pleasure. Bye-bye.

Hannah: Bye-bye.

Oxygen Tech Bytes In July 2025

Welcome to the Oxygen Forensics webinar series — your go-to source for practical solutions to the most common and complex challenges in digital forensics — all in less than 20 minutes. Each episode delivers expert insights, real-world use cases, and quick, practical tips to help you work smarter, faster, and more effectively. Don’t miss out — tune in and level up your digital forensics game.

Check out our most recent on-demand webinars:

Validation, Automation, or DIY: Choosing the Right Tool for the Job

In the world of DFIR, one size rarely fits all. Sometimes, the goal is validation — ensuring work meets a defined standard. Other times, the sheer volume of data demands automation, though the costs in time, resources, and complexity can offset its benefits. Occasionally, the most efficient solution is simply rolling up your sleeves and tackling the task manually. Join John ‘Zeke’ Thackray and Keith Lockhart as they explore the pros, cons, and trade-offs of validation, automation, and DIY approaches in digital forensics.

Watch this 14-minute discussion about choosing the right digital forensics tool.

Five Ways Geo-Location Data Can Impact Your Investigation

Join Amanda Mahan and Keith Lockhart for another Oxygen Tech Byte where they can’t wait to talk about geo-location data on some topics that just never stop being of interest, especially with the prolific collection of location data we all live with in 2025!

Watch as 5 different impacts of geo-location data are covered in 18 minutes.

USB vs OTG: Acquisition Versatility at the Forensicator’s Fingertips

Join Ryan Ebersole and Keith Lockhart for the next iteration of Oxygen Forensics Tech Bytes where they will discuss USB-based collections and the unmatched versatility of multi-format USB adapter tools for focused data targeting, triage and acquisition. Ideal for field operations or controlled lab environments, their portability and cross-platform and multi-device capabilities make them indispensable in modern forensic workflows.

Watch this 16-minute discussion of USB vs OTG for digital forensics.

You can find the full list of informative on-demand Oxygen Tech Bytes webinars here.

About Oxygen Forensics

Oxygen Forensics is a global leader in digital forensics software, enabling law enforcement, government agencies, enterprises, law firms, and service providers to gain critical insights into their data faster than ever before. Specializing in remote and onsite access to digital data from cloud services, mobile and IoT devices, drones, device backups, UICC, and media cards, Oxygen Forensics provides the most advanced digital forensics data extraction capabilities, innovative analytics tools, and seamless collaborative analysis for criminal and corporate investigations to bring insight and truth to data.


# # #

Want to share an investigation with us?

We’d love to hear how our software supported you in solving your investigation. Please
contact us at marketing@oxygenforensics.com

Neal Ysart, Co-Founder, The Coalition Of Cyber Investigators

The Coalition of Cyber Investigators was co-founded by Neal Ysart and Paul Wright as a collaborative OSINT, digital-forensics, and cyber-investigations think-tank, offering cutting-edge intelligence, investigations, and cybercrime advisory services worldwide. Their combined professional experience spans more than 80 years, drawn from law enforcement, forensic leadership in the Big Four, strategic risk advisory, and open-source intelligence operations across multiple continents.

What inspired you and Paul Wright to create The Coalition of Cyber Investigators?

Paul and I initially established The Coalition of Cyber Investigations as an OSINT, Investigations and Digital Forensics think-tank to provide a platform to collaborate, share our 80+ combined years of professional experience and provide analysis of topical issues in the converging domains of investigations, digital forensics and OSINT. That convergence has created grey areas around admissibility, process integrity, ethics, context, and validation. The Coalition is our way of advancing the conversation so OSINT-derived evidence can be used properly and effectively.

However, very quickly we started getting asked to take on commercial work – training, OSINT, forensic product assessments, and investigations – and the Coalition has grown from there.

What is the Coalition’s mission and what types of cases do you take on?

Our mission was originally to help OSINT become standardised as a profession, with globally agreed methodologies, standards and training. However, as we are both investigators, we were increasingly being asked to conduct investigations – frequently in the investment fraud space, which led to Lajos Antal (Hungary) joining the Coalition and helping us establish a dedicated boiler room investment fraud practice.

How do you approach boiler room investment fraud investigations, and what makes them so complex?

We combine a comprehensive OSINT toolkit/approach with advanced cybercrime investigation and digital forensic procedures, underpinned by decades of casework. That lets us assess – with a high degree of confidence – whether an investment scheme is legitimate or a scam and gather more details on the criminals behind it. We apply the same methods for proactive validation so clients can avoid scams in the first place.  These scams are becoming increasingly complex as they are now totally technology driven – for example, they have real trading platforms, CRM systems, professional marketing operations, and personas and websites which are AI generated, so it’s increasingly difficult for the untrained eye to spot the warning signs.

You also publish research and thought leadership—what topics have you been focusing on lately, and why?

We’ve recently been focusing on a series of articles centered on the “OSINT cowboys” – these are the types of people that do not understand the importance of evidential integrity, ethics, safeguards and operational security measures. Our aim is to highlight the need to professionalise the domain of OSINT by shining a light on the bad behaviours and methods that cowboy practitioners use, especially where evidence needs to withstand legal scrutiny.

Are there any tools or platforms—commercial or open-source—you rely on regularly and recommend?

We are very wary about tools which label themselves “forensic” as often they are the very opposite, creating a risk that inexperienced practitioners could use them in the belief they are doing the right thing, but in reality, they are not adhering to the basic requirements of handling digital evidence which could ultimately jeopardise any formal proceedings. As a baseline, we tend to look for capabilities including (but not limited to) hashing, robust audit trails, preservation of metadata, repeatability, clear chain‑of‑custody support, and ownership transparency – regardless of whether the tool is commercial or open‑source.

What’s next for you and the Coalition—any new projects, training, or research in the works?

We are currently developing some bespoke OSINT training for law enforcement and also for regulators. And of course, we are constantly refining our methodology for Boiler Room Investment Fraud investigations as this is a really hot area for us right now.


And finally, what do you enjoy in your spare time?

My passion is motorcycles – it’s how I clear my head and do some real thinking. I currently ride a Triumph Tiger 1200 and a Ducati Scrambler 1100 (not at the same time :)).

The Balance Between Digital Forensic Examiners And Digital Evidence Technicians: Expertise Vs. Efficiency

by Debbie Garner, a retired law enforcement executive, technology advocate across the private and non-profit sectors, and Community Engagement Coordinator for Hexordia

Recent articles, blogs, and social media posts have raised concerns that, in many agencies and organizations, digital forensics is devolving into mere “button pushing,” with many of these so-called “button pushers” trained only to a basic level or familiar with a specific tool, without fully understanding how the tool works or how to explain its findings. This concerning trend is rooted in a multifaceted array of challenges, including significant budgetary constraints, a persistent lack of adequate personnel, and a pervasive scarcity of comprehensive training or the necessary funding to provide it. Furthermore, the desire for a one-stop-shop solution often overshadows the need for deep understanding, contributing to overwhelming workloads and persistent backlogs.

Currently, digital forensic labs face an overwhelming and ever-increasing influx of cases with no end in sight, as the backlog of digital evidence continues to rise. As a former law enforcement executive managing a large investigative work unit and a state digital forensics lab, trying to find the right balance between efficiency, effectiveness, and accuracy to minimize the backlog was a challenge. While one must be efficient in their examinations, they also must be diligent to ensure truth and justice.  

Currently, many agencies and forensic units are exploring workflows that balance the skills of highly trained digital forensic examiners (DFEs) with the efficiency of digital evidence technicians (DETs), but these workflows have yet to be perfected. With diverse skill sets, it’s important that departments are aware of each position’s strengths and weaknesses and how to best integrate both skill sets into their forensic workflows.

Playing to Each Role’s Strengths

DFEs are highly skilled professionals trained in deep forensic analysis, capable of extracting, interpreting, and presenting complex digital evidence. Their role extends beyond simply running forensic tools – they must understand artifacts, reconstruct digital activity, identify anomalies, and ultimately, explain their findings in a manner that is commonly understandable and admissible in court. Some of their key strengths include:

  • Expert Analysis: Uncover deleted data, reconstruct user actions, and analyze system logs.
  • Courtroom Testimony: Confidently articulate findings, defend methodologies, and withstand cross-examination.
  • Case Strategy: Work closely with investigators to shape digital evidence collection and analysis around case priorities.
  • Custom Solutions: Adapt forensic methods when standard tools fail, developing scripts or using novel techniques to extract and analyze crucial data.

By comparison, DETs, while less formally trained in forensic analysis, serve a critical function in digital evidence processing. Their primary responsibility is the acquisition, processing, and initial triage of digital evidence. They operate forensic tools to extract standardized datasets, allowing DFEs to focus on complex examinations. Additional key strengths include:

  • Efficiency: Handle routine data extraction and processing to free up DFEs for high-level analysis.
  • Scalability: Enable forensic labs to process a greater volume of evidence by distributing workloads.
  • Workflow Automation: Leverage forensic software to automate reporting and data filtering, reducing bottlenecks in casework.
  • Cost-Effective: Typically require less resource-intensive training than developing full-fledged DFEs.
  • Expediting Investigative Leads: Rapidly identify and extract immediate investigative leads such as obvious contraband, flagged keywords, or recent communications, allowing investigators to progress their cases without significant delays, preventing investigations from stalling while more in-depth DFE analysis is pending.

Relying too heavily on DETs may lead to incomplete or misinterpreted forensic results. Forensic tools, while powerful, cannot replace the expertise of an examiner who understands the underlying data. Automated processes may miss critical context, and improper handling of evidence could compromise a case. On the other hand, DFEs are often bogged down with routine tasks that do not require their level of expertise. The backlog of digital evidence can lead to delays in criminal investigations, sometimes rendering digital evidence less useful due to procedural and technical time constraints. That’s why it’s important to play to each role’s strengths.

Best Practice Workflow: Integrating DETs and DFEs

A hybrid model that leverages both DETs and DFEs can optimize efficiency while maintaining high forensic standards. Below is a suggested workflow:

  • Evidence Intake & Logging (DET): Proper documentation, chain of custody, and initial categorization of devices.
  • Preliminary Data Acquisition (DET): Imaging devices, verifying hashes, and applying automated triage tools to flag relevant data for immediate investigative leads.
  • Data Processing & Indexing (DET): Running forensic tools to generate reports on common data types and identifying immediate “low-hanging fruit” for investigators.
  • In-Depth Analysis (DFE): Investigating anomalies, recovering deleted files, examining logs, and conducting advanced analysis beyond routine extractions.
  • Quality Control & Peer Review (DFE & DET Collaboration): DFEs review DET-extracted data for completeness, and DETs assist in cross-referencing.
  • Report Preparation (DET & DFE Collaboration): DETs compile structured reports, while DFEs provide in-depth explanations and expert opinions.
  • Testimony & Case Support (DFE): DFEs appear in court, with DETs assisting with technical documentation.

This tiered approach ensures that critical investigative leads are identified swiftly, allowing investigations to progress, while detailed, complex analysis is still performed by highly skilled DFEs when needed.

Empowering Growth Through Defined Roles and Career Tracks

While acknowledging that not all agencies possess the resources to employ both DFEs and DETs, and many law enforcement professionals currently perform a combination of investigative, examiner, and analyst duties, the increasing prevalence and importance of digital evidence suggest a growing need for investment in specialized personnel, tools, and training.

This specialization also opens up valuable career path opportunities within digital forensics. Formalized titles and clear role delineations, such as those of the DFE and DET, can provide structured advancement paths for individuals entering the field, from foundational technical roles to advanced analytical and expert witness positions.

Ultimately, regardless of the specific titles used—be it Digital Evidence Technician, Digital Forensic Examiner, or others—the critical element is a clear delineation of responsibilities, continuous training, and robust quality control measures. This strategic division of labor is designed to ensure justice is served efficiently and effectively in the face of an ever-expanding digital landscape.

More Than Software: Amped Training Teaches You The Science Of Forensic Video And Image Analysis

When working with images and videos in a forensic setting, clicking buttons won’t get you far. What truly makes the difference is understanding the evidence: its origin, its journey, and the challenges it presents.

That’s the philosophy behind Amped Software’s training programs, where image processing and forensic science meet real-world application. Amped’s goal isn’t just to teach you how to use their tools; it’s to help you understand the “why” behind every click.

In their classes, Amped’s expert trainers go beyond teaching you how to use our tools; they also cover the scientific theory behind forensic image and video analysis. Amped believes that understanding the theory is essential to becoming a better investigator.

The expert-led sessions combine hands-on software practice with foundational scientific concepts, from understanding compression and video encoding to applying proper methodology in evidence analysis and processing.

Tools may evolve and change but scientific understanding stays with you throughout your entire career.

Explore Amped’s Training Programs – Learn the Tools and the Science

No matter your role or experience, there’s a course designed to meet you where you are, and take you further.

Amped FIVE Training

Your foundation in forensic video enhancement starts here. Learn how to handle, process, clarify, and present video evidence, all in one single tool and while following proper forensic methodology.

August 18-22, 9 AM – 1 PM CEST, Online

August 26-29, 8 AM – 4 PM CST (USA), Kansas City, MO (In-Person)

September 15-19, 11 AM – 3 PM EDT USA/Detroit – EDT (DST: GMT −4), Online

October 27-31, 9 AM – 1 PM CEST (Rome, Italy time)

November 4-7, 9 AM – 5 PM CET (Rome, Italy time), Amped HQ (In-Person)

November 10-14, 9 AM – 1 PM CET (Rome, Italy time), Online

Amped FIVE Additions

Already comfortable with FIVE?

This course unlocks its extended capabilities, from advanced aspects of video decoding and processing to deeper filter usage and investigative workflows. Ideal for users looking to push the software to its full potential.

Amped Authenticate Training

Learn how to verify image authenticity and uncover tampering. Amped Authenticate gives you the tools to conduct scientific image integrity analysis, and the training ensures you understand the forensic concepts and methodology behind it.

September 22-26, 9 AM – 1 PM CEST (Rome, Italy time), Online

September 29 – October 3, 11 AM – 3 PM USA/Detroit – EDT (DST: GMT −4), Online

October 7-9, 9 AM – 5 PM CEST (Rome, Italy time), Amped HQ (In-Person)

Investigating Video Evidence

This course is ideal for investigators, analysts, and first responders. You’ll learn how to convert proprietary video files, process video evidence, apply basic corrections and prepare the evidence for presentation. You will ensure its value and admissibility are maintained from the moment it’s seized.

Customize Your Learning Path with Focused Training Modules

After completing Amped FIVE training, you can tailor your learning with specialized add-on modules. These are designed for professionals who need targeted skills based on their role or casework focus.

Video Evidence Presentation

Learn how to present video evidence in clear, accurate, and compelling formats for investigative reports and courtroom use.

Measurements and Speed Estimation

Working on traffic cases? This module teaches how to calculate speed, distance, and real-world measurements from video evidence.

File Analysis and DVR Conversion

This module teaches the technical processes of analyzing proprietary video formats and converting DVR files accurately, without compromising evidence integrity.

October 21-23, 9 AM – 1 PM CEST (Rome, Italy time), Online

Amped FIVE Updates

Stay up to date with the latest features, workflows, and improvements in Amped FIVE. This module ensures your knowledge evolves with the software.

November 25-27, 9 AM – 1 PM CET (Rome, Italy time), Online

Prove Your Skills with the Amped Certified Examiner (AFCE) Certification

After training with Amped FIVE, you’ll be ready to take the Amped FIVE Certified Examiner (AFCE) exam. This professional certification tests your theoretical and practical aspects of forensic video analysis with Amped FIVE.

However, it also goes beyond software skills. The AFCE tests your understanding of image and video forensics, from compression to methodology, and gives you the credentials to back your expertise.

It’s not just about knowing how. It’s about proving you do.

Get Certified

Start Learning, Start Leading

You handle critical evidence. You write and produce reports that are presented in court. You influence investigations and outcomes.

Amped Software training gives you the knowledge, skills and insight to face your everyday challenges in digital multimedia evidence processing.

Start Now

Digital Forensics Round-Up, August 06 2025

A round-up of this week’s digital forensics news and views:

Digital Forensics Expert Offers Guidance on Starting DF Business

Patrick Siewert provides comprehensive advice for aspiring digital forensics entrepreneurs in the first part of a three-part series on starting a digital forensic business. He emphasizes the importance of choosing a clear, professional company name, carefully selecting target clientele, and establishing solid business foundations including mission statements and proper legal structures. Siewert warns against common pitfalls like taking on undesirable clients and reveals that major forensic tool providers make their products deliberately expensive and difficult for private practitioners to access, often due to pressure from their primary law enforcement customers.

Read more (dfirphilosophy.blogspot.com)

Hashcat v7.0.0 Released with Major Performance Improvements

Hashcat releases version 7.0.0 after two years of development, featuring over 900,000 lines of code changes and contributions from 105 developers. Major new features include an Assimilation Bridge for integrating external resources, Python Bridge Plugin for rapid hash-matching implementation, and hash-mode autodetection. Performance improvements include up to 320% speed increases for scrypt and major optimizations for NTLM and NetNTLMv2, while 58 new application-specific hash types have been added including support for Argon2, MetaMask, and LUKS2.

Read more (hashcat.net)

OWASP Releases GenAI Incident Response Guide 1.0

OWASP GenAI Security Project releases its first comprehensive incident response guide for security practitioners dealing with GenAI application incidents. Created by a panel of experts from the project’s CTI Initiative, the guide provides guidelines and best practices without requiring deep GenAI knowledge. It aims to fill a critical gap in helping security teams respond effectively to incidents involving generative AI systems.

Read more (genai.owasp.org)

Building the UFADE Touch V1: A Portable iOS Forensics Device

A forensics professional demonstrates how to build an affordable portable backup system called “UFADE Touch” using a Raspberry Pi 4B, 7-inch touchscreen, and specialized cooling components. Components cost around €175 and include a DSI interface display to preserve USB ports for data sources and drives. Assembly requires minor case modifications and specific configuration changes to Raspbian OS to support the display driver and optimize performance for the 1024×600 resolution screen.

Read more (cp-df.com)

DB Browser Offers Alternative to Spreadsheets for CSV Forensic Analysis

A new video tutorial demonstrates how to use DB Browser for SQLite instead of traditional spreadsheet programs when conducting forensic analysis of CSV files. Sherman Kwok walks viewers through downloading the tool, importing CSV data, and using SQLite commands for sorting, filtering, and formatting data. The tutorial covers basic to intermediate techniques including regular expression filtering for more efficient data analysis.

Read more (youtube.com)

machofile Tool Released for Mach-O Binary Analysis

Security researcher Pasquale Stirparo releases machofile, a new Python module designed for parsing Mach-O binary files with a focus on malware analysis and reverse engineering. The self-contained tool works across macOS, Windows, and Linux without dependencies and offers features including header parsing, entropy calculation, symbol extraction, and code signature analysis. Stirparo developed the initial version after attending Patrick Wardle’s macOS malware class, spending nearly two years refining the tool before its official release.

Read more (github.com)

Cybersecurity Expert Releases Memory Forensics Dataset for Malware Research

Daniel Jeremiah releases a comprehensive memory forensics dataset featuring controlled attack scenarios on Windows 10 systems for cybersecurity research and training. Six distinct scenarios cover process injection, credential dumping, Cobalt Strike beacons, and various remote access trojans including AsyncRAT and MasonRAT. Each scenario includes detailed memory dumps, attack characteristics, and evasion techniques designed for analysts to practice using tools like Volatility and YARA. Cases range from unknown infections to targeted intrusions, providing varied complexity levels for students, analysts, and researchers developing memory analysis workflows.

Read more (daniyyell.com)

Halfway Through The S21 Transcriber Spotlight Session

As we reach the halfway point of the S21 Transcriber Spotlight Session, the response has been incredible.

Over the past two weeks, we’ve explored key features that highlight how easy and fast it is to use this powerful, fully offline and secure tool. We’ve also highlighted how its real-world applications span diverse situations and regions, with multi-language support enabling investigators to work confidently with audio from a variety of sources.

What We’ve Covered So Far

The S21 Spotlight Session is now in full flow. See below for what has been covered in the last two weeks on our Social Media platforms:

Gui Walkthrough – a clean, intuitive interface

Real-World Applications – examples of how the powerful AI can benefit real casework

Built for Both: UK and US Transcription – one tool for all regions

Multi-Language Support – over 70 supported languages

Upcoming Content in the Next Fortnight

  • Playback With Precision – transcription linked to source material 
  • Speaker Diarisation – who said what, when
  • Editing With Confidence – tailor transcripts to your needs
  • From Transcript to Report – an end-to-end solution

To follow along live with these updates find links to our social media at the end of this article.

There’s Still Time to Explore the Tool for Yourself

As part of the spotlight, you’ll get full access to your own trial account and a self-guided training hub, including:

✅ A 30-day free licence
✅ Step-by-step walkthroughs
✅ Real-world examples you can try
✅ A certificate on completion

No pressure. No pitch. Just hands-on experience with the tools that could change how you work.

Ready to Take a Look?

Want to see real world usage?

Case Studies – www.semantics21.com/case-studies

Follow us on LinkedIn or X to catch each Spotlight update, or head to
👉 www.semantics21.com/spotlight to request your free licence and training.

Sign up 📝 http://bit.ly/3I58STF

No fuss. Just better forensics.

Safeguarding ICAC Investigators: Detego Global’s Commitment To Mental Well-Being

Investigating Internet Crimes Against Children (ICAC) is among the most vital and emotionally taxing roles in digital forensics. While their work delivers justice and protection for the most vulnerable, it often comes at a personal cost.

There’s growing awareness across the digital forensics community that supporting investigator well-being is just as important as solving cases. ICAC professionals regularly deal with high caseloads, long hours, and constant exposure to traumatic content involving child sexual abuse, exploitation, and trafficking. The cumulative stress of sifting through explicit images and footage, coupled with pressure to work quickly, places investigators at risk of burnout, secondary trauma, and long-term emotional distress.

Studies increasingly show elevated rates of PTSD-like symptoms among digital forensics professionals investigating these crimes. The field demands resilience, but it also requires proactive mental health support. That’s where technology can make a meaningful difference.

Leading DFIR technologists Detego Global believe tools should accelerate investigations and protect the people conducting them.

Technology Designed for Investigator Well-Being

Detego Global has worked closely with ICAC, CSAE (Child Sexual Abuse and Exploitation), IIOC (Indecent Images of Children), and offender management teams to build a platform that reduces exposure, streamlines workflows, and supports sustainable casework. Several features were developed with direct input from frontline professionals.

Minimising Exposure with Smart Visual Controls

To maintain forensic integrity while minimising the psychological burden of viewing traumatic material, Detego technology includes:

  • Selective Image Blurring and Video Frame Extraction, which soften visual triggers and allow investigators to review evidence without prolonged exposure to disturbing content.
  • Optional Thumbnail Removal, which prevents automatic previews of graphic images.

Speed Without Sacrificing Accuracy

The Xpress HashScan Mode in Detego Field Triage rapidly identifies illicit content, cross-referencing millions of known child abuse images and videos by leveraging Project VIC and CAID (Child Abuse Image Database). Investigators can quickly triage devices and zero in on relevant evidence – up to 6x faster than before – without manually reviewing every file.

Using semantic search and AI-powered “show similar” tools, the Detego platform helps pinpoint images based on context or appearance (e.g., “distressed child” or “man with child”), streamlining searches while reducing unnecessary exposure.

Targeted Analysis Through Automation

Detego Analyse AI+ further supports well-being by automating time-consuming tasks, reducing the cognitive load and improving the efficiency of analysis. Investigators can:

  • Use face recognition to match suspects, victims, or persons of interest in large datasets in seconds.
  • Apply advanced semantic searches to go beyond keywords, identifying concepts and contexts, or refine searches by location, emotion, or action (e.g., detecting a distressed child in a warehouse).
  • Leverage swift metadata analysis to pinpoint AI-generated pictures and videos.
  • Use AI transcription, which accurately converts audio and video files into searchable text, removing the need to listen to hours of distressing content.

What’s more, Detego Global partners with Project VIC to deliver full integration of the Project VIC SAFER model and Safer Viewing officer safety technology. VICSafer is designed to analyse large volumes of unknown images and videos encountered in child sexual abuse investigations, helping police locate files that have not yet been identified by law enforcement or recorded in a hash database. Together with Safer Viewing, which blocks out harmful content while still allowing examiners to conduct their review, this integration reduces investigator exposure to traumatic material without compromising the integrity of the investigation.

Streamlining Admin to Reduce Stress

Detego Global’s all-in-one digital forensics platform also addresses the administrative pressures that contribute to burnout. With tools like Detego Case Manager, teams can manage evidence, workflows, roles, and reporting in a centralised system. Combined with field-ready triage, data extraction, and analytical tools, this structure streamlines data collection and reduces decision fatigue.

Whether in the lab or on-scene, investigators have access to a consistent, flexible platform that supports faster resolutions and more manageable caseloads.

Protecting the Protectors

With the right technology, it’s possible to accelerate digital investigations without compromising investigator well-being. In the words of one ICAC investigator:

“Not only did I find the material needed, but Detego pulled the usernames and passwords matching the cyber tip in no time at all. This tool is going to be part of our workflow for a long time.”

Such feedback reflects the value of technology that’s both powerful and empathetic, designed to safeguard those who protect others. Detego Global is proud to offer ICAC professionals solutions that reduce exposure, improve efficiency, and foster resilience.

Organisations can experience Detego technology through a free 30-day trial and see first-hand how these tools safeguard investigators’ mental health while accelerating critical investigations.

As part of its commitment to ICAC investigators, Detego Global provides exclusive offers, including bulk licence packages and specialist training programmes. Get in touch today to learn more.

Semantics 21 Wants Your Help To Rename LASERi-X

We need you!

We’ve built the most advanced media forensics software in the world…

But we forgot one tiny detail: the name still sounds like a rejected X-Men character.

That’s where you come in.

Over the last few years, S21 LASERi-X has evolved from a powerful media review tool into the only true CSAM victim identification solution on the market. It’s got features nobody else has – Auto CSAM detection, AI location prediction, AI deepfake detection, school badge lookup, user exposure monitoring, AI describe – you name it, it’s in there.

But we’ve heard your feedback:
✅ “The tools amazing, it’s like ******** on steroids.”
❌ “There’s almost too much going on.”

So, we’ve spent the past year redesigning the whole thing – new look, simpler workflows, same powerful offline standalone engine. It’s nearly ready but before we unleash it on the world…

We need a new name.

And no, we don’t have Apple’s crack naming team, or the luxury of driving through California wine country until inspiration strikes.

So, we’re asking you – the brilliant, slightly sarcastic, digital forensics community – to help us choose a name worthy of the tool.

We’ve shortlisted a few options to vote on, or you can suggest your own (yes, even “Findy McFindFace” if you must – we’ll pretend to judge you quietly – (Find the Boaty McBoatface story if you need a laugh 😆).

⦿ S21 VisionX (for crystal-clear insight)
⦿ S21 Chimera (mythical creator that killed a griffin)
⦿ S21 Hunter (gets results, finds monsters)
⦿ S21 Reveal (because that is what it does)
⦿ S21 Media Explorer (nice and literal)

Takes 30 seconds, might change the future forever – no pressure.

Submit Name Idea

Bragging rights + free software? Yes please. One lucky name-dropper gets a full year of access for their entire team to the software formerly known as S21 LASERi-X.

Curious now? Request a trial licence of S21 LASERi-X.

P.S. Please don’t call it “Analysi McAnalysisFace” – our marketing guy is already twitching.

Digital Forensics Jobs Round-Up, August 04 2025

A selection of the latest DFIR job vacancies (got a job you want to feature in the next round-up? Submit the details here):

USA

Digital Forensic Examiner (DFE)

Office of the Illinois Attorney General

Chicago, Illinois

Responsible for conducting forensic analysis of digital evidence in both laboratory and field settings, providing technical support to investigators and attorneys, assisting with investigations and prosecutions, and requiring frequent in-state travel for on-scene examinations.

View Job

Digital Forensic Examiner

The Sate of Vermont

Waterbury, Vermont

The role involves analyzing digital data from various electronic devices, preparing forensic reports, maintaining evidence records, collaborating with law enforcement, extracting digital evidence, participating in court proceedings, and attending employer-funded training programs of varying durations.

View Job

NMEC Forensic Audio-Video Examiner

SecureStrux

Bethesda, Maryland

Opportunity in Bethesda, MD for a professional to analyze audio and video evidence, supporting the National Media Exploitation Center. Requires strong teamwork skills and expertise in forensic examination of multimedia materials.

View Job

Digital Forensics Investigator

Connsci

Gaithersburg, Maryland

Responsible for identifying, collecting, examining, and analyzing electronic data to support investigations, this role requires expertise in digital forensics processes and evidence handling to ensure the integrity and accuracy of findings.

View Job

Digital Forensic Analyst

Peraton

San Antonio, Texas

Seeking a professional to conduct digital forensic analysis for sensitive criminal investigations, including data extraction, evidence preservation, and recovery from various electronic devices, while ensuring proper evidence handling, documentation, and potential courtroom testimony as an expert witness.

View Job

DFIR Engagement Manager

SentinelOne

Remote

Seeking an experienced investigator with strong technical and customer service skills to conduct digital forensic investigations, threat hunting, incident readiness assessments, breach investigations, malware analysis, and proactive security operations for global clients.

View Job

Digital Forensics Examiner

RELI Group

Remote

Seeking an expert to provide digital forensic support for cybersecurity objectives, including evidence collection, digital investigations, post-incident analysis, and collaboration with incident response teams, while ensuring proper chain-of-custody and preparing findings for legal and regulatory review.

View Job

Digital Forensics Examiner

SHINE Systems

Forest Park, Georgia

Responsible for conducting complex forensic analysis of digital and electronic devices, managing evidence integrity, extracting and analyzing data, documenting findings, preparing reports, and participating in quality control and laboratory maintenance activities.

View Job

Digital Forensic Examiner (CELLEX/DOMEX)

Amentum

Forest Park, Georgia

Responsible for disassembling devices to access digital data, extracting and analyzing targeted information, and documenting findings in LIMS and case files, including detailed processing techniques and examination results for future analysis.

View Job

UK

Frontline Digital Technician – Forensic

Thames Valley Police

Oxford

This role supports crime investigation by conducting early digital forensic examinations, triaging exhibits, and maintaining accurate records. It requires strong IT skills, self-management, and the ability to handle sensitive material, with travel across various locations.

View Job

Manager, Digital Forensics & Expert Services

Consilio

London

Leads and conducts digital investigations and data preservation for complex litigation, utilizing expertise in forensic tools and ESI protocols. Supports the EMEAA team by managing the collection and handling of electronically stored information from diverse data sources.

View Job

Teaching Fellow in Cyber Intelligence and Digital Forensics

University of Portsmouth

Portsmouth

Join a leading university recognized for teaching excellence and global impact, offering a collaborative environment that values ambition, responsibility, and openness. Be part of a professional community committed to innovation, achievement, and personal growth.

View Job

Audio-Visual Senior Forensics Technical Manager

HM Revenue & Customs

Nottingham

This role leads the development and delivery of technical procedures in audio-visual forensics, ensuring compliance with regulatory and ISO standards, overseeing quality assurance, supporting UKAS accreditation, managing evidence, and potentially supervising staff within a national investigative context.

View Job

DFIR Consultant

Pentest People

Remote

Seeking a professional with strong analytical and problem-solving abilities to join a dynamic team, responsible for mitigating cyberattacks and improving clients’ security measures in a fast-paced environment.

View Job

Digital Forensics Services Assistant Technical Manager

British Transport Police

London

This role supports the delivery of efficient digital forensic services, overseeing laboratory activities, staff development, and compliance with ISO standards. Responsibilities include managing technical quality, supporting investigations, and leading competence testing to maintain high professional standards.

View Job

Digital Forensic Technician

Dyfed Powys Police

Dyfed

Supports the Digital Forensic Unit by extracting, imaging, and analyzing data from computers and mobile devices using accredited forensic methods, including dismantling hardware, isolating information, and conducting basic triage examinations for policing purposes.

View Job

Digital Forensic Investigator

Greater Manchester Police

Manchester

This role involves conducting intelligence-led digital forensic investigations, analysing data from various digital devices to support complex police cases. Candidates will present evidence in court, collaborate with a specialist team, and handle sensitive material related to serious crimes.

View Job

Mobile Devices Forensics Analyst- Mobile Devices Forensics Investigator

Resillion

Birmingham

Responsible for analyzing various mobile devices for forensic purposes, preparing detailed written reports and statements, and supporting potential court proceedings through accurate documentation of findings.

View Job

Australia

Assistant Vice President / Vice President, Digital Forensics, Global Information Security

Bank of America

Sydney

Seeking adaptable professionals with 3–5 years of digital forensics experience to join a diverse, inclusive team focused on responsible growth, offering career development, flexible work options, and comprehensive benefits supporting overall well-being.

View Job

Digital Forensics & Incident Response Specialist

Robert Half

Sydney

This role involves developing digital forensics and incident response capabilities in the APAC region, focusing on incident investigation, response, and automation, while collaborating with global security teams in a follow-the-sun operational model.

View Job

Digital Forensic Specialist

Datacom

Brisbane

Seeking an experienced professional to lead digital forensics and incident response engagements, deliver proactive cybersecurity advisory services, and support major incident investigations across Australia or New Zealand. Strong analytical, communication, and problem-solving skills required.

View Job

Canada

Digital Forensic Specialist

Oracle

Mississauga, Ontario

Responsible for conducting digital forensic investigations, collecting and analyzing digital evidence, producing detailed reports, developing investigative tools and playbooks, advising on security risks, and mentoring junior staff, while collaborating with incident response teams to resolve security events.

View Job

Senior Investigator, Digital Forensic Services

Scotiabank

Toronto, Ontario

Responsible for supporting digital forensic and corporate security objectives in Canada by executing initiatives, achieving individual goals, and ensuring compliance with regulations, internal policies, and procedures to advance team business strategies.

View Job

Senior Manager – Digital Forensics and Incident Response (DFIR)

Sutherland

Windsor, Ontario

Seeking an experienced professional to lead digital forensics, incident response, and threat intelligence functions, manage cyber investigations, coordinate with vendors, and deliver executive-level updates. U.S.-based candidates with strong technical and communication skills are preferred.

View Job