Alexis Brignoni, Special Agent and Digital Forensic Examiner, FBI

FF: Alexis, tell us about your background and how you ended up in your current role at the FBI.

When I graduated college, I went to work in the information technology department of the university I graduated from. As I was thinking about what I wanted my career to look like down the road, I came across the FBI Special Agent position on the USAjobs.gov website. At that time, 17 years ago, they were looking for candidates with technological backgrounds as well as foreign language speaking abilities. As a computer science graduate with an MBA in Management of Information Systems, who also happened to speak Spanish natively, I had the right skills at the right time. After a very hard and intensive process, I was given my badge and credentials as an FBI agent. It goes without saying that this was one of the proudest moments of my life.

One of the many good things about the FBI is that we want to hear from people with all different levels of experiences and skills that are interested in keeping our country safe while doing meaningful work every single day. Folks can go to fbijobs.gov and research all the different careers available at the FBI.


FF: What does a typical day at work look like for you?

AB: As a Computer Analysis Response Team (CART) Digital Forensics Examiner (DFE), it is my job to Identify, Preserve, Analyze, Document, and Present on items of interest from digital systems and media. This means I will be working on mobile devices, computers, and even vehicles (cars, trucks, EVs) in order to determine the truth of a past event as recorded in these devices.

Most of my work involves mobile devices like iOS and Android cellphones. This fact informs my approach on the open-source tools I maintain, as well as how I understand developments across the broader field of digital forensics. It is important to underline that neither the tools nor the opinions I express are endorsed by the FBI. These DO NOT represent or reflect on the FBI or FBI policy in any way. I speak only for myself and no one else.

It is important to recognize that this truthful reconstruction of the past from digital media by a skilled DFE can demonstrate guilt, or innocence, in the context of a legal proceeding. This fact places on the DFE an immense level of responsibility. Getting it wrong is not an option. This is why for 2025 I want to focus on three aspects of the DFE that speak to our quality as individuals beyond our technical knowledge. These are:


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


  • Probity. It is defined as having strong moral principles. We are not here to please our stakeholders. We are here to find and present facts. Probity is leaving our beliefs at the door and working based on our values, with the value of truth being the one to lead us.
  • Attention to detail. Accuracy is key. Being able to look at massive amounts of data in order to pick out what is really important is a skill we have to consciously work on every day. It requires discipline and work ethic, especially when you are pressured to get results quickly. DFEs need to push back and assert that attention to detail takes time and is a requirement we won’t compromise on.
  • Due Diligence. This is what we owe our cases, what we owe our stakeholder, and what owe to ourselves. We owe our cases time, expertise, and thoroughness. We owe our stakeholders concise, clear, and accessible explanations of our work and how it impacts the case. We owe ourselves to reflect on what we could do better, to make time to self-train and to conduct research. We owe ourselves to not be content with being mediocre and making sure we share what we learn with others.

FF: Tell us about your RLEAPP, ALEAPP, iLEAPP and VLEAPP open-source tools and how they benefit digital forensic practitioners.

The tools are collectively known as the LEAPPs and their purpose is to quickly triage items of digital evidence using an open-source framework. They are coded in Python and are designed to be accessible to developers with a beginner level of experience, while providing for the complexity advanced developers need.

One of the benefits of the framework is that it automates the ingestion and reporting of data, which means it is easy and quick to build a parser for an artifact that third-party paid tools don’t support yet.

We are currently working on a new reporting system called LEAPPs Artifact Viewer App (LAVA) that we unveiled recently at the 2024 Cyber Social Hub Conference. It will allow for faster, modern, and efficient reporting of LEAPPs’ parsed data. Folks can sign up at LEAPPs.org to receive notifications of the latest LEAPPs releases, as well as when LAVA will be made available to the public.

As data sources multiply exponentially, we can’t expect paid tools to keep up with all our parsing needs the moment we might need them. The job of the DFE is not to just use tools or press buttons to see what the tool is unable to identify. The main job of the DFE is to be able to recover, parse, and interpret data when the commercial tools cannot. This assumption that commercial tool output is all encompassing is a willful negation of our due diligence responsibilities.

Since the tooling is open-source, transparency is built in. Anyone can look at the code and follow the operations of it. Even though source code access is not needed for validation and verification, having it does help.

I believe the future will favour the DFE that uses tools, knows code, and understands how relevant technology operates, while also being able to put it all together in the context of an investigation. Alex Caithness has said: “Learn to code because every artefact exists because of code.” I agree. This understanding needs to be part of every DFE skill set moving forward if we are to be successful in our mission to uncover the truth, wherever it might be.

FF: Are there any other challenges within digital forensics for which you’d like to see open-source solutions?

I would like to see not only open-source development but also any type of development that grows our understanding of how memory operates in Android devices. MSAB is doing great work on this front and I would hope others will join them in this area. Memory analysis of Android devices is an area that many are not aware of, and we need to be. Unlike RAM analysis on computers, the memory of an Android device keeps data between reboots and after turning the device off. This means there could be a lot of data persisting in memory that might not be found on the device’s storage anymore. I welcome any and all developments in this direction.

FF: Tell us about the Digital Forensics Now podcast. What is it like being the host of such a popular show?

When I proposed the idea to my wonderful and amazing co-host, Heather Charpentier, we had no idea how well received the podcast would be by the community. It has been a little over a year since we started the podcast, and we are enjoying every second of it.

I believe the podcast is filling a need for consistent content that speaks specifically to current matters in digital forensics, as opposed to other podcasts where the focus is the broader fields of incident response and cybersecurity. We have tried to stay away from making the podcast an interview show, in order to present the current news and our opinions on these topics of interest.

To me, one of the unexpected sources of value that the podcast provides is the chat community that has grown when we are live on YouTube. I know you won’t find a more active and smarter group of people than the folks that chat with us when the show is being streamed live. We leverage their knowledge during the show for the benefit of the rest of the audience but also, and mainly, for our own benefit. I don’t have enough words to express how grateful we are for the folks that chat live, the ones that send us messages over at our podcast’s social media presence, and for all the opportunities the podcast gives us to disseminate important information with a personal touch from those that are active in the field.

FF: How do you see AI evolving in the digital forensics space, and what safeguards need to be in place to ensure its proper use?

This is a great question that could easily fill a 300-page dissertation. From my perspective, current generative AI implementations come with a risk level that has yet to be mitigated by standardized policies or procedures. It is also important to recognize that adoption proponents rarely talk about AI limitations and how using those systems might affect current processes. There is work to be done before we add these technologies into our workflows.

If DFEs start using Large Language Models (LLMs) without output verification, we will quickly find that such reports will be filled with errors. In fields where the output can change lives forever, like medical or legal, we need to go slow and make sure we are doing things right.

Some things to consider:

  • Discovery responsibilities. I can easily foresee an immediate future when the opposing party in a legal proceeding will require the prompts that were given to the AI in order for it to achieve the provided output. Are the prompts consistent with the legal authority provided? Has the AI touched upon matters not covered in the legal authority? Legal proceedings are based on transparency, and we need to start thinking about how to make these technologies more transparent, in regards to how they work and how we explain the way they work. More logging and more traceability are needed.
  • Training data provenance and bias. Where has the training data come from? Has it been procured in a way that does not violate the authorship rights of others? In the same way we will never use unlicensed software, do we know where the training data came from? There are many documented cases of bias manifesting in AI output. Bias needs to be fully avoided. We need to establish not only best practices on usage but also best practices on how to compile the training data to be used for these systems within our field.
  • Lack of consistent answers / variability. AI will give you the same answer to a question only once. The multiple answers to the same question might change a little, a few words here or there, or they can change a lot, to the point of hallucination. This means that current validation processes are not suitable for AI, and therefore all AI output needs to be verified for accuracy. We need to think about validation processes that are suitable for these technologies, while realizing the time limiting reality that these tools impose when the verification of every single piece of output provided is needed.

FF: And finally, apart from coming up with brilliant digital forensics memes, what do you do in your spare time?

I love memes! Being able to make a joke that other DFEs relate to brings the community together. We are not as distant as we might think we are. Even if you are the single DFE in your office, there are thousands of others that understand you, want to help you, and laugh with you when you enjoy a meme about our field.

Memes are great, but I do like other things. Since 1998, I’ve been playing a video game called Starcraft. I love lifting weights but hate cardio. Teaching is an activity that fills me with joy.

Because of that, I am proud of being the author of the Android portion of the IACIS Mobile Device Forensics Course and also the author and instructor of the data structure portions of the IACIS Advanced Mobile Device Forensics Course.

I literally love long walks on the beach and reading books but mostly the audible kind. At the end of the day, there is no real spare time. We decide what we do with the time we are given, and my hope is to use it as best as I can.

Leave a Comment