A round-up of this week’s digital forensics news and views:
Hexordia Podcast Examines Bias In Digital Forensics
Algorithmic gaps in forensic tools and analyst bias can shape what investigators find and how they interpret it. The discussion stresses rigorous protocols, independent auditing, and intellectual honesty to help digital evidence stand up in court and investigations.
Forensic Fix Examines Crypto’s Growing Role In DFIR
Forensic Fix’s latest episode explores how cryptocurrency is moving from a niche topic to a core investigative skill. Host Adam Firman speaks with Matt Humphries about crypto intelligence, artifact maturity, and why agencies can no longer defer building this capability. Their discussion frames blockchain evidence as an urgent area for DFIR teams to understand.
Webinar Introduces ADF Pro For Mastering Triage
ADF Solutions demonstrates how ADF Pro handles on-scene triage for computers, phones, and other devices. The demo highlights live Windows scanning, mobile preview for Android and iOS, screen capture, and selective collection aimed at reducing lab backlogs.
Open-Source Tool Targets Meta Glasses Artifacts In Mobile Extractions
A new open-source tool called Spectacular helps examiners identify Meta Glasses activity in iOS and Android extractions. It parses settings, sync logs, linked accounts, Meta AI prompts, related media, and EXIF data that may reveal location information. Cross-referencing phone, Wi-Fi, Bluetooth, and media artifacts could support attribution and timeline analysis.
Project Stark Explores CarPlay Handshake Forensics
Project Stark focuses on forensic reconstruction of the CarPlay handshake. That makes it relevant to practitioners working in mobile forensics and device interaction analysis.
Tool Proliferation Reflects Modern DFIR Demands
DFIR teams are adding more tools because modern cases span cloud, mobile, identity, and app data. Doug Metz argues the main challenge lies in the gaps between platforms, which can slow investigations and complicate reporting. The discussion reframes tool growth as a response to case complexity rather than poor workflow choices.
Read more (magnetforensics.com)
Brett Shavers Warns DFIR Examiners Against Bias-Driven Conclusions
Brett Shavers argues that tool skills and lab exercises do not equal an investigative mindset in DFIR. He says real cases demand judgment under ambiguity, careful attribution, and a willingness to test and break your own theory. A simple fake-image example shows how confirmation bias can turn weak evidence into a false conclusion.
ALEAPP And PRFS Backups Improve Android Triage
A new blog explores how combining ALEX PRFS backups with ALEAPP can improve Android triage. It highlights a practical path for collecting and processing logs when full file system extraction is not yet available. That makes partial data more useful while examiners wait for broader device support.
SANS Warns AI Now Shapes Every Major Attack Technique
SANS says all five attack techniques in its RSAC 2026 keynote now carry an AI dimension. Speakers warned that AI is accelerating zero-day discovery, supply chain abuse, OT risk, and attack speed, while also creating DFIR hazards. SANS also introduced AI investigation frameworks and a Protocol SIFT hackathon.
Lockdown Mode Reshapes IOS Forensic Acquisition
Apple’s Lockdown Mode can block common iPhone forensic workflows by requiring an unlocked device for wired connections and preventing new profile enrolment. It also changes what artifacts are created, which can make normal data gaps look like deletion or anti-forensics. Examiners are urged to document device state early, avoid destructive steps, and turn to host, cloud, or legacy hardware paths when needed.
