A round-up of this week’s digital forensics news and views:
Official Launch of SOLVE-IT at DFRWS EU 2025
The official launch of SOLVE-IT at DFRWS EU 2025 introduces a peer-reviewed, community-driven digital forensic knowledge base designed to document and index investigative techniques, their associated weaknesses, and mitigations. Inspired by MITRE ATT&CK, SOLVE-IT also supports quality assurance, tool validation, and capability assessments through customizable Python tooling that outputs data in various formats. By mapping weaknesses in tools and processes, it helps prevent errors in forensic investigations and supports compliance with standards like ISO 17025 and ASTM E3016-18. The project encourages contributions on GitHub, offering opportunities to expand techniques, document mitigations, and link relevant research.
CAINE 14.0 “LIGHTSTREAM” is out
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution tailored for digital forensics, currently managed by Nanni Bassetti. The latest release, CAINE 14.0 “Lightstream,” is based on Ubuntu 24.04 and features Linux kernel 6.8.0-52. It offers an interoperable environment supporting the four phases of digital investigation, enhanced by a user-friendly graphical interface. Notably, all block devices are mounted in read-only mode by default to prevent accidental data alteration, with tools like “UnBlock” and “Mounter” available to modify this setting when necessary. Due to ISO size constraints, Autopsy and GIMP are not pre-installed but can be added post-installation. CAINE embodies the open-source philosophy, inviting community contributions to its development and maintenance.
AI Image Metadata Checker
A new open-source command-line tool, the AI Image Metadata Checker, has been released to assist digital investigators and analysts in identifying AI-generated content within image files. By scanning image metadata, the tool flags indicators of AI generation and displays any embedded details directly in the terminal. This functionality is increasingly vital for verifying image authenticity in digital investigations and threat analysis. The developer encourages the community to explore the tool’s repository, experiment with its features, and contribute suggestions or improvements.
AI Unpacked: Magnet Forensics’ New Series On AI In DFIR
Brandon Epstein joins the Forensic Focus Podcast to explore the increasing influence of artificial intelligence in digital forensics. He recounts his path from major crimes detective to co-founder of Medex Forensics, now part of Magnet Forensics, where he continues to lead innovation. Brandon discusses AI-driven tools like Magnet Axiom’s Copilot and Magnet Verify, emphasizing the importance of distinguishing between investigative leads and evidentiary findings. He also addresses the complexities of media authentication in the age of deepfakes, the industry’s move to cloud-based platforms, and previews his upcoming “AI Unpacked” webinar series.
Misogynistic content driving UK boys to hunt vulnerable girls on suicide forums
A new joint taskforce between the UK’s National Crime Agency (NCA) and counter-terrorism police is being launched to combat the rise of online misogynistic and violence-fixated networks among young males. Authorities warn that these individuals, often operating in “com networks,” target vulnerable women and girls through platforms linked to eating disorders and suicidal ideation, and are increasingly showing traits associated with both sexual abuse and terrorism. The decision follows concerns that violent obsessions online are blurring the lines between criminality and extremism, as seen in recent tragedies. Officials say these communities have grown sixfold in two years, and stress that tech companies must take greater responsibility in curbing algorithmic promotion of harmful content.
SWGDE: Considerations for Body Worn Camera
The Scientific Working Group on Digital Evidence (SWGDE) releases a comprehensive draft guidance document for public comment, offering detailed considerations for agencies implementing or evaluating body-worn camera (BWC) systems. Covering everything from base unit specifications to video and audio encoding, metadata handling, data security, and automated analysis, the document addresses technical, operational, and legal aspects of BWC deployment. It emphasizes the importance of configuration, storage, redaction, and audit processes to preserve evidentiary integrity. The guidance also explores future-oriented topics such as AI-driven content analysis and end-of-service data migration, reinforcing BWC systems’ critical role in public safety and digital forensics.
Potential Legal Arguments for and Against 5G Cell Site Analysis (CSA) in Criminal Trials (Part1)
A new briefing explores how 5G technology complicates the use of Cell Site Analysis (CSA) in criminal investigations, highlighting both prosecution arguments for its continued relevance and defence concerns over its reliability. While CSA can still offer general movement patterns and leverage richer 5G network data, critics argue that dynamic features like beamforming and massive MIMO undermine distance-based inferences and the validity of traditional RF surveys. Legal standards are expected to evolve, with courts likely to demand more rigorous corroboration and updated forensic guidelines. The document warns that 6G will present even greater challenges, underscoring the need for proactive legal and technical adaptations.
Read More (Greg Smith, LinkedIn)
Daily Blog #805: Mount That Thing!
David Cowen spotlights Hal Pomeranz’s open-source tool Mount That Thing (MTT) in his latest Daily Blog, offering a powerful solution for digital forensic analysts working with Linux disk images. Designed to streamline the mounting of complex LVM structures that many commercial tools struggle with, MTT automates detection, mounting, and export of partitions from E01 or raw images. The script ensures read-only, forensic-safe operations, supports multiple file systems, and includes features for exporting to E01 format and safely unmounting all resources. With audit logging and optional segmentation for exports, MTT is positioned as an essential utility for Linux forensics.
Read More (Hacking Exposed Computer Forensics Blog)
Title of Study: Neurodivergence, Mental Health, and Stress in DFIs
A new study explores the relationship between neurodivergence, secondary traumatic stress, coping mechanisms, compassion satisfaction, and mental health in Digital Forensic Investigators (DFIs). Open to anyone currently working as a DFI, the online survey invites participants to anonymously share their experiences and perspectives, regardless of whether they identify as neurodivergent. Conducted by MSc student Chloe Mchugh under the supervision of Dr Fiona Gullon-Scott, the study aims to address gaps in current research and improve understanding of how neurodivergence may impact workplace stress and coping strategies. Ethical approval has been granted, and participants can withdraw at any point before submission.
Read More (Newcastle University, School of Psychology)
DF/IR was built in a garage
Brett Shavers’ new blog issues a clear and urgent message: digital forensics and incident response (DF/IR) professionals must define their own standards before external regulators do it for them. Tracing DF/IR’s roots to grassroots “garage forensics,” he emphasizes the importance of practitioner-driven innovation while acknowledging the growing need for practical, defensible guidance. With policy-makers and legal advisors eyeing the field, the blog highlights the fragmented nature of current efforts—spread across labs, vendors, academia, and certifying bodies—and calls for a united, community-led approach to shaping the future of DF/IR before it’s shaped by those who don’t understand the work.
Introducing ‘Spidernet’ – a smart tech tool to tackle digital crime
A team of computing and criminology experts from the University of Portsmouth and the University of Winchester has developed SpiderNet, a prototype digital forensics tool that could revolutionize the investigation of online crimes. Unveiled in Future Internet 2025, SpiderNet leverages cloud computing to trace digital “DNA” across smart devices, helping identify owners and recover deleted or hidden data—even from remote cloud storage. Inspired by the structure of interconnected data centers, the framework introduces a real-time alert system to flag illegal activity, tampering, or cloned devices. With future development and AI integration, SpiderNet could be adopted by law enforcement, intelligence agencies, and the military to tackle emerging digital threats.
