A round-up of this week’s digital forensics news and views:
Techno East 2026 Highlights AI, Ransomware, And Crypto Investigations
Techno Security & Digital Forensics Conference East returns to Myrtle Beach on June 2–4, 2026, with more than 120 sessions across six tracks. Topics span AI artifacts, ransomware response, crypto laundering, IoT evidence, eDiscovery, and legal workflows, alongside labs, vendor deep dives, and a ransomware-themed CTF.
Apple Watch Acquisition Techniques And Evidentiary Artifacts
Apple Watch evidence can play a key role in mobile investigations. Health data, workout routes, and deleted messages may reveal details an iPhone alone does not show. That makes the device a valuable source when investigators need a fuller picture.
MacOS Metadata Gaps Can Skew Forensic Findings
macOS metadata sources can diverge, creating blind spots in forensic workflows. Examiners who rely only on easy-to-query artifacts may miss evidence or build weak timelines. A sound approach captures both filesystem metadata and indexed data to support a fuller, defensible examination.
Vehicle Forensics: Identifying Locations of Interest Using Wi-Fi Events
Berla shares a reference aimed at helping investigators verify vehicle data and find alternative ways to track vehicles. It points practitioners toward wider thinking in casework and may help strengthen findings with supporting data. The broader series also appears useful for examiners working with vehicle-related evidence.
Amcache Reliability Question Highlights Need For Validation
A practitioner says Amcache can sometimes show data that does not match the related PE file. Velociraptor is presented as a useful way to dig deeper, underscoring a core DFIR lesson: trust artifacts, but verify them.
SWGDE Seeks Public Comment On Draft DFIR Standards
SWGDE is asking practitioners to review draft documents ahead of its Spring 2026 meeting in Virginia. Public feedback can help make the standards more practical for real lab work and daily case demands. The call gives DFIR professionals a chance to shape guidance before it is finalized.
ALEAPP 3.4.1 Adds New Mobile Forensics Extractors
ALEAPP 3.4.1 brings a wide set of new Android artifact extractors, including LinkedIn, DuckDuckGo Browser, Thunderbird Mail, Google Voice, and Pixel Watch support. It also speeds up media file lookups by about 20 times, updates several existing modules, and includes security fixes for mobile forensics work.
Creating An Ubuntu 26.04 Memory Profile For Volatility 3
A new guide explains how to build an Ubuntu 26.04 memory profile for Volatility 3. It updates an older method for custom Linux profiles and highlights steps that no longer work on current systems. The walkthrough focuses on fixing those issues so analysts can keep Linux memory analysis workflows running.
Crush-Forensics V0.5.0 Adds Faster File Review Features
Crush-Forensics v0.5.0 introduces an open-source workbench for reviewing files in forensic acquisitions without full extraction. New capabilities include direct ZIP and TAR navigation, multiple forensic data viewers, and SHA-256 integrity checks with hash manifests. Cross-platform binaries aim to widen access for DFIR practitioners.
OSINT Training Supports Cross-Border Child Exploitation Investigations
OSINT Industries says it delivered ICAC-focused training in Bangkok with OFMIN for Thai law enforcement units. The program centered on cross-border OSINT workflows for online child exploitation cases and brought together cybercrime, trafficking, and child protection teams. It also highlights free ICAC OSINT training for law enforcement worldwide.
