A round-up of this week’s digital forensics news and views:
New Guide Outlines Best Practices for Validating Digital Evidence
James Henning publishes a comprehensive instructional paper on digital forensic validation, addressing critical methods for ensuring accuracy of digital evidence. Henning details five levels of validation from basic sanity checks to contextual testing, with specific focus on location data, media files, and timestamp interpretation. The document provides practical examples of validation failures, including carved location data producing false positives and manipulated photo metadata being used for false alibis.
Drone Forensics Aids Police in Fighting Crime and Terrorism
Law enforcement agencies increasingly use digital forensics to extract evidence from drones used by criminals, terrorists and spies. Lee Lerussi explains how investigators analyze flight logs, GPS data, communication records and metadata from captured drones to solve crimes and prevent future attacks. Advanced techniques allow police to trace drone operators, uncover smuggling networks and gather counterintelligence from devices used near sensitive installations.
iLEAPP Parser Developed for Potato Chat Digital Forensics
Christian Peter has developed a new iLEAPP parser to process data from Potato Chat, an iOS messaging application that previously lacked forensic tool support. Research builds on previous work by examiner Forrest Cook, revealing how the app stores messages, media files, and user data in SQLite databases and binary blobs within the iOS file system. Key artifacts include chat messages in tgdata.db, media references in binary format, and group chat data requiring specialized parsing techniques to extract readable information.
Techno Security & Digital Forensics Conference Returns to San Diego
The Techno Security & Digital Forensics Conference returns to San Diego from October 27-29, 2025, at the Town & Country Resort, featuring over 70 sessions on digital forensics, cybersecurity, and eDiscovery. Event Director Jennifer Salvadori highlights the conference’s focus on AI-driven cybercrime, with keynote speaker Erin West presenting on Operation Shamrock’s efforts to combat transnational ‘pig butchering’ scams. Sessions will cover cutting-edge topics including AI-powered fraud detection, cryptocurrency forensics, child exploitation investigations, and OSINT tools. Forensic Focus members receive a 10% discount with promo code FOR25.
Machine Learning Model Detects File Timestamp Manipulation in Digital Forensics
Junghoon Oh proposes a machine learning approach to detect file timestamp manipulation in Windows systems for digital forensic investigations. Attackers often alter file timestamps to hide their traces from timeline analysis, but existing detection methods generate too many false positives to be practical. Oh’s methodology uses contextual and statistical features from NTFS journal data to train models that effectively identify timestamp manipulation while significantly reducing false positives compared to previous methods.
DFIR Expert Explains How to Investigate Malicious Windows Scheduled Tasks
Justin De Luna details how threat actors use Windows Scheduled Tasks for persistence, explaining that attackers often rely on traditional methods because they work effectively without wasting zero-day exploits. The analysis covers where to find scheduled tasks on Windows systems, including event logs and file locations, and demonstrates how to identify malicious tasks by examining their triggers, actions, and command lines. Key red flags include short repeating intervals, suspicious file locations, and tasks that execute from non-standard directories like C:\ProgramData\ or C:\Users\Public\.
Wellness Strategies to Retain Internet Crimes Against Children Investigators
Internet Crimes Against Children investigators face severe burnout from overwhelming caseloads, disturbing digital evidence and limited resources, threatening their mental health and agency retention rates. Debbie Garner outlines how law enforcement agencies can implement low-cost wellness programs including peer support, regular mental health check-ins, and technology tools that reduce exposure to traumatic content. Success can be measured through improved retention rates, reduced burnout, and increased use of mental health resources by investigators.
OSDFIR-Lab v20250822 Update Streamlines Digital Forensics Tool Deployment
A new version of OSDFIR-Lab has been released, making it easier to deploy digital forensics tools like Timesketch and OpenRelik in local Kubernetes environments. The update refactors the project to use Google’s upstream Helm chart while adding custom AI integration capabilities. Key improvements include streamlined deployment through Terraform toggles, automated GitHub Actions workflows, and enhanced Ollama integration for Timesketch.
