A round-up of this week’s digital forensics news and views:
Registration Opens For SANS DFIR Summit
Registration opens for the SANS DFIR Summit in Arlington, Virginia, with online access to select content. Attendees can explore open-source forensic tools, new DFIR research, and case studies from practitioners. Summit runs Oct 15–16, followed by training Oct 17–22.
Volatility 3 Releases Version 2.27.0
Volatility 3 v2.27.0 is now available, updating a widely used memory forensics framework for incident response and malware investigations. Release notes and download links are posted via the project page. Practitioners should review changes before updating workflows and plugins.
How To Master Triage For Your Forensic Investigations
ADF Solutions outlines how digital triage has moved beyond simple yes/no decisions in forensic work. Four approaches—show-me, early case assessment, critical incident, and intelligent triage—aim to speed device prioritization and reduce lab load. The piece highlights using customizable searches, hashes, and previews to support on-scene decisions.
Tony Blair Institute Urges UK-Wide Facial Recognition And National Digital Forensics Agency
A Tony Blair Institute commentary urges UK-wide live facial recognition and a single national police force. It also calls for a national digital forensics agency, arguing capacity varies across forces as digital evidence underpins most investigations—an overhaul DFIR teams would feel in tooling, triage, and governance.
Acquirepi For Raspberry Pi Evidence Acquisition Goes Live
Acquirepi is now live after final bug fixes, offering a renamed continuation of the 4n6pi project. Renaming follows trademark considerations, and users are encouraged to report problems by opening GitHub issues.
Making The Case For Continuous Digital Forensics Training
A new blog outlines how examiners can frame digital forensics training as a business need. It argues training supports FRE 702 defensibility, reduces single points of failure, and helps catch tool errors through manual validation before court exposure. The post targets budgeting conversations with agency leadership.
Technique Reconstructs Vehicle Movement Without Geotagged Data
A new walkthrough shows how non-geotagged vehicle data can still reveal prior locations. It combines reachability analysis with open-source tools to reconstruct vehicle movement when traditional geolocation is unavailable. A companion video is also available for practitioners.
Macos-Collector v1.4.0 Adds New macOS Triage Collections
macos-collector v1.4.0 updates Objective-See’s KnockKnock and adds new collections. DFIR teams can now capture system information and recent items more easily. Update supports faster macOS triage and threat hunting.
Why DFIR Report Wording Can Sink Your Testimony
A DFIR examiner recounts how one attribution-leaning sentence in a report derailed trial testimony and shifted focus from evidence to wording. He warns attorneys may not catch technical overreach, and sloppy phrasing can imply sloppy work. Guidance stresses staying in lane: technical identification versus investigative attribution, leaving legal attribution to adjudicators.
