A round-up of this week’s digital forensics news and views:
Evaluating the scope of peer review in digital Forensics: Insights from Norway and the U.K.
New research on digital forensics peer review practices reveals significant gaps in Norway and the UK. A survey of 113 practitioners finds most reviews only examine final reports rather than verifying methodologies. Using the Peer Review Hierarchy framework, researchers identify that both countries focus on lower-level reviews that may miss critical errors. While practitioners acknowledge peer review’s importance for evidence integrity, resource constraints and systemic challenges prevent more thorough verification processes.
iPhone Maker Cracks Down on Law Enforcement Hacking
Apple releases a security patch targeting a USB Restricted Mode vulnerability that could disable iPhone protections. The update highlights tensions between device manufacturers and digital forensics companies like Magnet Forensics and Cellebrite, who develop USB hacking tools for law enforcement. While these companies cite legitimate investigative uses, Apple views such capabilities as security threats. The issue gained attention after researcher Bill Marczak identified the vulnerability, which Apple says was exploited in sophisticated targeted attacks. Meanwhile, Meta pursues legal action against spyware firms, with recent victories against NSO Group and ongoing cases against Paragon Solutions.
DFIR In 2025 – AI, Smart Devices And Investigator Well-Being
A wide-ranging discussion between digital forensics experts Si and Desi covers key trends for 2025, including AI’s impact on image authenticity and privacy concerns with smart devices. The conversation highlights growing challenges in verifying digital content, with deepfakes becoming increasingly sophisticated and watermarking emerging as a potential solution. They also explore mental health challenges in the post-COVID era, particularly focusing on isolation issues in remote work environments and the digital forensics field.
Samsung’s Image Authenticity Approach is Backward and It’s AI’s Fault
Samsung’s Galaxy S25 series implements C2PA content authenticity standards only for AI-generated images, not for unedited photos, drawing criticism for a backward approach. While responding to public demand for AI image identification, experts argue the more valuable implementation would be authenticating real, unedited photos through C2PA metadata tags, making untagged images automatically suspect. This limited implementation potentially undermines the system’s effectiveness as removing AI image tags becomes incentivized.
PDF Problems as FotoForensics Turns 13
The Hacker Factor Blog celebrates FotoForensics’ 13th anniversary with a deep dive into PDF forensics challenges. The post explains how PDF’s complex structure – including inconsistent metadata, variable text encoding, and diverse image storage methods – makes forensic analysis unreliable since visible content often differs from underlying file data. The author details technical aspects of PDF object structures and font mapping that complicate digital investigation.
Read More (The Hacker Factor Blog)
Selling Your Car? Criminals Could Use Your Data To Find Your Home
A digital forensics expert warns that modern vehicles store extensive personal data through their infotainment systems, with Privacy4Cars finding 80% of used cars still contain previous owners’ information. The article outlines how stored navigation history, contact lists, and login credentials pose security risks and provides step-by-step guidance for properly erasing personal data before selling a vehicle.
Think You Don’t Need WinFE? Wait Until You Do.
WinFE (Windows Forensic Environment), whose build instructions were developed by Troy Larson in 2008, remains relevant for digital forensics despite technological advances. Arsenal Recon has enhanced WinFE’s capabilities, allowing investigators to remotely boot evidence computers and access virtualized operating systems. A new version by Colin Ramsden is upcoming.
Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances
New multi-agency guidance outlines minimum forensic visibility requirements for network devices, developed by cybersecurity organizations from the UK, US, Australia, Canada, and New Zealand. The document details essential logging and data collection capabilities needed to detect and investigate network compromises.
