A round-up of this week’s digital forensics news and views:
New Threema Parser Added To ILEAPP
A new Threema parser for iLEAPP is now available, aiming to help examiners extract and interpret artifacts from the privacy-focused chat app. Built with shared test data, the parser supports iOS forensic workflows where Threema evidence may be in scope. Interest in Threema appears to be rising in Australia, which could increase its relevance in investigations.
Oxygen Forensic KeyScout – Keys To The Kingdom: Part 1
Keith Lockhart walks investigators through the power of Oxygen Forensic KeyScout, showing how the portable tool can be deployed from an OTG device to triage live systems, external drives and forensic images without a licence, using highly customisable profiles to collect application data, system artefacts, passwords, tokens, memory and targeted files. Through live demonstrations, he highlights how profiles can combine search paths, exclusion rules, hash sets and decryption passwords to surface high-value evidence quickly, before exporting Oxygen Desktop Backups for full analysis in Detective, positioning KeyScout as a fast, flexible frontline collection tool for modern DFIR workflows.
Samplepedia Launches Malware Sample Sharing Hub For Beginners
A new site called Samplepedia aims to make it easier to find beginner-friendly malware samples for learning and training. Users can share samples and analysis solutions, and browse by tags and difficulty to reduce trial-and-error when building lab exercises. Blog authors are encouraged to link their analyses alongside the samples to help others learn faster.
SYTECH Publishes a Whitepaper to Drive National Change – A Strategic Call for Consistency and Sustainability in CSAM Digital Forensics
A new whitepaper warns that the UK’s digital forensic response to child sexual abuse material is buckling under rising volumes, inconsistent practice and the rapid spread of AI-generated imagery. Workshop participants describe a fragmented system in which DFUs are forced into safeguarding and categorisation roles without national frameworks, creating legal risk, regional disparity and severe workforce strain. The paper calls for urgent national reform, including modernised legislation, coherent triage and categorisation standards, and specialist teams to protect both victims and practitioners.
Read more (sytech-consultants.com)
Forensic Focus and Northumbria University Launch International Well-Being Study for Digital Forensic Investigators
Forensic Focus, in partnership with Northumbria University, launches the International Well-Being Study to examine how trauma, resilience, coping styles and workplace factors affect the mental and physical health of digital forensics professionals. The anonymous 30-minute online survey invites current and former DFIs and those working in digital-forensic environments to share their experiences, forming the first phase of a wider research programme aimed at improving support systems, supervision and organisational wellbeing across the profession.
RabbitHole Promotes Free Trial With SQLite Deleted-Data Recovery
CCL Solutions Group is offering a free trial of its RabbitHole data viewer aimed at digital forensics analysts. Users can recover deleted data from SQLite databases and then explore, query, and report on it as if it were live. The offer targets investigators who routinely encounter app and system artifacts stored in SQLite.
Read more (cclsolutionsgroup.com)
Exponent Faces For X-Ways Gains Reliable Face Matching After Engine Update
A practitioner’s long-running test of API Forensics’ Exponent Faces X-Tension for X-Ways Forensics tracks face extraction and matching from early 1.x builds through Exponent 2.2, including repeatable datasets and parameter changes. Side-by-side results with X-Ways’ Excire highlight early matching failures, later improvements after a recognition-engine update, and the impact of tuning settings like false acceptance rate. Practical takeaways include how Exponent Faces’ frame/clip extraction and labeling can feed an efficient review workflow, and how vendor feedback helped drive measurable tool improvements.
First Forensic Forum (F3) Analyst’s Annual Workshops 2025
First Forensic Forum (F3) 2025 brought the digital forensics community to Chesford Grange for three days of practical learning, live tool demonstrations and real-world case studies. Talks and demos covered CSAM automation, mobile RAM acquisition, BitLocker and browser artefacts, AI ethics, Linux and email forensics, cryptocurrency seizures, virtualised mobile testing, ChatGPT artefacts and the growing threat of deepfakes, offering a clear picture of how the profession is evolving to meet increasingly complex investigations.
Survey Seeks Input On SOP Best Practices For Forensic And DFIR Work
A survey is collecting feedback on how practitioners find and define best practice for writing standard operating procedures and work instructions. Input from any industry is requested, with responses kept confidential and no SOP details required. The post highlights relevance to forensic and DFIR environments through references to ISO 17025 and ISO 27037/27041 and related standards frameworks.
