A round-up of this week’s digital forensics news and views:
Police locked in long US legal process to access Southport killer’s online history
British police are struggling to access crucial online search data from Google and Microsoft in their investigation into Axel Rudakubana’s deadly attack on a Southport dance class. Rudakubana deleted his internet history shortly before killing three young girls and attempting to murder ten others, leaving detectives reliant on a lengthy US legal process to retrieve the data. Authorities fear it could take years due to bureaucratic hurdles, as the attack is not classified as terrorism. Meanwhile, the UK government is pressuring tech firms to remove extremist material that Rudakubana accessed, highlighting broader concerns over online radicalisation and the availability of violent content.
Solving crimes from data on computers and cell phones
Wayne County Sheriff’s Computer Forensics department, led by Sergeants Brian Pitt and Roger LaClair, plays a crucial role in extracting digital evidence from seized devices to aid criminal investigations. Their specialised training, provided by the U.S. Secret Service in Alabama, equips officers with the latest techniques and tools for analysing vast amounts of digital data, from photos and messages to GPS tracking. While sex crimes are a major focus, their work also supports cases involving traffic accidents, missing persons, and violent crimes. Despite challenges posed by encryption and social media access restrictions, their expertise is essential in modern policing, with agencies relying on advanced digital forensics to solve complex cases.
Read More (Times of Wayne County)
Review of legal rule on computer evidence long overdue, say Post Office scandal victims
The UK government has launched a long-overdue review of the legal presumption that computer systems operate correctly, a rule that enabled one of the country’s worst miscarriages of justice—the Post Office Horizon scandal. Nearly 1,000 subpostmasters were wrongly convicted based on flawed digital evidence from Fujitsu’s Horizon system, with many imprisoned, financially ruined, or driven to despair. Experts in IT and law argue that courts must abandon the outdated assumption that computer evidence is inherently reliable, advocating for stricter scrutiny of digital evidence. While campaigners welcome the review, they warn that any legal reforms must prevent future injustices without overburdening the justice system.
Inside The Minds Of CSAM Investigators With Prof. Patrick Brady
Professor Patrick Brady, a criminal justice and criminology professor at the University of Colorado Colorado Springs, joins the Forensic Focus Podcast to share his research on the mental health challenges faced by digital forensic investigators, particularly those handling child sexual abuse material (CSAM) cases. Drawing from personal experiences and years of study, Professor Brady delves into secondary traumatic stress, burnout, and compassion satisfaction, highlighting the profound impact this work has on investigators and their families.
The Duck Hunters Guide – Blog #3 – DuckDuckGo Open Tab Information (Android)
Damien Attoe explores forensic artifacts related to open tabs in the DuckDuckGo Android browser, detailing how tab information is stored in the app.db SQLite database and browser cache. Key findings include stored URLs, active tab identification, tab preview screenshots, and favicons, with data spread across different folders linked by unique tab IDs. Attoe provides SQL queries to extract tab-related evidence and explains how timestamps in filenames can be decoded. His research offers valuable insights into how forensic investigators can reconstruct browsing sessions, with a follow-up post planned to examine closed tabs and tab-clearing behaviours.
Read More (Digital Forensics With Damien)
Being a tool while using a tool
A recent forensic analysis of the Signal desktop client installer for Windows (v7.39) reveals a surprising flaw in tool-based analysis, demonstrating the need for deeper verification in DFIR investigations. The researcher discovered that Total Commander, a widely used file management tool, only displayed the first embedded archive within the installer, leading to a misleading interpretation of the extracted binary as an ARM file instead of the expected Intel version. Further investigation using NSIS script decompilation and manual file carving exposed the correct dual-architecture structure. The case highlights the importance of questioning tool outputs, employing multiple methods for verification, and understanding complex file formats to avoid misinterpretations in forensic analysis.
FBI Agents’ Call And Text Logs Potentially Stolen In Data Breach
The FBI is warning that a data breach at AT&T may have exposed months of agents’ call and text logs, potentially compromising confidential informants and ongoing investigations. The breach, which stemmed from unauthorized access to AT&T’s Snowflake cloud workspace, affected records from May to October 2022, with further exposure into early 2023. While call content was not accessed, metadata alone—detailing who contacted whom, when, and for how long—poses significant risks, as adversaries could use it to identify informants or map investigative networks. The case highlights the forensic value of call logs and the dangers of their misuse.
Lend Me Your Ears
A viral image of Donald Trump’s supposed official portrait has been widely circulated, but forensic analysis reveals it to be heavily altered, if not entirely fabricated. Using Error Level Analysis and other digital forensics techniques, experts identified inconsistencies such as mismatched focal depth, selective sharpening, and composite elements, suggesting Trump’s head was pasted onto another body. The image first appeared on Twitter/X before being adopted by Trump’s campaign website, raising further doubts about its authenticity. The case highlights the growing challenge of verifying digital media in an era where misinformation can spread unchecked due to reduced fact-checking on social platforms.
