A round-up of this week’s digital forensics news and views:
Digital Forensics Experts Analyze ‘Missing’ Epstein Surveillance Video
Two former FBI forensic examiners conducted an independent analysis of Jeffrey Epstein’s jail surveillance footage that appeared to have missing minutes. Their investigation reveals the timing discrepancies likely resulted from routine video processing rather than evidence tampering. The experts found three types of technical artifacts: a system reboot gap, edited content from the file’s beginning, and dropped frames during compression, accounting for all apparent missing time.
Digital Forensics And Stress: Understanding Your Body’s Signals
Dr. Zoe Billings and Mark Pannone discuss their innovative approach to managing stress in digital forensics through biological wellbeing education. Adapt & Evolve teaches investigators to recognize early physical warning signs of stress before mental health issues develop. They emphasize that chronic stress manifests physically through symptoms like lower back pain, high blood pressure, and digestive issues, which can be prevented through scientifically proven techniques.
Portable Forensics with Toby: A Raspberry Pi Toolkit
A digital forensics expert develops “Toby,” a portable forensic toolkit built around a Raspberry Pi Zero 2 W that fits in a travel organizer and can be operated headlessly from mobile devices. It runs Kali Linux with custom forensic tools including MalChela and a built-in tool finder called “toby-find” that serves as a searchable cheat sheet for available commands. The compact kit includes wireless connectivity, battery power options, and can perform malware analysis, memory forensics, and field acquisition tasks.
Read more (bakerstreetforensics.com)
Simson Garfinkel Receives Inaugural Test of Time Award at DFRWS
Simson Garfinkel receives the first-ever Test of Time Award at the 25th anniversary of DFRWS for his paper “Digital Forensics: The Next Ten Years,” which is the most cited paper in the conference’s history. The award recognizes Garfinkel’s foundational contributions to defining the field of digital forensics.
AI-Driven Open-Source Intelligence Transforms Digital Forensics for Cybercrime Investigation
Researchers explore how artificial intelligence can enhance open-source intelligence gathering in digital forensics to improve cybercrime investigations. The study examines AI’s potential to automate and streamline the collection and analysis of publicly available digital evidence. This approach could significantly accelerate forensic processes and help investigators identify patterns in cyber criminal activities more effectively.
SWGDE Releases Draft Technical Notes on Timing Advance Records
The Scientific Working Group on Digital Evidence has published a draft document titled “Technical Notes on the Use of Timing Advance Records (25-F-002-1.0)” for public review and comment. This draft represents the latest guidance from SWGDE’s forensics committee on the technical aspects and proper use of timing advance records in digital evidence analysis.
PDF Security Vulnerabilities Enable Document Tampering
Security researchers have discovered critical vulnerabilities in PDF document handling that allow attackers to tamper with documents without detection. The flaws affect how PDF viewers process and validate document integrity, potentially enabling malicious actors to modify contracts, financial documents, and other sensitive files. These vulnerabilities pose significant risks to organizations that rely on PDF documents for secure communications and record keeping.
Research Validates Foreground Application Data in AMD Usage Events
A new study examines the validity of foreground application data stored in AMD’s SQLite database usage events, with a focus on analyzing the accuracy and reliability of application usage tracking mechanisms. The findings contribute to better understanding of how application usage data is collected and stored in AMD systems.
Researchers Release Comprehensive IoT Forensics Dataset for Cyberattack Detection
Researchers from UNSW Canberra introduce IoT-CAD, a new digital forensics dataset designed to train AI systems for detecting and attributing cyberattacks in Internet of Things environments. The dataset captures traces from Windows and Linux systems across multiple sources including memory, hard drives, processes, and network traffic from various IoT devices. The team validates the dataset using machine learning, digital forensics, and explainable AI techniques, employing both centralized learning for attack detection and federated learning for attack attribution.
