A round-up of this week’s digital forensics news and views:
Magnet Forensics Launches Cloud Processing for Digital Investigations
Magnet Forensics introduces Magnet One Process, a cloud-based processing engine for digital investigations, alongside Mobile Case Stream that delivers real-time mobile evidence to investigative teams. The platform combines case management, secure storage, and review capabilities, reducing time-to-evidence from weeks to minutes. The new features are currently in beta and will be widely available later in 2025.
SWGDE Releases Guide on Digital Image Compression and File Formats
The Scientific Working Group on Digital Evidence (SWGDE) has published a comprehensive guide on digital image compression and file formats. The resource helps forensic professionals understand compression techniques, navigate various file types, and maintain evidence integrity through solid technical knowledge of digital images.
Inside the Challenging World of Police Victim Identification
Scotland’s victim identification officers work tirelessly examining disturbing images to identify child abuse victims. Detective Constable David Murray and his team now identify nearly 400 victims annually, 90% from Scotland, compared to 25-30 victims four years ago. Despite the emotional toll, officers find purpose in safeguarding children from further harm through their work identifying victims from seized devices.
TOEX Launches New Digital Investigation Tool for Phone Data Analysis
The Tackling Organised Exploitation Programme announces the launch of TOEX DART, a new Data Analysis & Review Tool designed to help investigators process large volumes of digital phone data. The application enables quick upload of phone extractions and provides high-level summaries to identify patterns and connections, becoming the seventh tool in the TOEX Capabilities Environment.
Read more (toexprogramme.co.uk)
Inside Cyberly: A Fictional City for Digital Forensics Education
Cyberly is an innovative fictional city created by Sherfox Labs to teach digital forensics in a safe, engaging environment. Complete with its own infrastructure, characters, and smart technology, this imaginary world allows students to practice investigative skills without the ethical concerns of using real cases. The city features organizations like the B.Y.T.E. Detective Agency and Villainous Ventures Inc., creating a rich context for students to develop practical skills while maintaining an element of humor.
Read more (blog.sarahmorris.prof)
Shift from Deepfake Detection to Media Authentication Needed
Forensic video analyst Brandon Epstein argues that algorithmic deepfake detection tools for online media consistently fail in real-world conditions. According to the TRIED benchmark report, these detection methods are unreliable due to re-encoding issues, poor media quality, and frequent ‘undetermined’ results. Epstein advocates shifting from deepfake detection to media authentication, where content creators provide original media and provenance claims for expert verification.
LogTap: A Browser-Based Swiss Army Knife for Log Analysis
LogTap offers a comprehensive browser-based solution for security log analysis without requiring server uploads or software installation. The tool features on-the-fly data shaping, a powerful scanning engine that uses SuperSQL queries and regular expressions, timeline visualization for event frequency analysis, and graphical mapping of lateral movement. Running entirely client-side through WebAssembly, LogTap enables security analysts to efficiently process sensitive log data, particularly in restrictive SOC environments.
Digital Forensic Analysis of AI Companion Chatbots: The PolyBuzz Case
Investigators at CCL examine how AI companion chatbots like PolyBuzz store data on Android devices. The analysis reveals that these apps use WebView and Volley technologies to cache conversations, character images, and API responses. These cached artifacts provide valuable forensic evidence about user interactions, including prompts used to generate AI characters and conversation fragments.
Read more (cclsolutionsgroup.com)
The Forensic Power Behind Fuji: Exploring macOS Native Commands
Fuji, an open-source forensic tool by Andrea Lazzarotto, enables logical data acquisition from Macs using three native macOS utilities. The tool provides ASR (Apple System Restore) for volume collection, Rsync for directory collection, and Sysdiagnose for system data and Unified Logs that are converted to an SQLite database. Fuji’s user-friendly interface helps examiners avoid common mistakes during data collection while preserving metadata and Apple Extended Attributes.
