Internet of things (IoT) forensics and incident response: The good, the bad, and the unaddressed
As IoT devices become increasingly embedded in daily life, their role in digital forensics is expanding, providing critical evidence in criminal and civil cases. However, investigators face challenges in traditional evidence acquisition, device disassembly, and data preservation. This special issue presents cutting-edge research on IoT forensic investigations, covering forensic frameworks, blockchain integration, and mobile app analysis. Studies include a forensic investigation model for wireless IoT crime scenes, a literature review on blockchain-enhanced forensic processes, and an analysis of artifacts from the Zepp Life Android app. Despite progress, challenges remain in assessing evidence quality and conducting real-world case studies in critical infrastructure.
What’s your Recommendation? iOS Recommendation_v9.sqlite
A newly identified iOS database, recommendation_v9.sqlite, provides detailed logs of app foreground and background activity, offering valuable insights for forensic investigations. The author developed a Python script to parse this data into a timeline-format CSV, aiding analysis of device interactions, particularly in cases like vehicle crashes. Testing confirmed the database accurately records app transitions, though some anomalies exist, and it may be absent in newer iOS versions. Further research is needed on certain data fields, and efforts are underway to integrate the script into iLEAPP for broader forensic use.
Lexfo’s security blog – The business of forged documents: Investigation into a complex network
Document fraud is a widespread issue, with counterfeiters selling fake diplomas, identity papers, and financial documents across the clear and deep web. Using OSINT methodologies, researchers identified clusters of counterfeiters operating internationally, linking websites, phone numbers, and financial transactions to trace their networks. Investigations revealed that a relatively small number of actors manage extensive operations, leveraging search engine optimization, social media, and deceptive marketing tactics. While authorities can target these clusters for enforcement, combating fraud requires improved verification measures, including international databases, QR code authentication, and blockchain-secured certificates.
Tech TalkFCRF Excellence Awards 2025: Celebrating Women Pioneers in Cybersecurity and Cybercrime Prevention
The FutureCrime Summit 2025, held in New Delhi, honored women’s leadership in cybersecurity and cybercrime prevention through the FCRF Excellence Awards 2025. Recognizing outstanding contributions in cyber policing, digital forensics, cybersecurity entrepreneurship, forensic auditing, cyber law, education, and awareness, the event showcased the impact of women driving innovation and resilience in the field. Winners included experts from law enforcement, academia, industry, and global organizations, highlighting the growing influence of women in shaping a safer digital world. The summit also emphasized collaboration and diversity as essential to advancing cybersecurity.
Unfurl v2025.02 Released
Unfurl v2025.02 introduces new features, including parsing obfuscated IP addresses, enhanced Bluesky handle resolution, and performance improvements for bulk parsing. The update enables recognition of IP addresses in multiple formats—such as octal, hexadecimal, and integer representations—commonly used to obscure destinations. Additionally, Bluesky handles can now be resolved to their decentralized identifiers (DIDs) and checked against the plc.directory audit log for creation timestamps. The release also includes bug fixes and speed enhancements. Users can access Unfurl online or update via pip for the latest improvements.
New concentration in digital forensics will propel graduate students into a growing field
Virginia Commonwealth University is launching a digital forensics and incident response concentration within its Master of Science in forensic science program this fall. Developed in collaboration with federal, state, and private sector experts, the two-year program combines computer science coursework with forensic applications, emphasizing hands-on lab training and industry certifications. The curriculum aligns with FEPAC accreditation requirements and aims to meet the growing demand for qualified analysts in law enforcement and private sectors. With a focus on practical skills and research, the program prepares students for careers in digital forensics, addressing a critical industry need.
Confluence Exploit Leads to LockBit Ransomware
A LockBit ransomware attack exploited CVE-2023-22527 on a Windows Confluence server, achieving full network compromise in just two hours. The attackers used Metasploit, Mimikatz, and AnyDesk for persistence, leveraged RDP for lateral movement, and exfiltrated data via Rclone to MEGA.io. They deployed LockBit ransomware using PDQ Deploy and SMB shares, ensuring widespread encryption. The attack highlights the importance of patching, strong credential hygiene, and network segmentation to prevent similar intrusions. DFIR analysts offer a detailed breakdown, including indicators, detections, and mitigation strategies.
