A round-up of this week’s digital forensics news and views:
Podcast: Hexordia’s Jessica Hyde: Navigating The Future Of Digital Forensics
Jessica Hyde, now with Hexordia, reflects on her transition from Marine Corps avionics to digital forensics on the Forensic Focus Podcast. She highlights how military skills like documentation and troubleshooting apply to forensic work and shares insights on IoT challenges, timely data acquisition, and AI’s role. Jessica discusses her teaching at George Mason University and how interdisciplinary teams improve outcomes. She also underscores the importance of maintaining perspective in tough cases and adapting to evolving legal-technical landscapes.
Big Update – Forensic Timeliner v2.010.0 (C# Edition) is live
Forensic Timeliner v2.010.0 (C# Edition) launches with a major rewrite in .NET 9, offering DFIR investigators a faster, more maintainable tool for timeline analysis. It consolidates CSV output from sources like KAPE, Chainsaw, Hayabusa, and Axiom, now supporting YAML-based artifact definitions, Timeline Explorer compatibility, keyword tagging, and session file generation. The update enhances performance and workflow integration for Windows users.
iOS Unified Logs: The Myth of 30 Days Retention – Analysis of TTLs and log stats Command
A deep dive into Apple’s log stats command reveals its overlooked forensic potential, especially in analyzing iOS Unified Logs. Lionel Notari uncovers how TTL (Time To Live) values, often misunderstood or undocumented, significantly affect log retention—most logs (over 70%) have a TTL of 0, meaning they may vanish within days. It also exposes inconsistencies in Apple’s statistical summaries and shows how predicates can unlock deeper insights into logs by process, sender, or TTL. The message is clear: timely log extraction is critical, and log stats deserves a central role in forensic workflows.
Read More (iOS – Unified Logs | Lionel Notari)
Digital forensics examiner testifies to timing of Google search at Karen Read murder trial
Day 11 of the Karen Read murder trial centers on a key Google search found on the phone of her friend, Jennifer McCabe. Forensics expert Jessica Hyde testified the “how long to die in cold” search occurred at 6:24 a.m., not at the earlier timestamp shown in metadata. Trooper Connor Keefe also took the stand, identifying John O’Keefe’s sneaker found at the scene. The trial continues to pit prosecution claims that Read struck O’Keefe with her SUV against a defense alleging a police cover-up.
How To Tell If A Digital Forensics Expert Is Qualified
As digital evidence becomes central to legal and corporate investigations, determining a digital forensics expert’s qualifications is more complex than checking for a license—since no universal licensing exists. Instead, attorneys must assess a combination of education, certifications, real-world experience, and sub-discipline relevance. Vendor-neutral and vendor-specific certifications signal competence, but practical experience, testimony skills, and methodological rigor are crucial. The most qualified experts show specialization, stay current through ongoing learning, and can clearly explain both findings and limitations in court.
Read More (Lars Daniel, Forbes)
Best Practices for Data Acquisition from Digital Video Recorders Draft – SWGDE
The Scientific Working Group on Digital Evidence (SWGDE) has released a draft of its updated guidance on best practices for acquiring evidence from digital video recorders (DVRs). Version 1.4 outlines recommended procedures for capturing native or proprietary video data while preserving evidentiary integrity. It addresses various DVR types, legal considerations, documentation requirements, and essential equipment. Emphasizing timely acquisition, the document highlights risks like metadata loss and the need for specialized tools to avoid evidence degradation.
Legal and Scientific Support Related to the Admissability of Image Examinations Draft – SWGDE
SWGDE’s draft document Legal and Scientific Support Related to the Admissibility of Image Examinations provides forensic image analysts with a comprehensive framework to navigate courtroom challenges. It outlines relevant legal standards—including Frye, Daubert, and FRE 702—and details how image analysis techniques like enhancement, authentication, and comparison can meet admissibility criteria. The document also offers academic and legal references to support expert testimony and underscores the importance of training, certification, and methodological transparency when presenting forensic image evidence in court.
Your Mood Is Murdering Your DF/IR Investigation and You Don’t Even Know It
In his latest article, Brett Shavers argues that a digital forensic examiner’s mental state is just as crucial as their technical skills. Fatigue, distraction, and emotional stress can lead to missed evidence or biased analysis, while clarity and motivation improve accuracy and depth. He warns that poor headspace could undermine findings in court and calls for self-awareness and routines that support cognitive performance. Shavers previews an upcoming flash sale for his DF/IR Investigative Mindset course, designed to help professionals optimize their mental edge.
My Two Years Reporting On Big Tech’s Hidden Scandal
An investigation by The Bureau of Investigative Journalism reveals the traumatic toll content moderation takes on workers tasked with reviewing the internet’s most disturbing material. Moderators employed by Big Tech firms—often through outsourcing companies—face poor pay, high targets, job insecurity, and long-term mental health issues such as PTSD and depression. Despite tech giants like Meta and TikTok making billions in profit, support for moderators remains patchy and inconsistent. While legal and union efforts grow, systemic outsourcing shields companies from real accountability, even as the human cost of moderation continues to rise.
