A round-up of this week’s digital forensics news and views:
Forensics Europe Expo 2025 Returns to London with Focus on Digital Innovation
Forensics Europe Expo 2025 takes place on June 18-19 at Olympia London, co-located for the first time with The Blue Light Show. The event highlights cutting-edge developments in digital forensics, featuring sessions on AI-driven investigations, laser scanning, voice data analysis, and multimedia evidence integrity. World-class speakers from academia, law enforcement, and industry will present across multiple specialized tracks, with over 100 companies exhibiting the latest forensic technologies.
SWGDE Releases Best Practices for IoT Device Seizure and Analysis
The Scientific Working Group on Digital Evidence (SWGDE) has released guidelines for the seizure and analysis of Internet of Things devices. The document covers identification of diverse IoT devices, preservation of volatile data, and effective analysis strategies to extract meaningful insights from complex IoT data formats.
New Forensics Model Protects Smart Agriculture Systems
A digital forensics and incident response management model (DFIRMM) has been developed to protect Internet of Things (IoT) systems used in agriculture. The model addresses unique security challenges in smart farming through four phases: pre-incident preparation, incident detection, post-incident response, and forensic investigation. Researchers demonstrated its effectiveness through a case study of MQTT-enabled agricultural networks under DoS/DDoS attacks.
Arsenic Triage Tool Released for Consent-Based Mobile Investigations
A new free forensic tool called Arsenic is now available for investigators requiring quick results from iOS devices. The software combines extraction and analysis capabilities, working on both Windows and Apple Silicon systems to efficiently extract data from unlocked phones through iTunes backups and unified logs collection. Arsenic offers targeted analysis of specific files and innovative features like retrieving photos based on AI-classified content categories.
Read more (northloopconsulting.com)
New iOS Unified Logs Parser Tool Released
A new forensic tool has been released for parsing iOS unified logs. The tool allows investigators to convert iOS logarchive files into searchable databases, drastically reducing investigation time. It includes features like date range filtering, custom parsing rules, and automatic categorization of logs into labeled activities such as battery usage, screen brightness changes, and device lock/unlock events. The tool runs on macOS and generates a comprehensive forensic report to verify data integrity.
Read more (ios-unifiedlogs.com)
Flashlight Usage Artifacts in Apple’s Unified Logs
Apple’s Unified Logs contain detailed artifacts about flashlight usage on iPhones, including brightness levels and how the flashlight was accessed. The logs indicate five different brightness levels ranging from 0 (off) to 1 (highest), and record when users toggle the flashlight via Control Center. These artifacts can provide valuable context for digital forensic investigations by confirming device usage during specific timeframes.
Read more (charpy4n6.blogspot.com)
Inside Interpol’s High-Tech Innovation Lab in Singapore
Interpol’s Singapore innovation center serves as a hub where law enforcement officers develop techniques to counter sophisticated criminal strategies. The facility houses advanced technology including underwater drones, digital forensics tools, and robotic K9s to help police stay ahead in the technological arms race against organized crime. In recent years, AI has transformed criminal activities, with the lab now focusing on combating deepfake romance scams, sextortion, and advanced cyber threats.
Extracting and Analyzing Apple Unified Logs from iOS Devices for Digital Forensics
Apple Unified Logs provide detailed pattern-of-life information on iOS devices, capturing data on device orientation, screen locks, app usage, and more. These logs can be extracted by connecting the device to a Mac and using terminal commands, employing third-party tools, or pulling files from a full system extraction. For analysis, logs should be converted to JSON format on a Mac before using iLEAPP to create a SQLite database that can be queried with DB Browser for SQLite.
Read more (abrignoni.blogspot.com)
Velociraptor Tool Enables Dead-Disk Forensics for Windows Systems
Velociraptor allows investigators to perform forensic analysis on acquired disk images by emulating a live client. The tool supports various disk formats including EWF, VMDK, VHDX, and raw formats. After creating a remapping configuration file and launching Velociraptor with this config, investigators can interact with the disk image as if it were a live system, running hunts and examining the file system through the familiar interface.
