A round-up of this week’s digital forensics news and views:
Agentic Browsers, Intent, and the Coming DFIR Pivot
Brett Shavers argues that agentic browsers are turning one vague prompt into hours of autonomous intrusion, raising the prospect of AI-driven felonies committed while the human sleeps. This breaks traditional intent models and muddies who gets indicted—prompt writer, platform, or no one under Section 230 shields—while initial-access brokers swap teams for a subscription. For DFIR, the battleground moves to live memory and browser artifacts, with early signals like mass tab orchestration hitting breach forums, and investigators’ human judgment becomes the key to tying acts to actors.
Global Experts Renew Malware Evidence Claims in Bhima Koregaon Case
Global digital forensics experts are renewing warnings that key ‘evidence’ in the Bhima Koregaon prosecutions was planted via malware, citing years of independent analyses and noting that officials’ and media materials appear to show the same artifacts. That contention cuts to the core of chain-of-custody and integrity, as investigators are urged to examine logs, implants, and delivery vectors consistent with targeted intrusion rather than user activity. In a fresh appeal, experts say the technical record should now drive legal accountability and case review, while the community weighs the precedent this sets for handling contested digital exhibits.
Chip-ID Framework Launches to Aid Flash Memory Identification
Digital forensics analyst Katelyn Rogers has launched a Chip-ID Framework to help investigators identify flash memory chips using visible characteristics when markings are incomplete or misleading. Built with guidance from Justin Nordine and inspired by OSINT Framework, the site lets users filter by physical cues and aims to link directly to make/model datasheets for pinouts. Rogers is inviting community feedback to refine accuracy—promising a handy reference for chip-off and embedded device work.
Read more (proudyoungone.github.io)
Inside FTK Imager Pro: Vendor-Neutral Forensics, Smarter AI, And Exterro’s Forensic Vision
Justin Tolman from Exterro joins the Forensic Focus Podcast to talk about the future of FTK and the role FTK Imager still plays in everyday casework. He explains why the original free version remains available, and what prompted the introduction of Imager Pro with added capabilities like BitLocker decryption and iOS collections. Justin also reflects on his time in law enforcement and training, and why the investigative side of the work still holds a strong pull.
Germany Backs Kenya’s DCI With Modern Digital Forensics Gear
Kenya’s Directorate of Criminal Investigations has received a suite of modern digital forensics tools from Germany via AFRIPOL and the German Federal Police, a move officials say will speed up, sharpen, and scale cybercrime investigations. As part of a German‑funded Digital Forensics Project, DCI’s Cyber and Digital Forensics Laboratory has been designated the Eastern Africa regional center of excellence—raising the stakes for evidence handling, lab workflows, and cross‑border case support. In a parallel push on transnational threats, a UNODC- and US-backed workshop in Nairobi focused on system analysis of criminal networks trafficking WMD-related materials and dual‑use goods, signaling deeper regional intelligence coordination.
ITASEC26 Digital Forensics Workshop Calls for Practical, AI-Focused Papers
With just days left before the 5 December deadline, Luca Cadonici, alongside co-organizers Silvia Lucia Sanna and Sebastiano Battiato, is calling for practical, case-driven papers for the Digital Forensics Workshop at ITASEC26 in Cagliari on 9 February 2026. Set within the ITASEC26+SERICS joint cybersecurity conference, the program targets tool limitations across mobile, memory, cloud and IoT, while zeroing in on AI-driven challenges from deepfake forensics to investigation-supporting models and courtroom admissibility. Notably, already published works are welcome, signaling an open door for practitioners to surface hard-won lessons and methodologies that labs and law enforcement can put to immediate use.
Final Call: Will Docken Scholarship for Small Agency Examiners
Applications for the Will Docken Scholarship are due November 30. It fully funds the 2026 IACIS BCFE training in Orlando, covers lodging, provides a complete equipment kit, adds a 12-month Arsenal Recon subscription, and includes entry into the CFCE program. Eligibility targets government examiners in small city, county, or state agencies with two or fewer digital forensic examiners, while sponsors—including Digital Intelligence, SUMURI, Arsenal Recon, and Debbie Plamondon—underscore community backing for workforce development.
Techno Security West Returns to San Diego
Back in San Diego after three years away, Techno Security West drew participants from 28 states and 15 countries—170 of them first‑timers—as the Town and Country Resort kept networking buzzing well past session hours. Erin West’s keynote spotlighted the rise of “pig‑butchering” scams run by transnational crime networks, underscoring the investigative and regulatory hurdles they create for law enforcement and financial institutions. Across 62 sessions led by 67 experts, attendees dug into cryptocurrency tracing, media authentication, mobile forensics and AI, while a lively expo from names like Cellebrite, Magnet and MSAB signaled where tools are heading ahead of Techno East in June and Techno West’s 2026 return.
