A round-up of this week’s digital forensics news and views:
Volatility 3 Releases Latest Updates and New Features
Volatility Foundation releases version 2.26.2 of their popular memory forensics framework, moving malware-specific plugins under a dedicated malware category structure. The reorganization affects plugins like linux.check_afinfo which becomes linux.malware.check_afinfo, while old plugin names remain functional but deprecated. The update introduces a new windows.etwpatch plugin and adds breakpoint support to volshell for enhanced debugging capabilities.
Former Georgia Bureau of Investigation Commander Shares Insights on Child Exploitation Unit Leadership
Debbie Garner, who spent 30 years in law enforcement including eight years leading Georgia’s Child Exploitation and Computer Crimes Unit, discusses her experience combating child exploitation and developing wellness programs for investigators. During her tenure as commander of Georgia’s Internet Crimes Against Children Task Force, Garner implemented innovative mental health initiatives to address the unique stressors faced by investigators examining child sexual abuse material. She emphasizes that the overwhelming workload and knowledge of unexamined cases was often more stressful for investigators than viewing the disturbing content itself.
iOS Device Data Extraction: A Comprehensive Forensic Guide
Digital forensics expert Mattia Epifani details the various types of data extraction possible from iOS devices, examining how Apple’s Data Protection technology and device states affect what information investigators can access. Apple’s security system uses four protection classes (A-D) that determine data availability based on whether a device is in BFU (Before First Unlock) or AFU (After First Unlock) mode and whether the passcode is known. Different extraction methods yield varying levels of access, from limited BFU acquisitions that only reveal basic device information to Full File System extractions that provide complete access to user data and encrypted keychain contents.
Read more (blog.digital-forensics.it)
Devon Leads National Drive to Boost Digital Forensics Workforce
Devon takes the lead in addressing a nationwide shortage of digital forensic officers as technology becomes increasingly central to modern policing. Last year, Devon & Cornwall Police’s Digital Forensics Unit examined over 3,000 digital devices containing more than two petabytes of data linked to investigations ranging from drug offences to terrorism. Plymouth Marjon University has launched a new Forensic Investigation degree to prepare students for careers in digital forensics, featuring hands-on training in crime scene houses and laboratories. Police and Crime Commissioner Alison Hernandez emphasizes that digital evidence plays a significant role in most police investigations and is vital for arresting offenders and delivering justice to victims.
Read more (themoorlander.co.uk)
SWGDE Publishes Fresh Batch of Digital Evidence Standards
The Scientific Working Group on Digital Evidence (SWGDE) maintains a comprehensive archive of finalized forensic standards and best practices for digital and multimedia evidence analysis. Published documents cover areas including computer forensics, mobile device examination, video analysis, audio authentication, and photographic evidence collection. All documents undergo formal comment periods and are considered living documents subject to periodic updates when substantive changes are needed.
Arsenic v2.0 Released by North Loop Consulting
North Loop Consulting announces the release of Arsenic v2.0, a new version of their mobile device triage tool. The company specializes in digital forensics products and training services. Details about the specific features and improvements in this version will be made available soon.
Read more (northloopconsulting.com)
Digital Forensics Expert Shares Journey from Data Recovery to Mobile Investigation
Matthew Plascencia, a Digital Forensic Investigator at Exhibit A Cyber and recent Cal Poly Pomona graduate, traces his career path from early data recovery experiences to leading mobile forensics research. Plascencia emphasizes the importance of iOS investigations given Apple’s market dominance and recommends free tools like Magnet Acquire and UFADE for acquisition, plus LEAPPs for analysis. He advocates for hands-on projects, CTF competitions, and public learning through documentation to build forensic skills, while sharing insights through his Substack and YouTube channel.
WithSecure Labs Releases Kanvas DFIR Case Management Tool
WithSecure Labs has released Kanvas, a digital forensics and incident response case management tool designed to provide investigators with a unified workspace. The platform integrates multiple workflows including automated timeline building, lateral movement visualization, MITRE ATT&CK mapping, and threat intelligence lookups. Features include LLM assistance for investigations, VERIS incident reporting, markdown documentation, and STIX 2.0 export capabilities for sharing indicators of compromise.
Researchers Develop AI-Driven Digital Forensics Analysis System
Researchers have developed AGAFA (Automated Generative AI-Driven Forensic Analysis), a new approach to digital forensics that combines artificial intelligence with explainable neuro-symbolic methods. The system aims to automate forensic analysis while providing transparent reasoning for its conclusions. This advancement could significantly improve the efficiency and reliability of digital investigations by leveraging AI capabilities while maintaining the explainability required in legal contexts.
