Digital Forensics Round-Up, October 23 2024

A round-up of this week’s digital forensics news and views:


Google To Stop Giving Location Evidence To Law Enforcement

Google has announced a significant shift in how it handles location data, moving it from its Sensorvault database to users’ devices, effectively making it harder for law enforcement to access this information through geofence warrants. Geofence warrants, which allow authorities to collect data on all devices in a certain area during a specific timeframe, have raised privacy concerns due to their broad nature. This change means law enforcement must now identify specific devices and gain direct access to them, either through consent or physical possession, in order to retrieve location data. This move is seen as a response to growing concerns over user privacy and surveillance.

Read More (Forbes)


AI-generated child sexual abuse imagery reaching ‘tipping point’, says watchdog

The Internet Watch Foundation (IWF) warns that AI-generated child sexual abuse imagery is becoming more prevalent and sophisticated on the open web, reaching a “tipping point” where authorities struggle to distinguish between real and AI-made content. The IWF reports a significant rise in AI-generated material, with 74 instances in six months compared to 70 in the previous year, much of it hosted in Russia and the US. Meanwhile, Instagram introduces new measures to combat sextortion, including blurring nude images in messages and enhancing protections for teenagers.

Read More (The Guardian)


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.



Detego Global Announces 2025 Sponsorship Of The South Wales Police And Falcons Rugby Teams

Detego Global continues its sponsorship of the South Wales Police and Falcons Rugby teams for the second year, aligning its commitment to digital forensics and law enforcement with the teams’ excellence on the pitch. The partnership highlights the company’s dedication to community support, with the Detego Global logo prominently featured on team jerseys. Detego also extends its support through discounted training and software for law enforcement officers involved in digital forensics, while strengthening its ties with the 4 Nations Police Rugby Cup as part of its corporate social responsibility initiatives.

Read More (Forensic Focus)


Unraveling the clues: RDP artifacts in incident response 

RDP artifacts provide crucial insights during incident response investigations, offering details such as usernames, IP addresses, and timestamps from Windows event logs, registry entries, and file system artifacts. These artifacts are invaluable for tracing unauthorized access, reconstructing session activities, and identifying potential data exfiltration in remote desktop sessions. By analyzing logs and other key system data, investigators can uncover evidence of intrusions and implement stronger security measures, as demonstrated in a case where compromised credentials led to a breach through RDP.

Read More (Magnet Forensics)


Forensic analysis of bitwarden self-hosted server

Bitwarden, a popular open-source password manager, offers self-hosting capabilities, making it an appealing target for attackers. This article explores forensic analysis of Bitwarden’s self-hosted servers, focusing on data that attackers could access if they breach the server, such as user information, encrypted vaults, and event logs. By understanding how Bitwarden stores and protects data, and analyzing key forensic artifacts like the MSSQL database and event logs, investigators can effectively track malicious activity, mitigate breaches, and protect sensitive information.

Read More (SynAcktiv)


Capability Access Manager Forensics in Windows 11

Windows 11 now retains information from Capability Access Manager registry keys in a SQLite 3 database, storing up to a month’s worth of data on applications’ access to the camera, microphone, and location. This new artifact, found in the CapabilityAccessManager.db file, offers forensic investigators a more detailed and historical record of access events compared to the registry, which only logs the most recent access. By analyzing this database, investigators can gain deeper insights into an application’s access history, enhancing digital forensics capabilities.

Read More (Medium)

Leave a Comment