A round-up of this week’s digital forensics news and views:
Hoover Breaks Ground on $22M National Computer Forensics Institute Expansion
Hoover officials joined federal and state leaders to break ground on a $22 million expansion of the National Computer Forensics Institute at the city’s Public Safety Center. The project will add nearly 37,000 square feet to the existing facility, including new classrooms, a 250-seat auditorium, and administrative offices. Construction is expected to be completed by summer 2027 and will allow the institute to increase annual student capacity from 3,500 to more than 8,000.
AKF Framework Streamlines Digital Forensics Dataset Creation
Researchers have developed the Automated Kinetic Framework (AKF), a modern synthesis tool designed to create realistic digital forensics datasets without sensitive data concerns. Lloyd Gonzales and his team created the modular system to simulate human activity in virtualized environments, generating forensic artifacts that reflect real-world conditions. AKF incorporates the CASE standard for comprehensive documentation and includes a custom scripting language to simplify dataset creation. The framework addresses longstanding challenges in forensic education and research by automating the time-consuming process of manually creating training datasets.
DFIR Galaxy Workstation Launches as Preconfigured Investigation Platform
Mahmoud Soheem introduces DFIR Galaxy Workstation, a Windows virtual machine preconfigured with digital forensics and incident response tools designed to streamline investigations. The platform features DFIR_Toolbar by Brian Maloney with categorized tools pinned for easy access, plus Windows Explorer context menus preconfigured for artifact analysis. Right-click functionality allows users to run parsing and analysis commands on artifacts, folders, and disk images without memorizing tool parameters.
Forensic Analysis of Apple Maps Tile Cache
North Loop Consulting presents an in-depth analysis of Apple Maps’ tile caching system on iOS, uncovering how the MapTiles.sqlitedb database can store forensically valuable geolocation data. Through reverse engineering, the research reveals that cached tiles contain coordinates, timestamps, and place names, reflecting a user’s areas of interest even when location services are disabled. The study identifies multiple proprietary coordinate encoding schemes used by Apple and achieves up to 87% accuracy in decoding them into latitude and longitude. Though still a work in progress, North Loop Consulting’s findings—and its accompanying open-source script—highlight the forensic potential of map tile caches in reconstructing user activity and geographic context.
Read more (northloopconsulting.com)
University of Karachi Opens Digital Forensics Center
The University of Karachi has inaugurated the Centre of Digital Forensic Science and Technology, a Rs308 million facility aimed at advancing digital security research and training in Sindh. Built with federal government funding through the Higher Education Commission, the 38,000-square-foot complex features 23 classrooms, 11 laboratories, and advanced security systems. Saeed Sheikh notes this marks Sindh’s third forensic facility and the first digital forensic center within the university, bringing comprehensive forensic capabilities under one roof. Academic planning for course offerings will take another two to four months to complete.
Researchers Review Deepfake Detection Methods and Cybersecurity Threats
Scientists have published a comprehensive review of deepfake generation and detection technologies across image, video, and audio formats. Sonam Singh and Amol Dhumane analyze current AI methods including Generative Adversarial Networks, transformer-based detection models, and multimodal biometric defenses. Their research highlights critical vulnerabilities in existing systems and proposes interdisciplinary solutions incorporating explainable AI, federated learning, and policy frameworks to combat the growing cybersecurity threats posed by synthetic media.
Google Pixel 10 and C2PA Standards Face Legal Admissibility Questions
Dr. Neal Krawetz analyzes whether Google Pixel 10 photos and C2PA-signed media should be accepted as reliable evidence in court. His examination of three consecutive photos reveals inconsistent timestamps between EXIF data and trusted notary signatures, with one photo showing the notary timestamp predating the EXIF creation time by one second. Krawetz argues these inconsistencies, combined with C2PA’s exclusion of EXIF metadata from cryptographic protection and the Pixel 10’s AI processing, create fundamental reliability issues that would likely fail Daubert, Frye, and Federal Rules of Evidence standards for courtroom admissibility.
Memory Forensics Becomes Essential Tool Against Advanced Cyber Threats
IT Pro explores how memory forensics has evolved from a niche method for recovering encrypted data into a frontline cybersecurity tool for detecting advanced threats like rootkits and fileless malware. The article explains that by analyzing live system memory, investigators can uncover transient evidence—such as processes, network connections, and injected code—that traditional disk forensics may miss. Experts from Palo Alto Networks, Forrester, and Sygnia describe how automation and integration with EDR and XDR platforms have made large-scale memory analysis practical across enterprise environments. As organizations adopt cloud infrastructure, forensic approaches are adapting to virtualized systems and provider-specific audit logs. The piece underscores that memory forensics is now central to understanding live attacks and remains indispensable for modern cyber defense.
Uzbek Digital Forensic Experts Study Moldova’s Laboratory Methods
Five Uzbek digital forensic specialists visited Moldova from 21 to 24 October 2025 as part of an OSCE-organized study visit aimed at helping Uzbekistan establish internationally accredited digital forensic laboratories. Supported by the OSCE Transnational Threats Department, the visit included tours of Moldova’s police and anticorruption IT labs and focused on technical infrastructure, operational procedures, and accreditation standards. Uzbek officials described the exchange as invaluable as they complete their new IT laboratory and prepare for accreditation, while Moldovan counterparts emphasized the importance of international collaboration in a rapidly evolving digital landscape. The visit follows an OSCE-led national assessment of Uzbekistan’s digital forensic capacity, which produced a roadmap for strengthening the country’s cybercrime response.
