A round-up of this week’s digital forensics news and views:
Salesforce Security Incident Investigation Guide Released
Salesforce provides comprehensive guidance for investigating security incidents within its platform environment. Eoghan Casey outlines three key information sources for forensic analysis: activity logs, user permissions, and backup data. Organizations can leverage Event Monitoring, Shield capabilities, and tools like Who Sees What Explorer to track unauthorized access and data exfiltration. Casey emphasizes the importance of proactive preparation and routine monitoring to detect threats early and respond effectively to security breaches.
Taxonomy For Linking Digital Devices To People Released In New Paper
Courts across multiple jurisdictions have dismissed criminal cases because prosecutors failed to adequately prove connections between digital devices or online accounts and the accused individuals. Hannes Spichiger introduces a new taxonomy called the “Person-Device Gap” and “Person-Account Gap” to address this fundamental challenge in digital forensic science. His framework models relevant identities and explains traces that could help establish these crucial links in criminal investigations.
iLEAPP v2.3.0 Digital Forensics Tool Released with Enhanced Features
iLEAPP v2.3.0 has been released with significant new capabilities for digital forensics analysis. Kevin Pagano announces the update includes support for iTunes encrypted backups, new Unified Logs artifacts, and progress status counts for console output. Parser improvements deliver 20x faster media file lookup speeds, while new modules support Sysdiagnose, AMDSQLiteDB, Airbnb messages, Potato Chat Parser, CashApp, and User defaults analysis.
Jeff Hamm Warns Against Timestamp Misinterpretation
Digital forensics analysts frequently misinterpret file timestamps due to tool-driven misconceptions and incomplete understanding of file system differences. Jeff Hamm explains how the commonly used MACb model (Modified, Accessed, Changed, Birth) doesn’t apply universally across file systems like NTFS, EXT, and FAT, leading to courtroom blunders and compromised evidence. Timezone handling, daylight saving time adjustments, and varying timestamp storage methods create additional pitfalls that can misalign forensic timelines and damage analyst credibility.
Google Location History Takeout Parser Updated to Version 1.4.1
A new version of the Google Location History Takeout Parser has been released following community feedback from digital forensics professionals. Version 1.4.1 adds Horizontal Accuracy KMLs for Records.JSON data and Parking Events functionality. James McGee announced the update, which enhances the tool’s capabilities for analyzing Google location data in forensic investigations.
Tetiana Hrybok Discusses Quality Assurance Challenges at Atola Technology
Tetiana Hrybok, Head of Quality Assurance at Atola Technology, shares her decade-long journey with the forensic hardware company, from QA Engineer to team leader. Hrybok discusses the complex challenges of testing damaged drives and RAID functionality, managing a library of over 800 drives for testing purposes, and ensuring quality in forensic imaging devices. She highlights memorable bugs, including variable overflows and parallelization issues, while explaining how automation and hardware testing protocols maintain Atola’s reputation for reliability in the digital forensics industry.
Read more (forensicfocus.com)
Vehicle Data Reconstructor Released for Law Enforcement
Rusolut announces the official release of Vehicle Data Reconstructor, a forensic solution designed for extracting and analyzing data from vehicles. Now available to law enforcement and government agencies, VDR enables in-depth access to infotainment systems, telematic modules and extension units to reveal valuable digital evidence. Several key forensic experts have successfully tested the tool, which is exclusively available to the law enforcement sector and certified forensics experts.
DFRWS EU 2026 Call for Research Submissions Opens
Digital forensics researchers can now submit their work to DFRWS EU 2026, scheduled for March 24-27, 2026, in Linköping, Sweden. The conference organizers are seeking research insights to help shape the future of digital forensics. Title and abstract submissions are due by September 19, 2025.
Police dogs trained to sniff out cybercrime devices
Norfolk and Suffolk police forces have introduced three specially trained dogs capable of detecting digital devices used in cybercrime investigations. After completing an eight-week training course, the dogs can locate mobile phones, tablets, USB sticks, hard drives and other electronic equipment. Inspector Gary Chapman describes the dogs as “a game-changer” that enhances the forces’ capability in investigations, providing a modern solution to contemporary digital crime challenges.
