A round-up of this week’s digital forensics news and views:
Study Tests AI Models for Analyzing Criminal Evidence from Mobile Devices
Researchers tested three advanced AI language models—GPT-4o, Gemini 1.5, and Claude 3.5—on their ability to analyze mobile chat data from real criminal investigations. The study focused on how well these models could interpret slang, hidden meanings, and ambiguous language found in messaging apps during forensic analysis. Performance was measured using precision, recall, F1 scores, and hallucination rates to evaluate the models’ effectiveness in assisting law enforcement with digital evidence analysis.
macOS 26 Tahoe Introduces New Image Formats Challenging Digital Forensics
Apple’s macOS 26 ‘Tahoe’ introduces two new disk image formats that present significant challenges for digital forensics investigators. Steve Whalen explains that the Apple Sparse Image Format (ASIF) and updated Sparse Bundle Image (UDSB) can contain any file system type and appear as random data when encrypted. Most forensic tools operating outside macOS cannot reliably mount or examine these formats, potentially causing investigators to miss critical evidence hidden within these containers.
SOLVE-IT Digital Forensics Knowledge Base Releases September Alpha Version
The open source SOLVE-IT project has released its September 15th, 2025 alpha version, offering a comprehensive Excel-based knowledge base for digital forensic techniques, potential weaknesses, and mitigations. Chris Hargreaves announces the community-driven project seeks additional contributors to expand its resources. Users interested in digital forensics can access the compiled database through the provided link.
Forensic Expert Eric Schoedon Discusses Automotive Digital Investigation Challenges
Eric Schoedon, a certified forensic expert with nearly 30 years of experience in cybersecurity and automotive engineering, explains how modern vehicles have become complex data sources requiring specialized forensic expertise. Schoedon holds dual ISO/IEC 17024 certifications and emphasizes that connected vehicles are no longer just mechanical products but software-driven systems operating in mission-critical environments. He discusses the challenges courts face in accepting vehicle data as evidence and how standardization builds trust in forensic results.
Researchers Develop Method to Extract Evidence from Signal Desktop
Forensic researchers have developed a detailed methodology and automated Python tool for decrypting and analyzing encrypted data from Signal Desktop for Windows. Gonçalo Paulino and colleagues created a two-phase approach that extracts forensic artifacts without launching the application, preserving data integrity during investigations. Their method successfully recovers some expired and deleted messages, providing investigators with a reliable tool for analyzing encrypted instant messaging evidence.
Digital Forensics Community Still Relies on Outdated ACPO Guidelines from 2012
Digital forensics professionals continue using Association of Chief Police Officers guidelines that haven’t been updated since March 2012, despite massive technological advances. Paul Wright and Neal Ysart examine why the four core ACPO principles remain popular in training rooms across the UK, even though the organization was replaced by the National Police Chiefs’ Council in 2015. While the fundamental principles of evidence integrity, competence, audit trails, and accountability remain sound, practitioners struggle to apply 2012 guidance to modern challenges like cloud storage, encrypted devices, IoT equipment, and AI-generated content.
Read more (coalitioncyber.com)
Digital Forensics Expert Tackles Growing Deepfake Challenge
Dr. Áine MacDermott, a Senior Lecturer at Liverpool John Moores University, is spearheading research into deepfake forensics through her comprehensive survey project. MacDermott has identified critical gaps in forensic methodologies for handling AI-generated media, noting that while detection algorithms exist, there are no standardized investigative approaches. Her research aims to develop best practice guidance for digital forensic units as deepfakes increasingly appear in cybercrime cases and compromise evidence validation.
Google Confirms Criminals Accessed Law Enforcement Portal
Google confirms that cybercriminals created a fraudulent account in its Law Enforcement Request System (LERS) portal, which police and government agencies use to request user data. A spokesperson states that no requests were made through the fake account and no data was accessed before it was disabled. Scattered Lapsus$ Hunters, a group allegedly composed of members from Scattered Spider, ShinyHunters, and Lapsus$, claimed responsibility for the breach on BreachForums while announcing their retirement from cybercrime.
