Digital Forensics Round-Up, August 20 2025

A round-up of this week’s digital forensics news and views:

SANS DFIR Summit 2025 Playlist Released

SANS has released a comprehensive playlist from the DFIR Summit 2025 featuring cutting-edge digital forensics and incident response strategies. Content covers AI-driven workflows, covert command and control systems, cloud compromise scenarios, and macOS forensics techniques. The playlist provides real-world insights and practical strategies for cybersecurity professionals and digital defenders.

Read more (youtube.com)


UAC v3.2.0 Released with New Features and Bug Fixes

Unix-like Artifacts Collector (UAC) v3.2.0 has been released with new features, additional artifacts, and bug fixes. UAC is an incident response tool designed for forensic investigators, security analysts, and IT professionals that automates artifact collection from Unix-like systems including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris. The tool simplifies data collection for intrusion handling, forensic investigations, and compliance checks while reducing dependence on external support during critical incidents.

Read more (github.com)


Coalition of Cyber Investigators Co-Founder Discusses OSINT Professionalization and Investment Fraud

Neal Ysart, co-founder of The Coalition of Cyber Investigators, discusses his organization’s mission to professionalize OSINT practices and combat investment fraud. Ysart and partner Paul Wright established the coalition as a think-tank combining 80+ years of experience in law enforcement, forensics, and intelligence operations. He emphasizes the need for standardized methodologies and warns against “OSINT cowboys” who compromise evidential integrity, while highlighting the coalition’s specialized work in investigating increasingly sophisticated boiler room investment scams.

Read more (forensicfocus.com)


Part 2 of 3: Running A Digital Forensic Business

Digital forensics expert Patrick Siewert outlines key strategies for operating a successful digital forensic professional services business. Marketing emerges as the single biggest budget item after software licenses, requiring targeted approaches to reach litigators rather than general attorneys or government entities. Siewert emphasizes the importance of proper pricing, networking within professional organizations, and building a strong personal brand through principled practice. He warns against underpricing services and advises setting aside 30% of revenue for taxes while maintaining commitment to long-term business growth.

Read more (dfirphilosophy.blogspot.com)


NCMEC Hash Value Integration Accelerates Child Exploitation Investigations

Cellebrite announces integration of the National Center for Missing and Exploited Children’s hash value list into its digital forensics software, allowing investigators to instantly identify known child sexual abuse material during device examinations. Integration significantly reduces investigation time by automatically flagging CSAM files from NCMEC’s database of approximately 10 million hashed files, while providing mental health protection for law enforcement by allowing them to redact explicit content. Despite receiving over 22 million CyberTipline reports in 2024, NCMEC warns that numbers have actually decreased due to reduced reporting from some platforms and increased use of end-to-end encryption.

Read more (forensicmag.com)


PowerShell Transcripts: Essential Digital Forensics Tool for Incident Response

PowerShell transcripts function as “flight data recorders” for PowerShell activity, capturing both user commands and system outputs in plain-text logs. Eric Capuano explains how these transcripts can be enabled enterprise-wide through Group Policy or Intune, providing investigators with detailed session records including usernames, timestamps, host applications, and process IDs. Security teams can leverage transcripts alongside Script Block Logging to detect malicious activity, though the logs are tamper-able and require proper configuration with write-only network shares for maximum effectiveness.

Read more (blog.ecapuano.com)


iOS Search Party Database Reveals Detailed Device Tracking Data

Forensic researcher Binary Hick discovers that iOS devices maintain comprehensive records of all FindMy-compatible devices they encounter through an encrypted database called Observations.db. The database stores timestamps, precise location coordinates, signal strength, and MAC addresses of detected beacons, creating a detailed tracking log that updates frequently but deletes records rapidly. Binary Hick successfully decrypted the database using keys found in the iOS keychain and demonstrates how the data can help identify unwanted tracking devices like AirTags.

Read more (thebinaryhick.blog)


NJIT Forensics Team Uses Cell Data to Free Wrongly Imprisoned Man

Ray Wooden spent over a year in a Pennsylvania jail for a crime he didn’t commit before three NJIT forensic science students and graduates helped clear his name using cellphone location data. Wooden was falsely accused of firing shots at a Philadelphia home in what he described as retaliation for tipping off police about a woman involved in a home invasion. Mia LoRé, Carmen Cheung and Gillian Kongnyuy analyzed Wooden’s phone records and device data, conclusively showing his phone was never near the residence during the reported shootings and confirming he had possession of his device throughout. Philadelphia prosecutors dismissed all charges in July after the digital evidence proved Wooden’s innocence.

Read more (news.njit.edu)

Digital Forensics Jobs Round-Up, August 18 2025

A selection of the latest DFIR job vacancies (got a job you want to feature in the next round-up? Submit the details here):

USA

Digital Forensic Analyst / FSB / IOD / Cyber East / Livonia CCU

State of Michigan

Livonia, MI

This role involves conducting digital forensic investigations, supporting law enforcement agencies, providing expert courtroom testimony, maintaining forensic networks, and assisting with training. Requires relevant education or experience, certifications, and a commitment to equity and bias-free practices.

View Job

Analyst, Digital Investigations & Cyber Risk

Nardello & Co.

New York

This San Francisco-based role supports digital investigations, incident response, and cybersecurity advisory for diverse clients. Responsibilities include forensic data collection, analysis, reporting, and client presentations. Requires 1–3 years’ experience, strong technical and communication skills, and relevant certifications preferred.

View Job

Principal Digital Forensics Examiner

SAIC

Chantilly, VA

Seeking experienced professionals with an active TS/SCI with Polygraph to provide technical leadership in digital forensics, conduct forensic analysis on digital devices, generate analytical reports, and support tool maintenance. Relevant degrees, certifications, and tool experience required.

View Job

Digital Forensics & Cyber Investigtions Instructor- SME

Cybervance, Inc.

Kensington, MD

Seeking a bilingual (English/Spanish) instructor with at least 10 years of law enforcement experience in digital forensics and cyber investigations to deliver advanced, hands-on cybersecurity training internationally. Requires U.S. citizenship, instructional expertise, and frequent travel.

View Job

Digital Forensics Investigator : Corporate Information Security

Hoag Health System

Costa Mesa, CA

This role involves conducting forensic analyses of digital evidence for investigations, producing expert reports, advising on evidence handling, and maintaining forensic standards. Requires advanced digital forensics experience, relevant certification, and strong communication and analytical skills.

View Job

Cyber Security Forensics Analyst

Con Edison

New York, NY

Seeking an experienced cyber security professional to conduct forensic investigations, manage incident response across IT and OT environments, analyze threats, present findings to leadership, and improve forensic processes. Requires relevant experience, strong analytical skills, and availability for emergency response.

View Job

Digital Forensic Examiner

City of Fort Myers

Fort Myers, FL

This role involves conducting forensic examinations of electronic devices, collecting and preserving digital evidence, recovering inaccessible data, and preparing detailed reports. It offers comprehensive benefits, paid time off, pension, and may require emergency response availability.

View Job

Forensics / Malware Analyst (Remote)

Jobright.ai

Washington, DC

Seeking an experienced professional to conduct digital forensics and advanced malware analysis for federal systems, respond to security incidents, mentor junior staff, and collaborate on threat detection. Requires active security clearance, 10+ years’ IT experience, and relevant certifications preferred.

View Job

Forensic Audio-Video Examiner (46858)

SecureStrux®

Maryland

This full-time, on-site role in Bethesda, MD involves analyzing audio and video evidence for a federal program. Requires advanced degree or equivalent experience, TS/SCI with CI Poly, expertise in digital forensics, and proficiency with industry-standard editing and authentication tools.

View Job

UK

Senior Incident Responder / IR Consultant – Bristol

TieTalent

Bristol

This hybrid role involves leading cyber security incident response, conducting forensic investigations, advising clients on containment and recovery, and producing post-incident reports. Requires 5+ years’ experience, strong technical skills, and excellent communication under pressure.

View Job

Digital Forensic Compliance Lead

HM Revenue & Customs

London

This senior digital forensics role involves leading complex investigations, managing and mentoring teams, ensuring compliance with forensic standards, collaborating with law enforcement partners, and providing expert advice and quality assurance across multiple sites within a government fraud investigation service.

View Job

Digital Forensic Investigator

Alexander Associates Technical Recruitment

Leicester

A leading digital forensics organisation seeks experienced professionals to conduct complex investigations, analyse electronic evidence, and provide expert testimony. Candidates need 3+ years’ experience, UK residency, security clearance, and proficiency with major forensic tools. Flexible working and comprehensive benefits offered.

View Job

Digital Forensics Analyst

INOVERSE GROUPE

West Midlands

Seeking an experienced professional to conduct forensic examinations of digital devices for legal, law enforcement, and commercial clients. Requires a relevant degree, two years’ accredited lab experience, proficiency with forensic tools, and compliance with industry standards. Security clearance eligibility essential.

View Job

DFIR Consultant

Pentest People

Leeds

A UK-based security consultancy seeks an experienced professional to join its Incident Response team, conducting digital forensics, threat intelligence, and live incident management. Strong analytical, communication, and stakeholder management skills are essential. UK residency and occasional travel required.

View Job

Digital Forensic Investigator

Alexander Associates Limited

Manchester

Seeking an experienced digital forensics professional to conduct complex investigations, analyse electronic evidence, and provide expert testimony. Requires 3+ years’ experience, UK residency, security clearance, and proficiency with major forensic tools. Offers flexible working, pension, and additional benefits.

View Job

Digital Forensic Evidence Examiner

Greater Manchester Police

Chadderton

This role involves conducting intelligence-led digital forensic examinations on various devices to support police investigations, requiring expertise in data acquisition, processing, and communication of forensic methodologies to investigators, prosecutors, and courts. The position involves handling sensitive material.

View Job

Digital Forensic Investigator

Greater Manchester Police

Chadderton

Seeking experienced professionals to conduct intelligence-led digital forensic investigations, analyse data from diverse digital devices, and present complex evidence in support of high-profile police cases. The role involves collaboration, research, and handling sensitive material within a dynamic forensic team.

View Job

Digital Forensic Examiner

Surrey Police

Guildford

Seeking experienced individuals in mobile phone examinations to join a digital forensics team in Guildford, Surrey. Responsibilities include independent forensic analysis, supporting frontline officers, delivering training, and maintaining technology, with fixed shift patterns including weekends.

View Job

Australia

Forensic Technology Services/eDiscovery – Associate

Alvarez & Marsal

Perth, Western Australia

A global consulting firm seeks professionals with experience in digital forensics, eDiscovery, and cybersecurity to support forensic investigations, data analysis, and incident response across diverse, high-stakes projects in a collaborative, inclusive, and fast-paced environment.

View Job

Incident Response Specialist

BAE Systems Digital Intelligence

Canberra, Australian Capital Territory

Seeking an experienced cyber security professional to lead incident response investigations, develop detection tools and playbooks, mentor junior staff, and collaborate with stakeholders. Requires strong technical, forensic, and communication skills, NV1 clearance, and familiarity with Australian government standards.

View Job

Digital Forensic Specialist

Datacom

Brisbane

Seeking an experienced professional to lead digital forensics and incident response engagements, deliver proactive cybersecurity advisory services, and support organisations in Australia or New Zealand. Strong investigative, communication, analytical, and problem-solving skills required.

View Job

Canada

Cybercrime Investigator, Cybercrime & Security Investigations

Scotiabank

Toronto, Ontario

This role involves conducting digital forensic investigations, analyzing electronic evidence, and supporting cyber and security inquiries. Requires expertise in digital forensics, strong communication skills, and experience with forensic tools. Offers professional development, inclusive culture, and competitive benefits.

View Job

Senior Associate/Cybersecurity & Incident Response (Forensic Services practice)

Charles River Associates

Toronto, Ontario

This role involves leading forensic and cybersecurity investigations, managing teams, supporting client communications, and ensuring compliance with industry frameworks. Candidates should have 5–7 years’ relevant experience and strong technical, analytical, and leadership skills. Comprehensive training and benefits provided.

View Job

Senior Manager Advisory

KPMG Canada

Toronto, Ontario

Seeking an experienced leader to manage cyber incident response and forensic investigations, mentor teams, and drive business development. Requires strong technical expertise, relevant certifications, and a commitment to fostering an inclusive, growth-oriented environment. Minimum five years’ experience preferred.

View Job

Digital Forensics Round-Up, August 13 2025

A round-up of this week’s digital forensics news and views:

Digital forensics experts reveal Bryan Kohberger’s preparation for Idaho murders

Digital forensics experts who were set to testify at Bryan Kohberger’s trial reveal evidence showing the convicted killer prepared extensively for the quadruple murders of University of Idaho students. Heather Barnhart and Jared Barnhart from Cellebrite discovered that Kohberger deliberately powered off his phone during the exact window of the November 2022 killings, downloaded detailed reports on serial killers, and used VPN technology to hide his online activity. Analysis of his digital footprint showed obsessive research into murder cases, scrubbed files, and evidence his phone had connected to WiFi at a restaurant where two victims worked.
Read more (the-independent.com)


FBI and NSPCC alarmed at ‘shocking’ rise in online sextortion of children

Tech companies reported more than 9,600 cases of adults grooming children online in the UK during just six months last year, equivalent to about 400 cases per week. Law enforcement agencies including the FBI and UK’s National Crime Agency express growing alarm about sextortion threats targeting teenagers, with victims being blackmailed into sharing explicit images. Snapchat logged approximately 20,000 cases of concerning material in the first half of 2024, more than all other major social media platforms combined. The Guardian reports that some teenage victims have taken their own lives due to this abuse, prompting unprecedented awareness campaigns.
Read more (theguardian.com)


Brian Carrier Launches Course on Automation and AI

Digital forensics has always depended on automation, from early tools like EnCase v1 and FTK v1 that automatically detected and parsed file systems. Brian Carrier explains that automation handles intermediate steps in investigations but still requires skilled investigators to ask the right questions and understand context. He is developing a comprehensive mini-course on automation and AI in forensics through LinkedIn posts, blogs, webinars, and eventually video content.
Read more (linkedin.com)


Hannah Bailey Discusses Mental Health Support for Digital Forensics and Police

Hannah Bailey, founder of Blue Light Wellbeing and former police officer with 15 years of frontline experience, discusses critical mental health challenges facing digital forensics investigators and law enforcement. Hannah, who left policing after experiencing PTSD and cancer, now works as a psychotherapist specializing in trauma therapy for high-risk professions. She emphasizes the need for proactive mental health support rather than reactive approaches, noting that digital forensics investigators face constant trauma exposure with added isolation from working alone with screens. Bailey advocates for regular supervision sessions and culturally-aware therapists who understand the unique stresses of law enforcement work.
Read more (forensicfocus.com)


Unfurl v2025.08 Released with Enhanced TikTok ID Parsing

Version 2025.08 of Unfurl has been released with improved TikTok ID analysis capabilities. Enhanced parser now extracts milliseconds, entity types, sequence numbers, and machine IDs from TikTok identifiers, thanks to research by Benjamin Steel. The update also fixes a bug in Google Search EI timestamp parsing where leading zeros in microseconds caused incorrect conversions.
Read more (dfir.blog)


Researchers Develop Hybrid Framework for Drone Forensics Investigation

Researchers have developed a new forensic framework that combines live, digital, and physical evidence collection to investigate drone-related crimes and accidents. Dongkyu Lee and Wook Kang propose a systematic analysis algorithm specifically designed for unmanned aerial vehicle evidence, addressing the growing need for post-incident investigation capabilities. Current drone security strategies focus primarily on real-time defense measures like detection and neutralization, but this research emphasizes the importance of forensic analysis to identify flight paths, pilot information, and accident causes. The framework aims to enhance the legal admissibility of drone forensic evidence in criminal and civil proceedings.
Read more (sciencedirect.com)


LinkedIn Timestamps Decoded for Open Source Investigations

LinkedIn provides only rough time estimates like “1d” for posts, frustrating investigators who need precise timestamps for fact timelines. Researcher Ollie Boyd discovered that LinkedIn post URLs contain hidden timestamps – the 19-digit number at the end, when reduced to its first 41 bits, reveals the exact Unix timestamp of publication. This technique has been integrated into Bellingcat’s Uniform Timezone Chrome extension to help investigators extract precise publication times from LinkedIn posts and comments.
Read more (maynier.eu)


Mental Health Challenges in Digital Forensics Explored

A new episode of Truth in Data examines the psychological impact on professionals working in digital forensics and incident response (DFIR). Episode 14 focuses on the often overlooked mental health toll that forensic investigators face while dealing with disturbing digital evidence and high-pressure cases. Mental health support and awareness in the cybersecurity field remains a critical but underaddressed concern.
Read more (youtube.com)

Digital Forensics Round-Up, August 06 2025

A round-up of this week’s digital forensics news and views:

Digital Forensics Expert Offers Guidance on Starting DF Business

Patrick Siewert provides comprehensive advice for aspiring digital forensics entrepreneurs in the first part of a three-part series on starting a digital forensic business. He emphasizes the importance of choosing a clear, professional company name, carefully selecting target clientele, and establishing solid business foundations including mission statements and proper legal structures. Siewert warns against common pitfalls like taking on undesirable clients and reveals that major forensic tool providers make their products deliberately expensive and difficult for private practitioners to access, often due to pressure from their primary law enforcement customers.

Read more (dfirphilosophy.blogspot.com)


Hashcat v7.0.0 Released with Major Performance Improvements

Hashcat releases version 7.0.0 after two years of development, featuring over 900,000 lines of code changes and contributions from 105 developers. Major new features include an Assimilation Bridge for integrating external resources, Python Bridge Plugin for rapid hash-matching implementation, and hash-mode autodetection. Performance improvements include up to 320% speed increases for scrypt and major optimizations for NTLM and NetNTLMv2, while 58 new application-specific hash types have been added including support for Argon2, MetaMask, and LUKS2.

Read more (hashcat.net)


OWASP Releases GenAI Incident Response Guide 1.0

OWASP GenAI Security Project releases its first comprehensive incident response guide for security practitioners dealing with GenAI application incidents. Created by a panel of experts from the project’s CTI Initiative, the guide provides guidelines and best practices without requiring deep GenAI knowledge. It aims to fill a critical gap in helping security teams respond effectively to incidents involving generative AI systems.

Read more (genai.owasp.org)


Building the UFADE Touch V1: A Portable iOS Forensics Device

A forensics professional demonstrates how to build an affordable portable backup system called “UFADE Touch” using a Raspberry Pi 4B, 7-inch touchscreen, and specialized cooling components. Components cost around €175 and include a DSI interface display to preserve USB ports for data sources and drives. Assembly requires minor case modifications and specific configuration changes to Raspbian OS to support the display driver and optimize performance for the 1024×600 resolution screen.

Read more (cp-df.com)


DB Browser Offers Alternative to Spreadsheets for CSV Forensic Analysis

A new video tutorial demonstrates how to use DB Browser for SQLite instead of traditional spreadsheet programs when conducting forensic analysis of CSV files. Sherman Kwok walks viewers through downloading the tool, importing CSV data, and using SQLite commands for sorting, filtering, and formatting data. The tutorial covers basic to intermediate techniques including regular expression filtering for more efficient data analysis.

Read more (youtube.com)


machofile Tool Released for Mach-O Binary Analysis

Security researcher Pasquale Stirparo releases machofile, a new Python module designed for parsing Mach-O binary files with a focus on malware analysis and reverse engineering. The self-contained tool works across macOS, Windows, and Linux without dependencies and offers features including header parsing, entropy calculation, symbol extraction, and code signature analysis. Stirparo developed the initial version after attending Patrick Wardle’s macOS malware class, spending nearly two years refining the tool before its official release.

Read more (github.com)


Cybersecurity Expert Releases Memory Forensics Dataset for Malware Research

Daniel Jeremiah releases a comprehensive memory forensics dataset featuring controlled attack scenarios on Windows 10 systems for cybersecurity research and training. Six distinct scenarios cover process injection, credential dumping, Cobalt Strike beacons, and various remote access trojans including AsyncRAT and MasonRAT. Each scenario includes detailed memory dumps, attack characteristics, and evasion techniques designed for analysts to practice using tools like Volatility and YARA. Cases range from unknown infections to targeted intrusions, providing varied complexity levels for students, analysts, and researchers developing memory analysis workflows.

Read more (daniyyell.com)

Digital Forensics Round-Up, July 30 2025

A round-up of this week’s digital forensics news and views:

Digital Forensics Experts Analyze ‘Missing’ Epstein Surveillance Video

Two former FBI forensic examiners conducted an independent analysis of Jeffrey Epstein’s jail surveillance footage that appeared to have missing minutes. Their investigation reveals the timing discrepancies likely resulted from routine video processing rather than evidence tampering. The experts found three types of technical artifacts: a system reboot gap, edited content from the file’s beginning, and dropped frames during compression, accounting for all apparent missing time.

Read more (forbes.com)


Digital Forensics And Stress: Understanding Your Body’s Signals

Dr. Zoe Billings and Mark Pannone discuss their innovative approach to managing stress in digital forensics through biological wellbeing education. Adapt & Evolve teaches investigators to recognize early physical warning signs of stress before mental health issues develop. They emphasize that chronic stress manifests physically through symptoms like lower back pain, high blood pressure, and digestive issues, which can be prevented through scientifically proven techniques.

Read more (forensicfocus.com)


Portable Forensics with Toby: A Raspberry Pi Toolkit

A digital forensics expert develops “Toby,” a portable forensic toolkit built around a Raspberry Pi Zero 2 W that fits in a travel organizer and can be operated headlessly from mobile devices. It runs Kali Linux with custom forensic tools including MalChela and a built-in tool finder called “toby-find” that serves as a searchable cheat sheet for available commands. The compact kit includes wireless connectivity, battery power options, and can perform malware analysis, memory forensics, and field acquisition tasks.

Read more (bakerstreetforensics.com)


Simson Garfinkel Receives Inaugural Test of Time Award at DFRWS

Simson Garfinkel receives the first-ever Test of Time Award at the 25th anniversary of DFRWS for his paper “Digital Forensics: The Next Ten Years,” which is the most cited paper in the conference’s history. The award recognizes Garfinkel’s foundational contributions to defining the field of digital forensics.

Read more (linkedin.com)


AI-Driven Open-Source Intelligence Transforms Digital Forensics for Cybercrime Investigation

Researchers explore how artificial intelligence can enhance open-source intelligence gathering in digital forensics to improve cybercrime investigations. The study examines AI’s potential to automate and streamline the collection and analysis of publicly available digital evidence. This approach could significantly accelerate forensic processes and help investigators identify patterns in cyber criminal activities more effectively.

Read more (researchgate.net)


SWGDE Releases Draft Technical Notes on Timing Advance Records

The Scientific Working Group on Digital Evidence has published a draft document titled “Technical Notes on the Use of Timing Advance Records (25-F-002-1.0)” for public review and comment. This draft represents the latest guidance from SWGDE’s forensics committee on the technical aspects and proper use of timing advance records in digital evidence analysis.

Read more (swgde.org)


PDF Security Vulnerabilities Enable Document Tampering

Security researchers have discovered critical vulnerabilities in PDF document handling that allow attackers to tamper with documents without detection. The flaws affect how PDF viewers process and validate document integrity, potentially enabling malicious actors to modify contracts, financial documents, and other sensitive files. These vulnerabilities pose significant risks to organizations that rely on PDF documents for secure communications and record keeping.

Read more (group-ib.com)


Research Validates Foreground Application Data in AMD Usage Events

A new study examines the validity of foreground application data stored in AMD’s SQLite database usage events, with a focus on analyzing the accuracy and reliability of application usage tracking mechanisms. The findings contribute to better understanding of how application usage data is collected and stored in AMD systems.

Read more (researchgate.net)


Researchers Release Comprehensive IoT Forensics Dataset for Cyberattack Detection

Researchers from UNSW Canberra introduce IoT-CAD, a new digital forensics dataset designed to train AI systems for detecting and attributing cyberattacks in Internet of Things environments. The dataset captures traces from Windows and Linux systems across multiple sources including memory, hard drives, processes, and network traffic from various IoT devices. The team validates the dataset using machine learning, digital forensics, and explainable AI techniques, employing both centralized learning for attack detection and federated learning for attack attribution.

Read more (sciencedirect.com)

Digital Forensics Round-Up, July 23 2025

A round-up of this week’s digital forensics news and views:

Cellebrite Launches 2026 Digital Forensics Industry Trends Survey

Cellebrite has opened its 2026 industry trends survey to gather insights from digital forensics professionals worldwide. The survey aims to identify emerging challenges, technological developments, and industry needs that will shape the future of digital investigations. Participants can contribute their expertise to help understand evolving trends in mobile forensics, AI integration, and investigative methodologies.

Read more (forensicfocus.com)


Court Accepts Fitbit Data as Legal Evidence in Personal Injury Case

A Canadian court has accepted data from a Fitbit fitness tracker as evidence in a personal injury lawsuit for the first time. The case involves a woman claiming her activity levels declined after a car accident, with lawyers using Fitbit data to demonstrate her reduced physical activity compared to baseline measurements. This landmark decision establishes a precedent for wearable technology data being used in legal proceedings.

Read more (theguardian.com)


Trucking Attorneys Must Understand Cell Phone Forensic Data Extraction

Legal professionals handling trucking cases need comprehensive knowledge of cell phone forensic data extraction procedures. Understanding how digital evidence is collected and analyzed from mobile devices is becoming crucial for building strong cases. The technical aspects of data recovery can significantly impact litigation outcomes in trucking-related legal matters.

Read more (thelarsdaniel.com)


UserAssist Registry Keys Prove Valuable for Digital Forensics

Digital forensics experts highlight the significant value of UserAssist registry artifacts for incident response investigations. These Windows registry entries track user application usage and can provide crucial evidence during security investigations. The artifacts offer detailed insights into user behavior patterns and application execution history that prove essential for cybersecurity professionals.

Read more (securelist.com)


New RDP Lateral Movement Technique Uses Tiny Bitmaps to Hide Activity

Security researchers have discovered a novel lateral movement technique that exploits Remote Desktop Protocol (RDP) sessions by hiding malicious activity within tiny bitmap images. The method allows attackers to move laterally through networks while evading traditional detection mechanisms. This “ghost” technique leverages the way RDP handles bitmap data to conceal command execution and file transfers.

Read more (medium.com)


PowerLog Tool for System Performance Monitoring

A new system monitoring tool called PowerLog has been developed to track computer performance metrics and power consumption. The utility provides real-time data on CPU usage, memory consumption, and energy efficiency across different operating modes. PowerLog aims to help users optimize their system performance while managing power consumption more effectively.

Read more (doubleblak.com)


Our Rescue Launches ICAC Connect Program to Combat Child Exploitation

Our Rescue, a non-profit organization focused on combating child trafficking and exploitation, announces the launch of its ICAC Connect Program. The initiative aims to strengthen coordination and support between Internet Crimes Against Children (ICAC) task forces nationwide. The program will provide enhanced resources, training, and technology to help law enforcement agencies better investigate and prosecute crimes involving the exploitation of children online.

Read more (prnewswire.com)


Indianapolis Police Deploy Mobile Forensics Lab for Child Exploitation Cases

The Indianapolis Metropolitan Police Department has launched a new mobile forensics laboratory specifically designed to investigate internet crimes against children. The specialized vehicle allows investigators to process digital evidence on-site, significantly reducing the time needed to analyze devices in child exploitation cases. The mobile lab represents a major advancement in the department’s ability to quickly respond to and investigate crimes involving the sexual exploitation of minors.

Read more (axios.com)

Digital Forensics Round-Up, July 16 2025

A round-up of this week’s digital forensics news and views:

Six Sessions Are Not Enough: Support For Digital Forensic Investigators Must Improve

Digital Forensic Investigators routinely face disturbing material that causes long-term psychological harm, including PTSD, burnout, and depression. Yet many are offered just six therapy sessions—an inflexible standard that fails to address the depth of trauma they experience. True recovery requires sustained, trauma-informed care tailored to the demands of the role. Without proper support, DFIs are left vulnerable, with their wellbeing treated as an afterthought.

Read more (forensicfocus.com)


Karen Read Trial: Expert Explains ‘Hos Long To Die In Cold’ Search And Deleted Calls

The Karen Read trial highlights the immense influence—and frequent misinterpretation—of digital evidence in court. Expert testimony corrected critical misconceptions, including a misread Google search timestamp and assumptions about call log deletions. The case reinforces the need for digital forensics experts to remain neutral, rigorously test evidence, and clearly explain findings to non-technical audiences. As data grows more complex, so too must the legal system’s understanding of its limits and meaning.

Read more (forbes.com)


Four arrested in connection with M&S and Co-op cyber-attacks

Four people have been arrested in connection with major cyber-attacks on M&S, the Co-op, and Harrods that caused extensive disruption and data breaches. The suspects—aged 17 to 20 and including one Latvian national—were detained on suspicion of hacking, blackmail, money laundering, and organised crime activity. Police seized electronic devices during early morning raids, describing the operation as a key step in an ongoing international investigation. The attacks, involving stolen data and ransomware, are expected to cost M&S alone up to £300 million.

Read more (bbc.co.uk)


Metadata Shows the FBI’s ‘Raw’ Jeffrey Epstein Prison Video Was Likely Modified

Metadata from surveillance footage released by the DOJ, purportedly showing the area outside Jeffrey Epstein’s cell, reveals it was likely processed using Adobe Premiere Pro, undermining claims that it was “raw.” While experts say the edits may be benign—such as stitching clips or standard format conversion—the lack of transparency about how the video was handled raises serious questions about chain of custody. Shifts in aspect ratio and embedded editing traces further fuel public suspicion, especially in a case already plagued by conspiracy theories. Calls for direct exports from original systems highlight the growing scrutiny on digital evidence in high-profile cases.

Read more (wired.com)


Data-Driven Digital Evidence Analysis for the Forensic Investigation of the Electric Vehicle Charging Infrastructure

The rapid growth of electric vehicle charging infrastructure has introduced serious cybersecurity risks, yet forensic investigation methods tailored to this complex environment remain underdeveloped. New research proposes a data-driven framework for systematically identifying, classifying, and correlating digital evidence across physical, network, and application layers of EV charging systems. It maps cybersecurity threats to potential evidence sources, integrates OSINT, and outlines adaptable workflows to support incident response and forensic readiness. Case studies demonstrate the framework’s effectiveness in bridging gaps in current forensic practices and enhancing the resilience of EV charging ecosystems.

Read more (sciencedirect.com)


Trucking Attorneys—Your Cell Phone Forensics Report Is Missing Data

A trucking accident case reveals how a selectively generated phone forensics report concealed critical evidence of distracted driving—only uncovered when the full extraction file was reviewed. This example underscores the dangers of relying on simplified summary reports, which can omit vital logs, app usage, and screen interactions that drastically impact case outcomes. In high-stakes litigation, attorneys must insist their experts analyze complete forensic files, not just curated summaries, to ensure no evidence is overlooked or biased. The difference isn’t technical—it’s the line between winning and losing.

Read more (forbes.com)


Sibe, digital forensics expert, named cybersecurity personality of the year

Robinson Tombari Sibe, a leading Nigerian cybersecurity and digital forensics expert, has been named Cybersecurity Personality of the Year at the 2025 National Cyber Security Conference in Abuja. Recognised for his work in digital investigations, policy development, and cybersecurity capacity building, Sibe leads two firms—Digital Footprints and Abatis Technology—serving government, finance, and SMEs. He also plays a prominent role in academia and co-authored a key text on cybercrime in Nigeria. The award highlights both his individual impact and Nigeria’s growing leadership in cybersecurity innovation.

Read more (businessday.ng)


Support for victims of revenge porn ‘isn’t good enough’

Northern Ireland remains the only part of the UK and Ireland without a publicly funded service to help victims of intimate image abuse remove non-consensual content, prompting criticism from campaigners and victims. Assembly member Cara Hunter, herself a deepfake victim, is calling for urgent funding to extend takedown support already available in other regions. Victims currently face navigating removal efforts alone, often retraumatised by insensitive treatment and legal dead ends. While the Department of Justice says it is exploring options, advocates argue this delay reflects a systemic lack of urgency.

Read more (bbc.co.uk)

Digital Forensics Round-Up, July 02 2025

A round-up of this week’s digital forensics news and views:

Digital Forensics Expert Argues Field Demands Testimony Skills

Digital forensics and incident response demand more than technical expertise—they require the ability to clearly communicate complex findings, often under oath. Drawing from a 15-year law enforcement career, Patrick Siewert argues that courtroom testimony is a core, often overlooked, aspect of DF/IR work. Many underestimate the mental resilience, communication skills, and long-term commitment it takes to succeed in this field. For those undeterred by the pressure, the path offers immense opportunity—but it’s not for everyone.

Read more (dfirphilosophy.blogspot.com)


New Tool Extracts Browser Passwords for Digital Forensics

Breakpoint Forensics releases Browser Password Scraper, a free Windows tool that rapidly extracts saved passwords from Chromium-based browsers and Firefox during live forensic investigations. The tool bypasses Chrome’s v20 App-Bound Encryption and formats extracted credentials into readable CSV files for investigators.

Read more (breakpointforensics.com)


UK Employers Face Legal Obligations to Protect Digital Workers from Psychological Trauma

Forensic psychologist Paul Griffiths outlines comprehensive legal obligations requiring UK employers to safeguard mental health of workers in high-risk digital roles. The commentary details how digital forensic investigators, online content moderators, and law enforcement analysts face heightened psychological risks from constant exposure to traumatic material, creating potential liability under health and safety, equality, and employment law. Griffiths argues that failure to provide adequate psychological protections may constitute negligence or workplace discrimination.

Read more (linkedin.com)


Digital Forensics Guide Reveals DuckDuckGo Browser Download Tracking Methods

Digital forensics investigators can extract detailed download history from DuckDuckGo’s Android browser by analyzing the downloads.db SQLite database, which stores file information, timestamps, and download status. The database lacks source URLs but investigators can recover deleted downloads by examining WAL files and identifying gaps in auto-incrementing IDs to determine if downloads were cancelled or manually deleted.

Read more (digital4n6withdamien.blogspot.com)


Revenge Porn Helpline Manager Reveals Challenges Facing Intimate Image Abuse Victims

Sophie Mortimer of the UK’s Revenge Porn Helpline describes how police confusion about digital evidence and laws creates barriers for victims reporting intimate image abuse. She emphasizes that most victims prefer image removal over prosecution, while highlighting the severe psychological trauma including depression, anxiety, and social withdrawal caused by such abuse.

Read more (forensicfocus.com)


Forensic Analysis Reveals Apple Health Data Accuracy Issues

Extensive testing of Apple Health databases reveals that step counting proves reasonably accurate during walking, but distance measurements consistently underreport actual distances traveled. The research also demonstrates that iPhones can erroneously record steps and flight climbs when held during vehicle travel, while devices placed in docks remain unaffected by vehicular movement.

Read more (doubleblak.com)


iOS Unified Logs: Forensic Analysis and Extraction Methods

Digital forensics expert Matthew explores iOS unified logs, which combine data from multiple sources including Biome artifacts, location services, and app activities to provide comprehensive device activity records. He demonstrates using Lionel Notari’s free Unified Log Extractor and Parser tool to acquire and convert these logs into SQL databases for analysis. The logs can grow extremely large, often reaching gigabytes in size with millions of entries, but filtering by date ranges and custom rules can significantly reduce the data volume for practical investigation purposes.

Read more (matthewplascencia.substack.com)


State Laws on AI-Generated Child Sexual Abuse Material Show Mixed Legal Landscape

A comprehensive analysis reveals significant variation across U.S. states in criminalizing AI-generated or computer-edited child sexual abuse material, with 32 states and Washington D.C. having laws that explicitly or effectively criminalize such content while 18 states lack specific prohibitions. Many states have recently updated their statutes to address emerging AI technology, with bills passed in 2024 and 2025 expanding definitions to include digitally created, computer-generated, or artificially manipulated depictions of minors in sexual situations.

Read more (enoughabuse.org)

Digital Forensics Round-Up, June 25 2025

A round-up of this week’s digital forensics news and views:

Semantics 21 Platform Reduces Digital Forensic Investigator Exposure to Harmful Material

Tom Oldroyd, Director of Strategy and Sales at Semantics 21, demonstrates how the company’s digital forensics platform protects investigators from excessive exposure to child sexual abuse material while improving case efficiency. The platform features a Global Alliance Database with 3.1 billion hash values for rapid identification of known illegal content and includes a Wellbeing Monitor that tracks investigator exposure levels to help managers identify risk patterns.

Read more (forensicfocus.com)


Europe-wide takedown hits longest-standing dark web drug market

Law enforcement authorities across six European countries dismantle Archetyp Market, the most enduring dark web marketplace, arresting its administrator in Spain and targeting top vendors. The platform operated for over five years with 600,000 users worldwide and facilitated EUR 250 million in drug transactions, including dangerous synthetic opioids like fentanyl.

Read more (europol.europa.eu)


Forensic Timeliner v2.2 Released with Enhanced Filtering Features

Digital forensics investigators gain access to Forensic Timeliner v2.2, featuring interactive YAML filter previews for MFT and Event Logs, enhanced keyword tagging capabilities, and improved support for various forensic tools including EZ Tools/KAPE and Chainsaw.

Read more (github.com)


Digital Forensics Education System Fails Students and Employers

Digital forensics and incident response (DF/IR) education programs fail to prepare graduates for real-world work, leaving students with expensive degrees but lacking basic technical knowledge. Brett Shavers argues that universities create programs without proper tools, qualified instructors, or clear understanding of field requirements, resulting in graduates who can’t perform fundamental tasks like forensic hard drive acquisition.

Read more (linkedin.com)


Digital Forensics Expert Calls for Automation to Replace Manual Analysis

Florian Roth argues that the field’s reliance on manual processes creates inefficiencies, as analysts spend countless hours collecting insights from online sources and maintaining personal notebooks rather than translating findings into automated detection rules. He advocates for combining human intuition with machine automation to improve incident response times and customer outcomes.

Read more (cyb3rops.medium.com)


FBI’s Regional Computer Forensics Labs Combat Crime Through Digital Evidence Extraction

The FBI operates 17 Regional Computer Forensics Laboratories nationwide that extract and analyze digital evidence from devices like phones and computers to support federal, state, and local investigations. These labs specialize in accessing locked, encrypted, or damaged devices to recover critical data for cases ranging from terrorism and violent crimes to child exploitation.

Read more (fbi.gov)


Apple Introduces Three New Spotlight Attributes in macOS Tahoe Beta

Spotlight attributes are metadata keys that enable macOS to quickly index and search files across the system. The latest macOS Tahoe beta adds three new attributes related to time-sensitivity and window management for internal system processes.

Read more (dfiros.com)


AI Video Technology Makes Major Leap in Realism

Artificial intelligence video generation technology has achieved a significant breakthrough in creating realistic content. The advancement raises questions about potential implications and societal impact of increasingly sophisticated AI-generated video capabilities.

Read more (arstechnica.com)

Digital Forensics Round-Up, June 11 2025

Project Odyssey Transforms Digital Forensics to Protect Victim Privacy

UK police forces are implementing Project Odyssey, a new digital forensics approach that extracts only relevant data from victims’ phones in three hours instead of keeping devices for months. The technology uses time-slicing techniques and involves victims in real-time approval of data extraction, addressing concerns about “digital strip-searches” that previously deterred survivors from seeking justice.

Read more (emergencyservicestimes.com)


Amped Authenticate Unveils Advanced Tools for Detecting AI-Generated Images

Forensic experts demonstrate new capabilities in Amped Authenticate for identifying synthetic media and manipulated images. The webinar showcases advanced detection methods including metadata analysis, reflection consistency checks, shadow analysis, and compression pattern examination to combat increasingly sophisticated deepfakes and AI-generated content.

Read more (forensicfocus.com)


Dutch Forensic Experts Develop Heartbeat Detection Method for Deepfakes

Dutch researchers at the Netherlands Forensic Institute have developed a new technique to identify deepfake videos by analyzing subtle facial color changes caused by heartbeat-induced blood flow. The method detects minute shifts in skin tone around the eyes, forehead, and jaw that occur with each heartbeat—biological signals absent in AI-generated deepfake content. While still undergoing scientific validation, the breakthrough adds to existing forensic tools for combating increasingly sophisticated manipulated media.

Read more (nltimes.nl)


SMB File Transfer Timestamp Changes Between macOS and Windows

Cross-platform file transfers via SMB shares between macOS Sequoia and Windows 11 cause significant timestamp alterations that vary by file type, operation method, and host operating system. The research reveals that some forensic tools may show null timestamps due to Windows storing file attributes across multiple MFT entries, requiring investigators to examine base file records for complete timestamp data.

Read more (forensicatorjourney.gitbook.io)


iOS Unified Logs Command Receives Major Updates in macOS 15.5

Apple introduces significant updates to the iOS Unified Logs command in macOS 15.5, including a new ‘log repack’ option that creates filtered log archives from existing ones. The log collect command now supports predicate filtering, while log stats gains the ability to use date ranges with the –end option, enabling faster and more accurate forensic analysis of iOS device logs.

Read more (ios-unifiedlogs.com)


Forensics Europe Expo 2025 Returns to London Focusing on Digital Innovation

Forensics Europe Expo returns to Olympia London on June 18-19, 2025, for its 12th year with a focus on digital forensics, AI-driven investigations, and emerging technologies. The event co-locates with The Blue Light Show for the first time, creating an expanded platform for collaboration between law enforcement, government agencies, and emergency services. Sessions will cover topics including autonomous digital investigation technology, 3D crime scene reconstruction, voice data analysis, and AI forensics implications.

Read more (forensicfocus.com)


Apple’s Latest OS Updates Introduce New Digital Forensic Artifacts

Apple’s newest operating system updates across iOS, macOS, watchOS, iPadOS, and visionOS introduce several potential forensic artifacts that could aid criminal investigations. Key features include AI-enhanced location tracking, improved metadata indexing, enhanced health data from wearables, visual search capabilities that embed geolocation data, and live translation services that may store spoken conversations.

Read more (theverge.com)


Three Emerging Android Malware Trends Target Mobile Security

Security experts identify three major Android malware threats emerging in 2025: embedded firmware-level malware in budget smartphones, evolved banking trojans with full surveillance capabilities, and NFC-relay fraud targeting contactless payments. These threats exploit Android’s open architecture and widespread adoption, with malware-as-a-service models making sophisticated attacks accessible to novice cybercriminals.

Read more (linkedin.com)

Digital Forensics Round-Up, June 04 2025

A round-up of this week’s digital forensics news and views:

Magnet Forensics Launches Cloud Processing for Digital Investigations

Magnet Forensics introduces Magnet One Process, a cloud-based processing engine for digital investigations, alongside Mobile Case Stream that delivers real-time mobile evidence to investigative teams. The platform combines case management, secure storage, and review capabilities, reducing time-to-evidence from weeks to minutes. The new features are currently in beta and will be widely available later in 2025.

Read more (forensicfocus.com)


SWGDE Releases Guide on Digital Image Compression and File Formats

The Scientific Working Group on Digital Evidence (SWGDE) has published a comprehensive guide on digital image compression and file formats. The resource helps forensic professionals understand compression techniques, navigate various file types, and maintain evidence integrity through solid technical knowledge of digital images.

Read more (swgde.org)


Inside the Challenging World of Police Victim Identification

Scotland’s victim identification officers work tirelessly examining disturbing images to identify child abuse victims. Detective Constable David Murray and his team now identify nearly 400 victims annually, 90% from Scotland, compared to 25-30 victims four years ago. Despite the emotional toll, officers find purpose in safeguarding children from further harm through their work identifying victims from seized devices.

Read more (bbc.com)


TOEX Launches New Digital Investigation Tool for Phone Data Analysis

The Tackling Organised Exploitation Programme announces the launch of TOEX DART, a new Data Analysis & Review Tool designed to help investigators process large volumes of digital phone data. The application enables quick upload of phone extractions and provides high-level summaries to identify patterns and connections, becoming the seventh tool in the TOEX Capabilities Environment.

Read more (toexprogramme.co.uk)


Inside Cyberly: A Fictional City for Digital Forensics Education

Cyberly is an innovative fictional city created by Sherfox Labs to teach digital forensics in a safe, engaging environment. Complete with its own infrastructure, characters, and smart technology, this imaginary world allows students to practice investigative skills without the ethical concerns of using real cases. The city features organizations like the B.Y.T.E. Detective Agency and Villainous Ventures Inc., creating a rich context for students to develop practical skills while maintaining an element of humor.

Read more (blog.sarahmorris.prof)


Shift from Deepfake Detection to Media Authentication Needed

Forensic video analyst Brandon Epstein argues that algorithmic deepfake detection tools for online media consistently fail in real-world conditions. According to the TRIED benchmark report, these detection methods are unreliable due to re-encoding issues, poor media quality, and frequent ‘undetermined’ results. Epstein advocates shifting from deepfake detection to media authentication, where content creators provide original media and provenance claims for expert verification.

Read more (linkedin.com)


LogTap: A Browser-Based Swiss Army Knife for Log Analysis

LogTap offers a comprehensive browser-based solution for security log analysis without requiring server uploads or software installation. The tool features on-the-fly data shaping, a powerful scanning engine that uses SuperSQL queries and regular expressions, timeline visualization for event frequency analysis, and graphical mapping of lateral movement. Running entirely client-side through WebAssembly, LogTap enables security analysts to efficiently process sensitive log data, particularly in restrictive SOC environments.

Read more (shinkensec.com)


Digital Forensic Analysis of AI Companion Chatbots: The PolyBuzz Case

Investigators at CCL examine how AI companion chatbots like PolyBuzz store data on Android devices. The analysis reveals that these apps use WebView and Volley technologies to cache conversations, character images, and API responses. These cached artifacts provide valuable forensic evidence about user interactions, including prompts used to generate AI characters and conversation fragments.

Read more (cclsolutionsgroup.com)


The Forensic Power Behind Fuji: Exploring macOS Native Commands

Fuji, an open-source forensic tool by Andrea Lazzarotto, enables logical data acquisition from Macs using three native macOS utilities. The tool provides ASR (Apple System Restore) for volume collection, Rsync for directory collection, and Sysdiagnose for system data and Unified Logs that are converted to an SQLite database. Fuji’s user-friendly interface helps examiners avoid common mistakes during data collection while preserving metadata and Apple Extended Attributes.

Read more (mreerie.com)

Digital Forensics Round-Up, May 28 2025

A round-up of this week’s digital forensics news and views:

Forensics Europe Expo 2025 Returns to London with Focus on Digital Innovation

Forensics Europe Expo 2025 takes place on June 18-19 at Olympia London, co-located for the first time with The Blue Light Show. The event highlights cutting-edge developments in digital forensics, featuring sessions on AI-driven investigations, laser scanning, voice data analysis, and multimedia evidence integrity. World-class speakers from academia, law enforcement, and industry will present across multiple specialized tracks, with over 100 companies exhibiting the latest forensic technologies.

Read more (forensicfocus.com)


SWGDE Releases Best Practices for IoT Device Seizure and Analysis

The Scientific Working Group on Digital Evidence (SWGDE) has released guidelines for the seizure and analysis of Internet of Things devices. The document covers identification of diverse IoT devices, preservation of volatile data, and effective analysis strategies to extract meaningful insights from complex IoT data formats.

Read more (swgde.org)


New Forensics Model Protects Smart Agriculture Systems

A digital forensics and incident response management model (DFIRMM) has been developed to protect Internet of Things (IoT) systems used in agriculture. The model addresses unique security challenges in smart farming through four phases: pre-incident preparation, incident detection, post-incident response, and forensic investigation. Researchers demonstrated its effectiveness through a case study of MQTT-enabled agricultural networks under DoS/DDoS attacks.

Read more (nature.com)


Arsenic Triage Tool Released for Consent-Based Mobile Investigations

A new free forensic tool called Arsenic is now available for investigators requiring quick results from iOS devices. The software combines extraction and analysis capabilities, working on both Windows and Apple Silicon systems to efficiently extract data from unlocked phones through iTunes backups and unified logs collection. Arsenic offers targeted analysis of specific files and innovative features like retrieving photos based on AI-classified content categories.

Read more (northloopconsulting.com)


New iOS Unified Logs Parser Tool Released

A new forensic tool has been released for parsing iOS unified logs. The tool allows investigators to convert iOS logarchive files into searchable databases, drastically reducing investigation time. It includes features like date range filtering, custom parsing rules, and automatic categorization of logs into labeled activities such as battery usage, screen brightness changes, and device lock/unlock events. The tool runs on macOS and generates a comprehensive forensic report to verify data integrity.

Read more (ios-unifiedlogs.com)


Flashlight Usage Artifacts in Apple’s Unified Logs

Apple’s Unified Logs contain detailed artifacts about flashlight usage on iPhones, including brightness levels and how the flashlight was accessed. The logs indicate five different brightness levels ranging from 0 (off) to 1 (highest), and record when users toggle the flashlight via Control Center. These artifacts can provide valuable context for digital forensic investigations by confirming device usage during specific timeframes.

Read more (charpy4n6.blogspot.com)


Inside Interpol’s High-Tech Innovation Lab in Singapore

Interpol’s Singapore innovation center serves as a hub where law enforcement officers develop techniques to counter sophisticated criminal strategies. The facility houses advanced technology including underwater drones, digital forensics tools, and robotic K9s to help police stay ahead in the technological arms race against organized crime. In recent years, AI has transformed criminal activities, with the lab now focusing on combating deepfake romance scams, sextortion, and advanced cyber threats.

Read more (irishtimes.com)


Extracting and Analyzing Apple Unified Logs from iOS Devices for Digital Forensics

Apple Unified Logs provide detailed pattern-of-life information on iOS devices, capturing data on device orientation, screen locks, app usage, and more. These logs can be extracted by connecting the device to a Mac and using terminal commands, employing third-party tools, or pulling files from a full system extraction. For analysis, logs should be converted to JSON format on a Mac before using iLEAPP to create a SQLite database that can be queried with DB Browser for SQLite.

Read more (abrignoni.blogspot.com)


Velociraptor Tool Enables Dead-Disk Forensics for Windows Systems

Velociraptor allows investigators to perform forensic analysis on acquired disk images by emulating a live client. The tool supports various disk formats including EWF, VMDK, VHDX, and raw formats. After creating a remapping configuration file and launching Velociraptor with this config, investigators can interact with the disk image as if it were a live system, running hunts and examining the file system through the familiar interface.

Read more (kyjonin.blogspot.com)

Digital Forensics Round-Up, May 14 2025

A round-up of this week’s digital forensics news and views:


Podcast: Hexordia’s Jessica Hyde: Navigating The Future Of Digital Forensics

Jessica Hyde, now with Hexordia, reflects on her transition from Marine Corps avionics to digital forensics on the Forensic Focus Podcast. She highlights how military skills like documentation and troubleshooting apply to forensic work and shares insights on IoT challenges, timely data acquisition, and AI’s role. Jessica discusses her teaching at George Mason University and how interdisciplinary teams improve outcomes. She also underscores the importance of maintaining perspective in tough cases and adapting to evolving legal-technical landscapes.

Read More (Forensic Focus)


Big Update – Forensic Timeliner v2.010.0 (C# Edition) is live

Forensic Timeliner v2.010.0 (C# Edition) launches with a major rewrite in .NET 9, offering DFIR investigators a faster, more maintainable tool for timeline analysis. It consolidates CSV output from sources like KAPE, Chainsaw, Hayabusa, and Axiom, now supporting YAML-based artifact definitions, Timeline Explorer compatibility, keyword tagging, and session file generation. The update enhances performance and workflow integration for Windows users.

Read More (GitHub)


iOS Unified Logs: The Myth of 30 Days Retention – Analysis of TTLs and log stats Command

A deep dive into Apple’s log stats command reveals its overlooked forensic potential, especially in analyzing iOS Unified Logs. Lionel Notari uncovers how TTL (Time To Live) values, often misunderstood or undocumented, significantly affect log retention—most logs (over 70%) have a TTL of 0, meaning they may vanish within days. It also exposes inconsistencies in Apple’s statistical summaries and shows how predicates can unlock deeper insights into logs by process, sender, or TTL. The message is clear: timely log extraction is critical, and log stats deserves a central role in forensic workflows.

Read More (iOS – Unified Logs | Lionel Notari)


Digital forensics examiner testifies to timing of Google search at Karen Read murder trial

Day 11 of the Karen Read murder trial centers on a key Google search found on the phone of her friend, Jennifer McCabe. Forensics expert Jessica Hyde testified the “how long to die in cold” search occurred at 6:24 a.m., not at the earlier timestamp shown in metadata. Trooper Connor Keefe also took the stand, identifying John O’Keefe’s sneaker found at the scene. The trial continues to pit prosecution claims that Read struck O’Keefe with her SUV against a defense alleging a police cover-up.

Read More (10 WJAR)


How To Tell If A Digital Forensics Expert Is Qualified

As digital evidence becomes central to legal and corporate investigations, determining a digital forensics expert’s qualifications is more complex than checking for a license—since no universal licensing exists. Instead, attorneys must assess a combination of education, certifications, real-world experience, and sub-discipline relevance. Vendor-neutral and vendor-specific certifications signal competence, but practical experience, testimony skills, and methodological rigor are crucial. The most qualified experts show specialization, stay current through ongoing learning, and can clearly explain both findings and limitations in court.

Read More (Lars Daniel, Forbes)


Best Practices for Data Acquisition from Digital Video Recorders Draft – SWGDE

The Scientific Working Group on Digital Evidence (SWGDE) has released a draft of its updated guidance on best practices for acquiring evidence from digital video recorders (DVRs). Version 1.4 outlines recommended procedures for capturing native or proprietary video data while preserving evidentiary integrity. It addresses various DVR types, legal considerations, documentation requirements, and essential equipment. Emphasizing timely acquisition, the document highlights risks like metadata loss and the need for specialized tools to avoid evidence degradation.

Read More (SWGDE)


Legal and Scientific Support Related to the Admissability of Image Examinations Draft – SWGDE

SWGDE’s draft document Legal and Scientific Support Related to the Admissibility of Image Examinations provides forensic image analysts with a comprehensive framework to navigate courtroom challenges. It outlines relevant legal standards—including Frye, Daubert, and FRE 702—and details how image analysis techniques like enhancement, authentication, and comparison can meet admissibility criteria. The document also offers academic and legal references to support expert testimony and underscores the importance of training, certification, and methodological transparency when presenting forensic image evidence in court.

Read More (SWGDE)


Your Mood Is Murdering Your DF/IR Investigation and You Don’t Even Know It

In his latest article, Brett Shavers argues that a digital forensic examiner’s mental state is just as crucial as their technical skills. Fatigue, distraction, and emotional stress can lead to missed evidence or biased analysis, while clarity and motivation improve accuracy and depth. He warns that poor headspace could undermine findings in court and calls for self-awareness and routines that support cognitive performance. Shavers previews an upcoming flash sale for his DF/IR Investigative Mindset course, designed to help professionals optimize their mental edge.

Read More (Brett’s Ramblings)


My Two Years Reporting On Big Tech’s Hidden Scandal

An investigation by The Bureau of Investigative Journalism reveals the traumatic toll content moderation takes on workers tasked with reviewing the internet’s most disturbing material. Moderators employed by Big Tech firms—often through outsourcing companies—face poor pay, high targets, job insecurity, and long-term mental health issues such as PTSD and depression. Despite tech giants like Meta and TikTok making billions in profit, support for moderators remains patchy and inconsistent. While legal and union efforts grow, systemic outsourcing shields companies from real accountability, even as the human cost of moderation continues to rise.

Read More (The Bureau Of Investigative Journalism)

Digital Forensics Round-Up, May 07 2025

A round-up of this week’s digital forensics news and views:


Podcast: Cellebrite’s 2025 DFIR Industry Survey – Key Insights

Cellebrite’s Heather Barnhart and Paul Lorenz join the Forensic Focus Podcast to unpack insights from Cellebrite’s 2025 DFIR Industry Survey. They discuss challenges like encrypted devices, case backlogs, and the cautious rise of AI and cloud in forensics. The conversation touches on global trends, training preferences, cognitive bias, and the critical need for human oversight in digital investigations.

Read More (Forensic Focus)


iPhone Backup Forensics 101

iPhone backups offer a fast, accessible forensic source, especially when physical access to a device isn’t possible. Key backup files include Info.plist (device details, app list), Manifest.plist (app bundles, OS info), Status.plist (backup status, timestamps), and Manifest.db (an SQLite database indexing files like SMS, Notes, and WhatsApp data). Understanding these files helps examiners extract critical evidence from local, unencrypted backups.

Read More (Kinga Kieczkowska)


HashBro: A New File Hashing Tool for Digital Evidence Verification

HashBro is a newly developed file hashing tool designed for digital evidence verification, offering batch processing and robust reporting features. It generates professional reports in PDF, CSV, and JSON formats to track file integrity, identify matches, and document the chain of evidence. Available on GitHub, HashBro aims to support digital forensics professionals and invites community feedback on future enhancements.

Read More (GitHub)


New Study Evaluates Precision of Timing Advance Cellular Geolocation

Timing Advance, widely used in North American cellular geolocation evidence, has long sparked debate between prosecutors and defense over its precision. To address the lack of empirical data, Joe Hoy, Martin Griffiths, and U.S. law enforcement colleagues conducted tests to assess its reliability. Their newly published report finds that Timing Advance is dependable within a defined margin of error.

Read More (Joe Hoy)


Too Much Noise in DF/IR

Digital forensics and incident response (DF/IR) is overwhelmed by fragmented content, unclear roles, and misaligned training, creating confusion across the field. To address this, practitioners should focus on role-specific skills, vet their learning sources, and prioritize practice over theory. Educators and vendors are called to align training with real-world needs, while academia is urged to embed active practitioners and prioritize performance. The field’s future depends on building clarity, competence, and professionalism together.

Read More (DF/IR Training)


Linux Forensics is Harder than Windows (Here’s Why)

Linux forensics presents unique challenges compared to Windows, from diverse distributions, custom scripts, and varied file systems to the absence of a central registry and standardized logs. Investigators must navigate scattered configurations, tamper-prone logs, and ephemeral environments like containers, often under time pressure. A structured triage approach—identifying the system, collecting volatile data, examining key artifacts, and documenting thoroughly—helps cut through the chaos. Though demanding, Linux forensics rewards those who adapt, offering the satisfaction of solving complex, high-stakes puzzles.

Read More (Mat Cyb3rF0xFuchs, Medium)


The Good, the bad, and the ugly of Microsoft Edge’s autofill databases

Microsoft Edge’s autofill database quietly accumulates highly sensitive data—ranging from credit card numbers and passwords to HR forms and ChatGPT entries—often beyond users’ or organisations’ awareness. While these SQLite stores offer valuable forensic insights by preserving timelines and user behavior, they also create major security and compliance risks, providing rich targets for attackers. Poor form design and missing HTML safeguards exacerbate the problem, leaving organisations with hidden caches of unregulated data scattered across endpoints. Addressing this risk demands coordinated efforts in browser management, user training, form design, and regular auditing.

Read More (Reliance Cyber)


Heavy USB Forensics

USB forensics relies on analyzing system artifacts like the registry, event logs, jumplists, and setup logs to uncover critical details about connected devices. Investigators can determine drive letters, device make and serial numbers, copied file names, user activity, volume GUIDs, removal times, partitions, file system types, and volume serial numbers. Key techniques include correlating registry entries, extracting partition data, and decoding volume boot records to reconstruct USB usage and potential insider threats.

Read More (HackMD)

Digital Forensics Round-Up, April 30 2025

A round-up of this week’s digital forensics news and views:


Digital Forensics—When Licensing Would Make Expertise Worse

Digital forensics stands apart from other forensic fields by operating without mandatory licensing. Instead, it relies on consensus-driven standards like those from SWGDE to ensure quality. This agile model suits the field’s rapid technological evolution, allowing practitioners to adapt quickly. Though lacking formal gatekeeping, the approach fosters robust, timely methodologies grounded in real-world expertise.

Read More (Forbes)


Apples to Apples: Why macOS Forensics Can Be Easier Than Windows

MacOS forensics often proves simpler than Windows, thanks to its consistent system architecture, unified logs, and artifact-rich file system. Apple’s controlled ecosystem limits variability and noise, streamlining investigations. While memory forensics remains a challenge due to strict security features, disk-based analysis is faster and clearer — making macOS a surprisingly efficient platform for incident responders.

Read More (Mat Cyb3rF0x Fuchs)


Technical Notes on the Use of Timing Advance Records

SWGDE’s new guidance on Timing Advance (TA) records offers practitioners detailed recommendations for acquiring and analyzing this mobile network data type. While TA data can assist with estimating device proximity to a cell site, it comes with limitations like multipath signal distortion and carrier-specific algorithms. The document emphasizes cautious interpretation, legal compliance, and the need for proper training.

Read More (SWGDE)


Nigerian Software Engineering Graduate Creates Forensics App Transforming United Kingdom Police Investigations

Ayodele Oduola, a Nigerian software engineering graduate, earns acclaim for developing a mobile app now used by over 800 Staffordshire Police officers to streamline digital evidence handling. The cross-platform tool improves forensic efficiency at crime scenes and has sparked interest in wider adoption. Praised for its real-world impact, the innovation showcases emerging global tech talent.

Read More (The Nigeria Education News)


After Europol’s Record CSAM Takedown: Who Protects The Investigators?

Europol’s takedown of a vast CSAM network highlights not just technological success, but the immense psychological toll on digital forensic investigators. Constant exposure to traumatic content, worsened by AI-generated material, places these professionals at risk of burnout and PTSD. Experts call for trauma-informed leadership, better mental health support, and cultural change to safeguard the well-being of those fighting online child abuse.

Read More (Forensic Focus)


Kulpa app helps to empower victims of stalking and harassment

During National Stalking Awareness Week, Hertfordshire Constabulary promotes the Kulpa app, which securely stores digital evidence of stalking, harassment, and abuse. Already aiding prosecutions, Kulpa allows victims to upload files like messages, videos, and CCTV footage, which police can access with consent. Officers report improved case outcomes, and support groups nationwide now endorse the app’s use.

Read More (Hertfordshire Constabulary)


Meta faces Ghana lawsuits over impact of extreme content on moderators

Meta faces fresh legal action after content moderators in Ghana report severe psychological harm from reviewing graphic material, including murder and child abuse. Workers allege poor pay, surveillance, and inadequate mental health support at contractor Majorel. The case, led by UK nonprofit Foxglove, follows similar PTSD claims in Kenya and raises urgent questions about Big Tech’s outsourcing practices in Africa.

Read More (The Guardian)


The Impact of Microsoft’s ReFS on DFIR

Microsoft’s Resilient File System (ReFS) introduces major forensic shifts, replacing NTFS’s familiar artifacts with a new architecture emphasizing integrity, scalability, and copy-on-write behavior. Investigators face challenges like missing MFTs and altered logging formats, but gain opportunities through ReFS logs, internal checkpoints, and metadata innovations. As adoption rises, DFIR professionals must adapt tools and methods to avoid critical blind spots.

Read More (Mat Cybe3rF0xFuchs, Medium)


Investigating an in-the-wild campaign using RCE in CraftCMS

Orange Cyberdefense uncovers two critical vulnerabilities in Craft CMS, CVE-2025-32432 and CVE-2024-58136, after a forensic investigation reveals pre-auth remote code execution via a Yii framework flaw. Attackers exploited the bug to drop and execute malicious PHP files across thousands of internet-facing sites, prompting coordinated disclosure, patch releases, and widespread detection of compromised Craft CMS assets.

Read More (Orange Cyberdefense)