A round-up of this week’s digital forensics news and views:
Registration Is Open For Magnet Virtual Summit 2026
Magnet Forensics will return with Magnet Virtual Summit 2026 from February 23–26, bringing more than 50 experts together to explore emerging challenges and innovations across AI, mobile forensics, cloud investigations, incident response, and deepfakes. The event will showcase major updates to the Magnet One platform, feature keynotes on the future of digital investigations, national security, and fraud prevention, and introduce new Unpacked sessions covering mobile, cyber, AI, and legal issues. Attendees can also take part in a Hexordia-powered Capture the Flag competition, live Q&As with Magnet specialists, and sessions on wellness, DFIR maturity, cloud migration, and evo…
A round-up of this week’s digital forensics news and views:
Registration Is Open For Magnet Virtual Summit 2026
Magnet Forensics will return with Magnet Virtual Summit 2026 from February 23–26, bringing more than 50 experts together to explore emerging challenges and innovations across AI, mobile forensics, cloud investigations, incident response, and deepfakes. The event will showcase major updates to the Magnet One platform, feature keynotes on the future of digital investigations, national security, and fraud prevention, and introduce new Unpacked sessions covering mobile, cyber, AI, and legal issues. Attendees can also take part in a Hexordia-powered Capture the Flag competition, live Q&As with Magnet specialists, and sessions on wellness, DFIR maturity, cloud migration, and evolving forensic science—offering investigators of all experience levels practical insights to enhance their capabilities.
Evanole VM Launches as Free Standardized Forensics Lab
Jessica Hyde has released Evanole VM, a free, standardized virtual machine built to tame the perennial “works on my machine” problem in digital forensics training and casework. Originally developed for Hexordia courses, the VM ships with a curated suite of FOSS tools on a customized Tsurugi Linux base, giving practitioners and students a consistent, ready-to-go lab environment. Users can grab the VM at no cost, then deepen their skills with a free companion class and supporting blog content, making it a low-friction way to align tools and workflows across teams and classrooms.
IACIS Showcases Advanced Mobile Device Forensics Training Led by Mario Merendon
IACIS is promoting a 36-hour, five-day Mobile Device Forensics Training Program aimed at pushing examiners beyond push-button tools into deeper file-system and artifact-level analysis on both iOS and Android. Participants work through instructor-led exercises and hands-on practicals to learn how to detect, decode, decrypt, and manually validate complex evidence, building the intermediate to advanced skills needed for modern mobile investigations. Mario Merendon, a seasoned investigator and expert witness with extensive law enforcement and lab management experience, chairs and teaches the course, emphasizing going beyond parsed data and understanding how artifacts are truly created and stored.
Manual Tor Browser Extraction on iOS When Tools Fall Short
Gerisson walks through how commercial mobile forensic suites miss key artifacts from the IncognitoDarkNet Tor browser on iOS, forcing investigators to fall back on manual analysis. By drilling into the app’s file structure and its Realm database, they recover browsing history, site data, and other usage traces that standard parsers ignore, all while highlighting the quirks of working with dark web tools on Apple devices. The piece underscores how reliance on automation can leave major evidential gaps, and why examiners need to be ready to reverse-engineer niche apps and carve out their own artifacts when dealing with privacy-focused browsers.
ALEX Adds mtk-su Temp Root to Boost Legacy Android Extractions
Christian Peter has quietly expanded ALEX’s file system and physical extraction capabilities by integrating mtk-su-based temporary root, leveraging CVE-2020-0069 on a wide range of older MediaTek chipsets. Investigators working with devices on Android 9 or below and with pre-March 2020 patch levels gain a relatively simple, stable path to temp root, though not every qualifying handset is guaranteed to be exploitable. This move significantly improves options for handling legacy Android hardware in the lab, and Peter hints that more root methods are coming to widen coverage even further.
SYTECH Director Calls For More Funding To Improve Early Intervention In Gateway Crimes
SYTECH Managing Director Daren Greener urges greater investment in digital forensics as new ONS data shows 1.4 million adults experienced stalking in the year to March 2025, highlighting its scale and its frequent role as a precursor to more serious offending. He warns that early digital behaviours such as intrusive messaging, device monitoring and tracking attempts are often missed, and argues that stronger tools, training and capacity are essential for identifying these warning signs sooner. Greener says enhanced forensic capability would enable earlier intervention, better victim protection and more effective action against offenders before their behaviour escalates.
Judges Confront First Deepfake Evidence as Courts Scramble to Catch Up
A California housing dispute thrown out over a suspected deepfake witness video is giving U.S. judges an early, unsettling look at how synthetic media can poison the evidentiary record. Judges Lars Daniel spoke with warn that AI can now fabricate everything from threatening voicemails to forged vehicle titles that slip into official databases, challenging long-held assumptions about what records can be trusted. Federal rulemakers are floating a new Evidence Rule 707 to treat AI-generated material like expert testimony while states like Louisiana push “reasonable diligence” obligations onto attorneys, yet detection tools remain unreliable and metadata clues are fading as generators improve. For digital forensics practitioners, that gap between creation and verification is quickly becoming a critical battleground where a missed artifact could mean anything from fraudulent restraining orders to wrongful convictions.
Open-Source DFIR Tools Evolve with MalChela, CyberPipe and Toby
Doug Metz closes out 2025 by showcasing a year of open-source DFIR tooling, from a more capable MalChela for hands-on malware analysis to a streamlined CyberPipe designed to reduce friction in everyday workflows. He also unveils Toby, a portable forensics platform aimed at making triage and evidence collection more accessible in the field. Together, the projects signal a push toward practical, classroom- and lab-ready tools that bridge the gap between DFIR students and working analysts while encouraging deeper experimentation with malware and incident data.