A round-up of this week’s digital forensics news and views:
Digital Divide Skews UK Criminal Justice
Digital evidence now underpins most UK criminal trials, but access to expert analysis is skewed toward prosecutors. Legal aid cuts of 39.5% since 2010 and costly accreditation have pushed independent digital forensic specialists out of defence work, delaying cases and weakening scrutiny. Cases such as Danny Kay and Jodie Rana show how incomplete or unchallenged data interpretation can secure convictions later quashed, while late disclosure and police-controlled device selection exacerbate imbalance. The Ministry of Justice says a new national forensic science lead will raise standards, but Tim Forte KC and Ian Ross warn that without equal access and transparency, miscarriages of ju…
A round-up of this week’s digital forensics news and views:
Digital Divide Skews UK Criminal Justice
Digital evidence now underpins most UK criminal trials, but access to expert analysis is skewed toward prosecutors. Legal aid cuts of 39.5% since 2010 and costly accreditation have pushed independent digital forensic specialists out of defence work, delaying cases and weakening scrutiny. Cases such as Danny Kay and Jodie Rana show how incomplete or unchallenged data interpretation can secure convictions later quashed, while late disclosure and police-controlled device selection exacerbate imbalance. The Ministry of Justice says a new national forensic science lead will raise standards, but Tim Forte KC and Ian Ross warn that without equal access and transparency, miscarriages of justice will persist.
Read more (computerweekly.com)
How to Build and Run Open-Source Forensic Tools
Adam Hachem outlines how to compile and package open‑source forensic tools across Python and C/C++, explaining when building from source improves reliability and cross‑validation. He shows how to manage Python dependencies with virtual environments, install from requirements, build wheels, and use shebangs or PyInstaller for portable executables and PATH integration. Guidance covers compiling Linux tools like PhotoRec via configure/make, handling missing dependencies such as libewf, and creating symlinks in /usr/local/bin for convenience. He closes by stressing that project README/INSTALL files remain the most reliable instructions.
Field-First, AI-Driven Future for Digital Investigations
Digital forensics grows more complex amid encrypted devices, fragmented data, and fast-evolving operating systems. Amid a shift from lab to field, agencies adopt secure, user-friendly tools for on-scene extractions while preserving chain of custody. Unified, cloud-ready platforms and cross-disciplinary collaboration help manage fragmented sources and regional compliance, while AI accelerates triage and analysis. Cellebrite details new capabilities that restore full file-system extractions on newer devices, expand lawful access across mobiles and computers, and bolster centralized evidence management and training.
DFRWS APAC 2025 Set for Seoul, Nov. 10–12
DFRWS APAC 2025 convenes as a hybrid conference at COEX Magok Le West in Seoul, with satellite sites across the Asia-Pacific. Running November 10–12, it invites full papers, presentations, demos, posters, and workshops, with an extended paper deadline of May 23 and rolling acceptance for other tracks. Keynotes by Insoo Lee and Robert Jan Mora examine the research–practice gap and lessons from the Bhima Koregaon case, respectively. Registration is open with early-bird rates through September 19 and tiered pricing; in-person presentation delivery is required unless exceptions are approved.
QELP Speeds ESXi Forensics with Focused Log Parsing
Stroz Friedberg’s QELP tool rapidly parses ESXi and Unix-like collections to surface key indicators of compromise. Designed for triage, it targets high-value logs—hostd, syslog, auth, shell, vobd and others—to highlight SSH activity, logins, file transfers, and persistence. It outputs per-source CSVs and a consolidated super timeline, enabling analysts to reconstruct events quickly and at scale from ESXi support bundles or UAC captures.
Carol Brooks on Covert Cyber Investigators’ Psychology and Resilience
Cyber psychologist and consultant Carol Brooks outlines her PhD research into how covert cyber work shapes investigators’ decision-making, cognition and well-being, an area she says remains under-studied compared with traditional investigations. She argues many digital roles contain covert elements and calls for “organizational scaffolds” — from psychological support and mentoring to leadership-backed resilience initiatives — to prevent burnout and sustain performance. Brooks highlights difficulties reaching covert practitioners due to inconsistent job titles and suspicion around research, and she urges stronger, faster knowledge flows between academia and industry. She invites covert investigators to complete an anonymous survey to inform the study.
HTX Showcases Deepfake Detection at INTERPOL Tokyo Conference
HTX showcases AI-driven deepfake detection at INTERPOL’s Conference on AI in Digital Forensics in Tokyo, joining law enforcement, academia and industry from 28–30 October 2025. Speakers from Singapore outline a multi-pronged approach combining AI forensic tools, regulation and legislation to counter GenAI-enabled crimes such as scams and student deepfake nudes, as highlighted by Ashley Roshan Colombo. Ng Wai Hung and Priscilla Koh present AlchemiX, which spots subtle physical cues, analyzes multiple faces, and checks audio timing to flag manipulated segments rather than issue binary verdicts. Leaders Christopher Sia and Lim Tuan Liang signal plans to deepen international cooperation, building on Project SynthWave to keep pace with fast-evolving threats.
TaskHunter Debuts to Detect Windows Scheduled Task Abuse
Michael Haag announces TaskHunter, an open-source PowerShell tool that hunts stealthy scheduled task abuse and persistence on Windows. Built for enterprises, it correlates Security logs, Sysmon, and Registry artifacts, applies adaptive context-aware scoring, and flags multiple evasion and hiding techniques. A live release appears on Atomics on a Friday, with the code available on GitHub.
Ethical Marketing in DF/IR
DF/IR is booming, but Patrick Siewert warns that marketing must match scientific rigor and honesty. He likens digital forensics to hard-science disciplines—evidence-led and methodical—while noting its private-sector tilt fuels aggressive promotion. Siewert lays out ethical rules: don’t promise skills you lack, prize accuracy, avoid buzzword bravado, prioritize networking, and never lie; he adds that there’s ample work, so reputations matter more than “used car salesman” tactics.
Read more (dfirphilosophy.blogspot.com)
ALEX Debuts as Open-Source, Cross-Platform Android Logical Extractor
ALEX, an open-source Android Logical Extractor, launches as a cross-platform GUI tool for ADB-based extractions and a companion to commercial suites. Built on work from UFADE, it supports Android, WearOS, FireOS, Ubuntu Touch, and AsteroidOS with reporting, logging, screenshots, and chat-capture features. Acquisition options include sdcard pulls, configurable ADB backups, a UFED-style Logical+ package with content-provider queries and PA-ready artifacts, and a partially reconstructed file-system backup that rebuilds key databases and leverages CVE-2024-31317 where applicable. It uniquely adds home pulls and bit-for-bit physical imaging for Ubuntu Touch and AsteroidOS, and invites DFIR community testing and code contributions as development continues.