Digital Forensics Now

Send us a text
A blue jay, a busted feeder, and a brand-new camera set the tone, but only briefly. 
We kick off the new year with updates from the Florida ICAC conference, including firsthand courtroom experience watching frame rate and frame count testimony in action. The episode centers on Frame Counts Galore, an open-source script for extracting and hashing every video frame, calculating true variable frame rates, and producing transparent, courtroom-ready logs and reports.
We cover upcoming DFIR conferences, introduce a lightweight AI Provenance Scanner for fast C2PA and metadata checks, and reflect on standout moments from the digital forensics year—especially the impact of open-source tools and honest conversations about the realities of the work. 
The episode closes with a 2026 wish list focused on stronger education, fair workloads, and customizable forensic reporting that analysts can actually defend in court.
Happy New Year to the DFIR community.

Notes:
Frame Counts Galore-
https://github.com/abrignoni/frame-counts-galore
Upcoming Conferences- 
https://www.iacis.com/                        
https://www.msab.com/digital-summit-2026/ 
https://magnetvirtualsummit.com/              
https://www.technosecurity.us/
https://ofta.cellebrite.com/event/cellebrite-c2c-user-summit-2026/
AI Provenance Scanner-  
https://github.com/abrignoni/AI_Provenance_Scanner
Brett Shavers Blogs-                                                    
https://www.brettshavers.com/
UFADE & ALEX-                                                              
https://github.com/prosch88

Send us a text
This episode digs into the habits that actually hold up: learning from CTF wins and post-event reviews, exploring scholarships and Reno trainings that build technical muscle, and walking through expert-witness prep that turns courtroom stress into structured, confident testimony.
We’ll unpack Brett Shavers’ reminder that truth alone doesn’t win cases—procedure, documentation, and bias-aware methods do. Clear writing matters too; vague language can undermine solid work.
On the tools side, RabbitHole v3 now recovers deleted SQLite records and rebuilds them into query-ready databases—speeding validation and reporting without losing traceability. We’ll also demo the new Android Logical Extractor: pull device info, logs, and scoped chat data with hashes and ready-to-file PDFs. It’s ideal when consent is limited or full file systems aren’t on the table, and integrates cleanly with downstream workflows.
Throughout, we emphasize one idea: tools are abstractions. If you can’t explain how a result was produced or reproduce it, you don’t own the finding. That’s especially true with AI. Generative models are nondeterministic—useful when documented, risky when their prompts or scope stay hidden. We’ll cover prompt disclosure, reproducibility, and how to write about “deleted” data with precision: previously existing, marked deleted, not referenced—describe state, not intent.
If you’re serious about improving testimony, validating results, and adopting new tools without losing forensic footing, join us. Then share your take on AI prompts and language precision—what will you change in your next report?
Notes: 
IACIS Scholarships
https://www.iacis.com/awards-and-scholarships/will-docken-scholarship/
https://www.iacis.com/awards-and-scholarships/womens-scholarship/

Training Opportunities!
IACIS Reno
https://www.iacis.com/events/in-person/reno-nv/

Free DFIR Test Images + Industry Tools to Analyze Them
https://www.dfir.training/downloads/test-images

New Blogs from Brett Shavers!
https://www.linkedin.com/pulse/theres-lot-more-trial-than-you-may-know-even-have-100-brett-shavers-br4sc/
https://www.linkedin.com/pulse/case-almost-made-me-quit-dfir-shouldve-news-brett-shavers-pie1c/
https://www.linkedin.com/pulse/i-when-digital-forensics-lost-its-soul-brett-shavers-otkec/
https://www.linkedin.com/pulse/end-dfir-again-dfir-training-ab5jc/
https://www.linkedin.com/pulse/how-wreck-your-report-affidavit-testimony-one-word-brett-shavers-qkyvc/
Free Webinar
https://www.suspectbehindthekeyboard.com/fighting-city-hall-dfir-lessons-from-a-pro-se-plaintiff

Rabbithole Update
https://www.linkedin.com/posts/rabbithole-dataviewer-sqllite-ugcPost-7384144022065274880-0d0D
https://www.cclsolutionsgroup.com/forensic-products/rabbithole

ALEX Release
https://github.com/prosch88/ALEX
https://github.com/RealityNet/android_triage

Send us a text
A baby camel, a high-speed chase, and a heartfelt tribute set the stage for a season opener that is equal parts human and hard-nosed.
We pause to honor Mark Baker, mentor, officer, and friend.
This episode spotlights a free Belkasoft AI course along with the much-anticipated release of Rabbit Hole v3, designed to tackle complex data structures.
From there, it is all about blogs, and there are plenty of them. Mattia explores extraction nuances, showing how AFU versus BFU states and encryption classes still determine what you can recover from iOS and Android. Hexordia provides important guidance on first responder missteps, emphasizing how early handling and precise thinking safeguard the integrity of a case.
We also showcase open-source and budget-friendly tools such as Autopsy and IPED, which expand analysis capacity without breaking the bank.
 A hands-on demo of Gallery Builder illustrates how to create courtroom-ready visuals, paired with a reminder that “vibe coding” with LLMs is no substitute for validated forensic standards.
Finally, we close with the latest LEAPP and LAVA updates, which continue to push practical workflows forward for the field.
Notes:
BelkaGPT: Effective Artificial Intelligence in DFIR
https://belkasoft.com/belkagpt-training

Training First Responders in Digital Evidence Handling: How To Protect Your Department from Case-Destroying Mistakes
https://www.hexordia.com/blog/training-first-responders-in-digital-evidence-handling

The Packd Byte
https://www.thepackdbyte.org/

Two New Blogs from Mattia 
http://blog.digital-forensics.it/2025/09/exploring-data-extraction-from-android.html
https://blog.digital-forensics.it/2025/09/exploring-data-extraction-from-ios.html

SWGDE
https://www.swgde.org/documents/published-complete-listing/16-f-002-considerations-for-required-minimization-of-digital-evidence-seizure/

Gallery Builder
https://github.com/charpy4n6/GalleryBuilder

Send us a text
We celebrate our two-year podcast anniversary and discuss the importance of thorough case preparation for CSAM cases, courtroom experience, and extracting evidence from iOS devices.

• SANS Difference Maker Awards open for nominations through September 15th across multiple categories
• AI debate webinar with Magnet Forensics scheduled for September 17th
• Binary Hick's blogs reveal insights on iOS search party and Samsung's Rubin and Digital Wellbeing databases
• Discussion on properly preparing CSAM cases for trial with understanding of statutes and evidence requirements
• Brett Shaver's article highlights importance of attending trials to understand courtroom proceedings
• iOS File Provider Storage in BFU extractions can reveal user-created images with metadata
• Updates to LEAPPS tool including CashApp parser improvements and Snapchat returns parser
• New Lava viewer coming soon for the LEAPPS project

Notes:
SANS Difference Makers Awards-
https://docs.google.com/forms/d/e/1FAIpQLSeLNMZm3r4c9WSKdNW8XaPh6KRXoS3C1WI51UtnEANe2osCpQ/viewform
AI Unpacked #5: The great AI debate with Digital Forensics Now-
https://www.magnetforensics.com/resources/ai-unpacked-5-the-great-ai-debate-with-digital-forensics-now/
The Binary Hick New Blogs-
https://thebinaryhick.blog/2025/08/19/further-observations-more-on-ios-search-party/
https://thebinaryhick.blog/2025/08/06/not-strange-bedfellows-samsungs-rubin-digital-wellbeing/
Monolith Notes-
https://www.monolithforensics.com/free-tools
Brett Shavers- Courtroom Trials Are the Final Exam for Your Work. Why Haven’t You Attended One?-
linkedin.com/in/brettshavers/recent-activity/all/

Send us a text
We're back! After a short break we are back to discuss the growing crossover between real-world events and digital evidence in court cases, highlighting how device data can make or break timelines in high-stakes investigations.
This episode covers:
Ian Whiffin’s latest forensic work, including iOS power log timestamps, Apple Health data reliability, iPhone battery temperature readings, and IR Doppler functionality – with examples of how these artifacts were used in a recent homicide trial to validate timelines and environmental conditions.
Kevin Pagano’s App Store Package Search tool, which translates obscure bundle IDs into recognizable app information for easier analysis.
Concerns over the growing reliance on AI in digital forensics, emphasizing the need for human expertise and proper validation in every step of the process.
A demonstration of LUMYX, a mapping tool that converts extracted location data into customizable visual timelines for courtroom presentations.
Updates on LAVA (LEAPPS Artifact Viewer App) and guidance on writing LAVA-compliant artifacts to improve reporting workflows.

Notes:
Ian's FOUR Newest Blogs
https://www.doubleblak.com/blogPost.php?k=powerlog
https://www.doubleblak.com/blogPost.php?k=healthaccuracy
https://www.doubleblak.com/blogPost.php?k=temperature
https://www.doubleblak.com/blogPost.php?k=doppler
Ian Whiffin Testimony
https://www.youtube.com/watch?v=kahgl-mIUFE

Kevin Pagano Stark4n6 app store package search
https://www.stark4n6.com/2025/07/introducing-asp-app-store-package-search.html
https://github.com/stark4n6

Elcomsoft Article- AI driven Password Recovery Myth or Reality?
https://blog.elcomsoft.com/2025/07/ai-driven-password-recovery-myth-or-reality/

Beyond the Badge AI's role in Modern Investigations
https://www.magnetforensics.com/blog/beyond-the-badge-ais-role-in-modern-investigations/

LUMYX
https://lumyx.com/

LEAPPs
leapps.org

How to make LAVA Compliant LEAPP Artifacts
https://www.linkedin.com/video/live/urn:li:ugcPost:7356497708628520962/

UFADE 
https://cp-df.com/en/blog/ufade_touch.html