Send us a text

We celebrate our two-year podcast anniversary and discuss the importance of thorough case preparation for CSAM cases, courtroom experience, and extracting evidence from iOS devices.

• SANS Difference Maker Awards open for nominations through September 15th across multiple categories
• AI debate webinar with Magnet Forensics scheduled for September 17th
• Binary Hick's blogs reveal insights on iOS search party and Samsung's Rubin and Digital Wellbeing databases
• Discussion on properly preparing CSAM cases for trial with understanding of statutes and evidence requirements
• Brett Shaver's article highlights importance of attending trials to understand courtroom proceedings
• iOS File Provider Storage in BFU extractions can reveal user-created images with metadata
• Updates to LEAPPS tool including CashApp parser improvements and Snapchat returns parser
• New Lava viewer coming soon for the LEAPPS project

Notes:

SANS Difference Makers Awards-

https://docs.google.com/forms/d/e/1FAIpQLSeLNMZm3r4c9WSKdNW8XaPh6KRXoS3C1WI51UtnEANe2osCpQ/viewform

AI Unpacked #5: The great AI debate with Digital Forensics Now-

https://www.magnetforensics.com/resources/ai-unpacked-5-the-great-ai-debate-with-digital-forensics-now/

The Binary Hick New Blogs-

https://thebinaryhick.blog/2025/08/19/further-observations-more-on-ios-search-party/

https://thebinaryhick.blog/2025/08/06/not-strange-bedfellows-samsungs-rubin-digital-wellbeing/

Monolith Notes-

https://www.monolithforensics.com/free-tools

Brett Shavers- Courtroom Trials Are the Final Exam for Your Work. Why Haven’t You Attended One?-

linkedin.com/in/brettshavers/recent-activity/all/

Send us a text

We're back! After a short break we are back to discuss the growing crossover between real-world events and digital evidence in court cases, highlighting how device data can make or break timelines in high-stakes investigations.

This episode covers:

• Ian Whiffin’s latest forensic work, including iOS power log timestamps, Apple Health data reliability, iPhone battery temperature readings, and IR Doppler functionality – with examples of how these artifacts were used in a recent homicide trial to validate timelines and environmental conditions.
• Kevin Pagano’s App Store Package Search tool, which translates obscure bundle IDs into recognizable app information for easier analysis.
• Concerns over the growing reliance on AI in digital forensics, emphasizing the need for human expertise and proper validation in every step of the process.
• A demonstration of LUMYX, a mapping tool that converts extracted location data into customizable visual timelines for courtroom presentations.
• Updates on LAVA (LEAPPS Artifact Viewer App) and guidance on writing LAVA-compliant artifacts to improve reporting workflows.

Notes:

Ian's FOUR Newest Blogs
https://www.doubleblak.com/blogPost.php?k=powerlog
https://www.doubleblak.com/blogPost.php?k=healthaccuracy
https://www.doubleblak.com/blogPost.php?k=temperature
https://www.doubleblak.com/blogPost.php?k=doppler

Ian Whiffin Testimony
https://www.youtube.com/watch?v=kahgl-mIUFE

Kevin Pagano Stark4n6 app store package search
https://www.stark4n6.com/2025/07/introducing-asp-app-store-package-search.html
https://github.com/stark4n6

Elcomsoft Article- AI driven Password Recovery Myth or Reality?
https://blog.elcomsoft.com/2025/07/ai-driven-password-recovery-myth-or-reality/

Beyond the Badge AI's role in Modern Investigations
https://www.magnetforensics.com/blog/beyond-the-badge-ais-role-in-modern-investigations/

LUMYX
https://lumyx.com/

LEAPPs
leapps.org

How to make LAVA Compliant LEAPP Artifacts
https://www.linkedin.com/video/live/urn:li:ugcPost:7356497708628520962/

UFADE
https://cp-df.com/en/blog/ufade_touch.html

Send us a text

We kick off this episode with highlights from the Techno Security Conference, our 80s-themed outfits, packed LEAPP labs, AI panel discussions, and great conversations with friends and colleagues across the field.

We discuss Brett Shavers’ recent series on DFIR entry-level work, and share our thoughts on the need for better forensic training and clearer distinctions between forensics, cybersecurity, and incident response.

We also talk about recent tool changes in the industry. Cellebrite’s acquisition of Corellium could make mobile app testing more accessible, and Magnet’s purchase of Dark Circuit Labs.

We cover Harper Shaw’s Vehicle Network App, a valuable source of vehicle-related data. Alongside that, we highlight a recent blog on cached screenshots in Windows 11.

Be sure to check out the excellent “Parsing the Truth” podcast.

Heather walks through her Easter road trip to test Android's Timeline feature (formerly Google Location History). The location data was impressively accurate, but also showed how easily some points can mislead without the right context.

Catch us at IACIS Reno in January and check out the some of the resources we mentioned.

Notes:

Parsing the Truth: One Byte at a Time
https://parsingthetruth.com/

Cached Screenshots on Windows 11
https://thinkdfir.com/2025/06/13/cached-screenshots-on-windows-11/

The Vehicle Network App from Harper Shaw
https://harpershaw.co.uk/the-vehicle-network-app-1

Beklkasoft CTF
https://belkasoft.com/belkactf7/

Brett Shavers 6 part series
https://www.linkedin.com/pulse/dfir-really-entry-level-brett-shavers-ewsvc/
https://www.dfir.training/new-to-dfir/dfir-career

Artifact of the Week/Android Location History
https://thebinaryhick.blog/2024/06/28/the-green-look-back-androids-on-device-location-history/