This episode digs into the habits that actually hold up: learning from CTF wins and post-event reviews, exploring scholarships and Reno trainings that build technical muscle, and walking through expert-witness prep that turns courtroom stress into structured, confident testimony.
We’ll unpack Brett Shavers’ reminder that truth alone doesn’t win cases—procedure, documentation, and bias-aware methods do. Clear writing matters too; vague language can undermine solid work.
On the tools side, RabbitHole v3 now recovers deleted SQLite records and rebuilds them into query-ready databases—speeding validation and reporting without losing traceability. We’ll also demo the new Android Logical Extractor: pull device info, logs, and scoped chat data with hashes and ready-to-file PDFs. It’s ideal when consent is limited or full file systems aren’t on the table, and integrates cleanly with downstream workflows.
Throughout, we emphasize one idea: tools are abstractions. If you can’t explain how a result was produced or reproduce it, you don’t own the finding. That’s especially true with AI. Generative models are nondeterministic—useful when documented, risky when their prompts or scope stay hidden. We’ll cover prompt disclosure, reproducibility, and how to write about “deleted” data with precision: previously existing, marked deleted, not referenced—describe state, not intent.
If you’re serious about improving testimony, validating results, and adopting new tools without losing forensic footing, join us. Then share your take on AI prompts and language precision—what will you change in your next report?
Notes:
IACIS Scholarships
https://www.iacis.com/awards-and-scholarships/will-docken-scholarship/
https://www.iacis.com/awards-and-scholarships/womens-scholarship/
Training Opportunities!
https://www.iacis.com/events/in-person/reno-nv/
Free DFIR Test Images + Industry Tools to Analyze Them
https://www.dfir.training/downloads/test-images
New Blogs from Brett Shavers!
https://www.linkedin.com/pulse/theres-lot-more-trial-than-you-may-know-even-have-100-brett-shavers-br4sc/
https://www.linkedin.com/pulse/case-almost-made-me-quit-dfir-shouldve-news-brett-shavers-pie1c/
https://www.linkedin.com/pulse/i-when-digital-forensics-lost-its-soul-brett-shavers-otkec/
https://www.linkedin.com/pulse/end-dfir-again-dfir-training-ab5jc/
https://www.linkedin.com/pulse/how-wreck-your-report-affidavit-testimony-one-word-brett-shavers-qkyvc/
Free Webinar
https://www.suspectbehindthekeyboard.com/fighting-city-hall-dfir-lessons-from-a-pro-se-plaintiff
Rabbithole Update
https://www.linkedin.com/posts/rabbithole-dataviewer-sqllite-ugcPost-7384144022065274880-0d0D
https://www.cclsolutionsgroup.com/forensic-products/rabbithole
ALEX Release
https://github.com/prosch88/ALEX
https://github.com/RealityNet/android_triage
Thursday, October 30, 2025
Thursday, October 2, 2025
Blogs, blogs & blogs!
A baby camel, a high-speed chase, and a heartfelt tribute set the stage for a season opener that is equal parts human and hard-nosed.
We pause to honor Mark Baker, mentor, officer, and friend.
This episode spotlights a free Belkasoft AI course along with the much-anticipated release of Rabbit Hole v3, designed to tackle complex data structures.
From there, it is all about blogs, and there are plenty of them. Mattia explores extraction nuances, showing how AFU versus BFU states and encryption classes still determine what you can recover from iOS and Android. Hexordia provides important guidance on first responder missteps, emphasizing how early handling and precise thinking safeguard the integrity of a case.
We also showcase open-source and budget-friendly tools such as Autopsy and IPED, which expand analysis capacity without breaking the bank.
A hands-on demo of Gallery Builder illustrates how to create courtroom-ready visuals, paired with a reminder that “vibe coding” with LLMs is no substitute for validated forensic standards.
Finally, we close with the latest LEAPP and LAVA updates, which continue to push practical workflows forward for the field.
Notes:
BelkaGPT: Effective Artificial Intelligence in DFIR
https://belkasoft.com/belkagpt-training
Training First Responders in Digital Evidence Handling: How To Protect Your Department from Case-Destroying Mistakes
https://www.hexordia.com/blog/training-first-responders-in-digital-evidence-handling
The Packd Byte
https://www.thepackdbyte.org/
Two New Blogs from Mattia
http://blog.digital-forensics.it/2025/09/exploring-data-extraction-from-android.html
https://blog.digital-forensics.it/2025/09/exploring-data-extraction-from-ios.html
SWGDE
https://www.swgde.org/documents/published-complete-listing/16-f-002-considerations-for-required-minimization-of-digital-evidence-seizure/
Gallery Builder
https://github.com/charpy4n6/GalleryBuilder
We pause to honor Mark Baker, mentor, officer, and friend.
This episode spotlights a free Belkasoft AI course along with the much-anticipated release of Rabbit Hole v3, designed to tackle complex data structures.
From there, it is all about blogs, and there are plenty of them. Mattia explores extraction nuances, showing how AFU versus BFU states and encryption classes still determine what you can recover from iOS and Android. Hexordia provides important guidance on first responder missteps, emphasizing how early handling and precise thinking safeguard the integrity of a case.
We also showcase open-source and budget-friendly tools such as Autopsy and IPED, which expand analysis capacity without breaking the bank.
A hands-on demo of Gallery Builder illustrates how to create courtroom-ready visuals, paired with a reminder that “vibe coding” with LLMs is no substitute for validated forensic standards.
Finally, we close with the latest LEAPP and LAVA updates, which continue to push practical workflows forward for the field.
Notes:
BelkaGPT: Effective Artificial Intelligence in DFIR
https://belkasoft.com/belkagpt-training
Training First Responders in Digital Evidence Handling: How To Protect Your Department from Case-Destroying Mistakes
https://www.hexordia.com/blog/training-first-responders-in-digital-evidence-handling
The Packd Byte
https://www.thepackdbyte.org/
Two New Blogs from Mattia
http://blog.digital-forensics.it/2025/09/exploring-data-extraction-from-android.html
https://blog.digital-forensics.it/2025/09/exploring-data-extraction-from-ios.html
SWGDE
https://www.swgde.org/documents/published-complete-listing/16-f-002-considerations-for-required-minimization-of-digital-evidence-seizure/
Gallery Builder
https://github.com/charpy4n6/GalleryBuilder
Subscribe to:
Comments (Atom)