Blue and purple background out of focus with the title "Threat Sharing and Digital Forensics from a Feminist and Human Rights Perspective" in white letters. A tag saying "Online course" and DDP logo on the top right corner.

Threat Sharing and Digital Forensics from a Feminist and Human Rights Perspective

by

Call for participation for the 2025 edition is now open. Apply before June 15, 2025.

Registrations are now closed. Thank you to all who registered!

DDP presents the second edition of the online course “Threat Sharing and Digital Forensics from a Feminist and Human Rights Perspective”, consisting of eight bi-weekly sessions (13:00–15:00 UTC) from September to December 2025. Sessions will be hosted in English and Spanish with live interpretation. It is designed for activists, helpline workers, rapid responders, and civil society members working at the intersections of digital forensics, threat sharing, and gender justice.

Through practical sessions and hands-on exercises, it will explore consensual, care-based approaches to forensic analysis and documentation of digital threats, with an emphasis on supporting survivors of Technology-Facilitated Gender-Based Violence (TFGBV), Gender-Based Violence Online (GBVO), and targeted attacks against human rights defenders.

Register here →

Who is this for?

  • Members of feminist helplines and initiatives supporting individuals facing TFGBV, GBVO, and online hate – feministhelplines.org
  • Members of CiviCERT and RaReNet – civicert.org and rarenet.org
  • Rapid responders, digital security trainers, and tech-savvy activists
  • Journalists, human rights defenders (HRDs), and civil society organisations interested in threat sharing and digital forensics from a feminist and human rights-oriented perspective

Sessions

1. From Paranoia to Protocol: Systematizing the Response to Digital Threats: Triage and Support Methodologies for Advanced Threats in Feminist Helplines Teaching methodologies

The goal of the session is to present the results of the research project “Feminist Digital Forensics: A Proposal for Study and Development” by MariaLab (as part of FIRN – Feminist Internet Research Network), with emphasis on the methods developed to teach and share digital forensics knowledge using a feminist approach.

  • Facilitators: Carl and Daniela Araújo (MariaLab)
  • Language: Spanish
2. Breaking the Code: Forensic Strategies Against Technology-Facilitated Gender-Based Violence Consensual Digital Forensic Analysis

This session addresses TFGBV and the legal limitations of digital evidence. Topics include how to make evidence legally admissible, chain of custody, report creation, and preservation with security features.

  • Facilitators: Menta and Artemisia (Fembloc)
  • Language: Spanish
3. Chronicles of Digital Evidence: Recording, Reviewing, Disclosing Consensual Computer Forensics

This session will cover three procedures for evidence collection: capturing network traffic from phones, remotely collecting screenshots and messages, and archiving web pages.

  • Facilitator: Esther Onfroy (Defensive Lab Agency)
  • Language: English
4. Mastering IOCs: From Chaos to Clarity in Threat Analysis Threat Sharing

Overview of acquiring, organizing, and sharing IOCs using Colander. Includes hands-on experience in managing threat intelligence and using knowledge graphs.

  • Facilitator: Esther Onfroy (Defensive Lab Agency)
  • Language: English
5. Gaslight, Gatekeep, Google Takeout: Forensics for Feminist Helplines Consensual Digital Forensic Analysis

Modern operating systems are deeply integrated with online accounts such as Google, iCloud, or Microsoft. Many victims of digital attacks believe that their devices have been compromised by malware, a complaint that is especially common among victims of technology-facilitated gender-based violence. In this workshop, we will explore how to use Google activity logs to analyze whether an account has been compromised and how these logs can provide evidence to support or refute claims that a phone has been infected.

  • Facilitators: Carl and Daniela Araújo (MariaLab)
  • Language: English
6. How to Identify Malicious Apps Without a Command Line: A GUI-Based Triaging Approach for Android Consensual Digital Forensic Analysis

This session focuses on the initial triaging process for Android devices to identify possible signs of compromise. It includes how to review key system settings and indicators through the phone’s graphical interface. The objective is to detect suspicious apps or configurations that may suggest stalkerware and decide if deeper forensic investigation is needed.

  • Facilitator: Tes
  • Language: Spanish
7. Android Forensic Analysis: From Acquisition to Analysis Consensual Digital Forensic Analysis

This session provides a full walkthrough of conducting forensic investigations on Android devices—from acquiring data to analyzing it using the Mobile Verification Toolkit (MVT).

  • Facilitator:Tes
  • Language: Spanish
8. Best Practices for Surviving the Publication of Digital Forensic Investigations in the Context of Human Rights Consensual Digital Forensic Analysis

This session will share recommendations for producing and publishing digital forensic investigations in human rights contexts. It will also address associated risks and security precautions before and after publication.

  • Facilitator: Paul Aguilar
  • Language: Spanish

Facilitators

Artemisia is a technologist, cybersecurity expert, and digital forensic analyst. She works with Fembloc, a digital gender-based violence helpline based in Barcelona. Fembloc offers support and assistance to women and LGBTIQ+ people who experience online abuse and digital violence.

Carl is a digital security specialist from Brazil and a member of MariaLab, a feminist organisation that runs the Maria D’ajuda digital helpline. Carl coordinates MariaLab’s Threat Lab and is exploring the possibilities of digital forensics for civil society. She is also a digital protection facilitator at the Digital Defenders Partnership (DDP) and is known for her unhealthy love of birds.

Dany Araújo holds a PhD in Science and Technology Policy from the University of Campinas (São Paulo, Brazil), with a specialisation in Feminist Studies on Science and Technology. She has been a member of MariaLab since 2017, where she currently works as project coordinator and research leader. Addicted to TV series of dubious quality, compulsive consumer of fiction books, and clearly in love with all the culture imagined by Latin America.

Digital Defenders Partnership (DDP) provides funding, community facilitation, online resources, and capacity-building for rapid responders globally. DDP is a founding member of CiviCERT and the feminist helpline community.

Esther Onfroy is an expert in information security and reverse engineering. Also known as U039b, Esther is a French hacktivist, speaker, and co-founder of of Defensive Lab Agency, Exodus Privacy, PTS project, Pithus, Echap, and La Résille. She fights against surveillance capitalism and has contributed to multiple investigations revealing illegal data collection by major tech players. She supports journalists, academics, and NGOs in understanding the cybersecurity and surveillance landscape, especially on mobile devices.

Menta is a technologist, legal expert, and digital forensic analyst. She works with Fembloc, a Barcelona-based digital helpline offering support to women and LGBTIQ+ individuals who experience online abuse and digital violence.

Paul Aguilar has been part of the SocialTIC team for eight years, where he leads the Digital Security Program. He has experience in technical research, training, and rapid response with human rights defenders, journalists, and activists. Paul has conducted workshops and consultations in countries including Mexico, Bolivia, Peru, Nicaragua, El Salvador, and Venezuela. With more than 12 years in technology and a decade of work with free and open-source software, he has served as a developer and systems administrator and has collaborated with local and international organisations focused on digital rights, surveillance, and espionage.

Tes is a Latin American hacktivist with extensive experience in mobile security, technical research, and consensus-based forensic analysis.

Course Conditions

  • Registration Deadline: Please register by Sunday, June 15, 2025 here: https://limes.digitaldefenders.org/873288?lang=en
  • Schedule: The course includes 8 sessions held every two weeks between September and December 2025, from 13:00 to 15:00 UTC, allowing participation across Latin America, Europe, and Asia. The final agenda will be sent to all registered participants.
  • Flexible attendance: Participants may register for the full course or only individual sessions.
  • Platform: All sessions will take place via the Big Blue Button platform. Access links will be shared only with registered participants.
  • Languages: Sessions will be conducted in English or Spanish with professional simultaneous interpretation available.
  • Session materials: Each session will be documented, and materials will be shared with registered participants.
  • Practice exercises: Some sessions will include optional hands-on exercises for participants to apply their knowledge and skills.

Questions?

For any comments, questions, or doubts about this online course, please contact:
📧 alexandra [at] digitaldefenders [dot] org

Register here →