We live in a truly digital age. The Internet of Things (IoT) is at the forefront of almost everything we touch as consumers. From the Amazon Echo to smart door locks, we are integrating IoT devices into daily life. However, users often don’t realize how much data these devices collect and store.
The IoT is also fuelling a frenetic pace for new and changing technology. The evolution of a cell phone from the first models in the 1990’s to today’s iPhone x took 20 years. On the other hand, IoT technology is changing much more quickly. With more devices connected than ever – according to Gartner, we will hit 20 billion IoT devices by 2020 – the digital forensic community faces several unique questions:1. What kind of data can be collected from IoT devices?
2. Can new types of data and traces from these devices be utilized for digital forensic purposes?
3. If so, how can we collect and analyze them efficiently?
4. How can IoT devices aid forensic investigators with their cases?
To answer these questions, digital investigators must uncover evidence to determine, when a particular event happened, how it happened, and who was involved. The standard forensic workflow consists of five specific steps, identification, interpretation, preservation, analysis and presentation of relevant data. Investigations involving IoT devices are aligning with a similar workflow as the devices become more common. With more sources of information, investigators can paint a better picture of events.
When analyzing evidence investigators attempt to construct a timeline of events. Timeline analysis as it’s referred to, is key in digital forensics with IoT devices. This timeline tells a story, for example, if smart locks are in use, it may be possible for investigators to determine when anyone entered or left a building. There are countless other examples; everything from our smart watches to our smart home security is recording data on our location, environment, and wellbeing. More cases involving IoT devices will help the digital forensic community put all of the electronic pieces together.
IoT forensics is an emerging field. As investigators encounter more devices, they need the tools to access evidence and complete analysis of that information. Guidance Software (Now OpenText) developed EnCase Mobile Investigator to help investigators work with the latest in IoT and mobile devices. In the 1.01 release, EnCase Mobile Investigator supports Amazon Alexa cloud data, as well as data from drones, Fitbit smartwatches, Google Wear devices, and many more.
We recently hosted a webinar on Mobile Apps and IoT forensics: “Uncovering Mobile App Evidence with EnCase Mobile Investigator”. In this webinar, Jonathan Arias, one of our expert solution consultants, walks through capturing and viewing evidence from a DJI Drone.
These devices are just the beginning of the IoT revolution. We will continue to deliver innovative solutions to meet your investigative needs, as we have for the last 20 years.
To learn more about EnCase Mobile Investigator, visit: https://www.guidancesoftware.com/encase-mobile-investigator. For our latest on Forensic Security check out our blog.
Raj Udeshi is a Product Marketing Manager at Guidance Software (Acqured by OpenText)