Why You Need Forensics In An IoT World

We live in a truly digital age. The Internet of Things (IoT) is at the forefront of almost everything we touch as consumers. From the Amazon Echo to smart door locks, we are integrating IoT devices into daily life. However, users often don’t realize how much data these devices collect and store.

The IoT is also fuelling a frenetic pace for new and changing technology. The evolution of a cell phone from the first models in the 1990’s to today’s iPhone x took 20 years. On the other hand, IoT technology is changing much more quickly. With more devices connected than ever – according to Gartner, we will hit 20 billion IoT devices by 2020 – the digital forensic community faces several unique questions:1. What kind of data can be collected from IoT devices?
2. Can new types of data and traces from these devices be utilized for digital forensic purposes?
3. If so, how can we collect and analyze them efficiently?
4. How can IoT devices aid forensic investigators with their cases?

To answer these questions, digital investigators must uncover evidence to determine, when a particular event happened, how it happened, and who was involved. The standard forensic workflow consists of five specific steps, identification, interpretation, preservation, analysis and presentation of relevant data. Investigations involving IoT devices are aligning with a similar workflow as the devices become more common. With more sources of information, investigators can paint a better picture of events.

When analyzing evidence investigators attempt to construct a timeline of events. Timeline analysis as it’s referred to, is key in digital forensics with IoT devices. This timeline tells a story, for example, if smart locks are in use, it may be possible for investigators to determine when anyone entered or left a building. There are countless other examples; everything from our smart watches to our smart home security is recording data on our location, environment, and wellbeing. More cases involving IoT devices will help the digital forensic community put all of the electronic pieces together.

IoT forensics is an emerging field. As investigators encounter more devices, they need the tools to access evidence and complete analysis of that information. Guidance Software (Now OpenText) developed EnCase Mobile Investigator to help investigators work with the latest in IoT and mobile devices. In the 1.01 release, EnCase Mobile Investigator supports Amazon Alexa cloud data, as well as data from drones, Fitbit smartwatches, Google Wear devices, and many more.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

We recently hosted a webinar on Mobile Apps and IoT forensics: “Uncovering Mobile App Evidence with EnCase Mobile Investigator”. In this webinar, Jonathan Arias, one of our expert solution consultants, walks through capturing and viewing evidence from a DJI Drone.

These devices are just the beginning of the IoT revolution. We will continue to deliver innovative solutions to meet your investigative needs, as we have for the last 20 years.

To learn more about EnCase Mobile Investigator, visit: https://www.guidancesoftware.com/encase-mobile-investigator. For our latest on Forensic Security check out our blog.

Raj Udeshi is a Product Marketing Manager at Guidance Software (Acqured by OpenText)

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

Podcast Ep. 80 Recap: Empowering Law Enforcement With Nick Harvey From Cellebrite

Forensic Focus 20th February 2024 11:49 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles