An image of a semi-opened laptop

The Intersection of Digital Forensics and Internet of Things (IoT) Devices

The Internet of Things (IoT) has truly bloomed in recent years thanks to the introduction of various devices and applications. It has become an irreplaceable part of people’s lives, changing the way they communicate, work, and live.

These IoT devices are quickly turning our world into a highly interconnected space. However, its increased usage doesn’t come without challenges. These challenges can impact various industries that employ IoT devices, including digital forensics.

Digital forensics relies heavily on technology and IoT devices mainly because it deals with cybercrime and tracking digital footprints. So any challenges these IoT devices present will directly impact the digital forensics investigation process too.

Read on to explore more about the intersection of digital forensics and Internet of Things (IoT) devices.

What is the Internet of Things (IoT)?

In the last two decades, IoT has drastically transformed many industries, making them more interconnected and technologically advanced. To put it simply, the Internet of Things (IoT) is any device or application that is connected to the Internet and can be accessed via the web. This means that even a small tracking chip in your car is as much a part of the Internet of Things (IoT) as a mobile device or computer is.

Some of these Internet of Things (IoT) devices collect data, but it’s not stored on these devices. This data is usually stored in a data repository, like the cloud, computers, and smartphones, which can handle these large volumes of data and reserve them.

An image of a person holding a phone

These data repositories are the ones used by digital forensic experts during an investigation to collect evidence. However, there are several unique issues that they have to deal with while doing so, and most of these stem from the complex nature of the Internet of Things (IoT) devices.

Common Internet of Things (IoT) Devices

Consumers and businesses enjoy the hyper-connectivity that the Internet of Things (IoT) devices offer. Most of their data can be collected on these devices and is of great value. This data can be collected during digital forensic investigations using various hardware and software tools. Some of these devices include:

  • Smart home assistants
  • Connected vehicles
  • Smart watches
  • Home security systems
  • Robot cleaners
  • Smart appliances
  • Fitness trackers
  • Home surveillance
  • Smart doorbells
  • Drones
  • Smartphones
  • Computers
  • Tablets

Digital forensic experts, like the ones at Eclipse Forensics, are trained to collect, analyze, and use data from these devices. This data is then used during digital forensic investigations, especially in cases involving cybercrimes.

The Process of a Digital Forensic Investigation Using the Internet of Things (IoT)

When it comes to Internet of Things (IoT) devices, the digital forensic investigative process is a little different. As investigators are dealing with large volumes of digital data, they need to be even more diligent to ensure quality.

Some common processes included in the investigation are:

Identification

In the first process, the devices that will be investigated are identified. They need to locate these devices as soon as possible to avoid loss of evidence or tampering. Investigators are the ones who identify these devices.

For instance, a smartphone belonging to a victim or a memory card with data can be used during a digital forensic investigation. They can use any kind of device that is linked to the Internet of Things (IoT) during a digital forensic investigation.

Collection

Once the Internet of Things (IoT) device has been identified, investigators collect them to hand them over to digital forensic experts. These devices are collected and carefully stored until they are handed over to the experts so that the chain of custody isn’t broken and the evidence remains admissible in court.

A concept image of smart home mock-up

Preservation

Next is preservation.

Preservation of evidence is crucial to ensure it remains safe and authentic. You don’t want several people handling evidence as there is a risk of evidence tampering and fabrication. You also want to ensure the device doesn’t get misplaced or fall into the wrong hands.

Therefore, experts make a copy of the data in the device and then store it safely. The copy that is made is then used for investigation while the original file is preserved.

Examination

The devices are examined carefully to sift through the large volumes of data and see which part of it is useful and which isn’t.  Not all of the collected data can be analyzed. Therefore, digital forensic experts need to examine it thoroughly before moving on to the analysis part.

Analysis

This is the most important process in a digital forensic investigation. This is where the data that has been collected, preserved, and examined is analyzed. Digital forensic investigators utilize different hardware and software for analysis. Some Internet of Things (IoT) devices are more complex than others, which is why they might take longer to analyze. Plus, not all types of Internet of Things (IoT) devices can be analyzed using existing tools and techniques.

This is because sometimes the device format is not supported by the software used by digital forensic experts. This is why experts are constantly upgrading their software so that they can work with all types of Internet of Things (IoT) devices.

Presentation

Finally, the last process in the investigation is the presentation of collected evidence that has been collected from the Internet of Things (IoT) devices. The work of digital forensic experts ends when they have safely presented their findings to the authorities or in front of the court.

They must ensure that the chain of custody remains intact, as mentioned above so that the data remain valid and admissible. Even if there’s a small doubt, the court might declare the evidence as inadmissible Therefore, experts need to remain diligent till the very last step of the process.

Challenges in Using Internet of Things (IoT) Devices for Digital Forensic Investigations

As mentioned above, Internet of Things (IoT) Devices and digital forensics are closely interlinked. They need to be dealt with together to get the best outcome for your investigation. However, the Internet of Things (IoT) does present certain challenges for digital forensic experts. Some of them are outlined below.

Diversity of the Internet of Things (IoT) Devices

The Internet of Things (IoT) is a highly diverse space, with several devices ranging from high to low levels of connectivity. Some have sensors like smart devices, which makes them even more complex. This huge variety makes the Internet of Things (IoT) environment very diverse, making it difficult for digital forensic investigators to conduct their processes.

Plus, each of these devices has its purpose, operating system, battery life, storage capacity, and network protocols. Performing a digital forensic investigation on such versatile devices is challenging as they are constantly updating and changing.

The tools and techniques that experts are using now might not be viable for future devices. Therefore, this is a major challenge for digital forensic investigators.

Complex Internet of Things (IoT) Architecture

Another major challenge digital forensic experts face is the complexity of the Internet of Things (IoT) devices. The heterogeneous hardware and operating systems used in gateways, devices, and data centers make it very difficult to understand these devices, let alone use them for a forensic investigation.

The manufacturers of Internet of Things (IoT) devices use several different types of hardware and software to develop them. Performing a forensic investigation on these devices with existing tools and devices may not always work because they might not be compatible with or support the device format.

Chain of Custody

For digital forensic evidence to be admissible in court, the chain of custody should not be broken. However, this is very hard when working with Internet of Things (IoT) devices. This is because data is constantly being shared and updated from one device to another, and this can break the chain of custody.

An image of a turned on laptop

Big Internet of Things (IoT) Data

Large volumes of data are stored and preserved in Internet of Things (IoT) devices. While it’s great for investigators to have a lot of evidence, processing and analyzing these large volumes of data becomes a major challenge.

Investigators have a hard time finding out what data is useful for the case and what isn’t, which takes up a lot of time and resources.

The digital forensic experts at Eclipse Forensics have years of experience and have solved many cases since 2005. They are a reputable name in the industry and ensure customer satisfaction.

Get in touch with them to learn more.

About the Author

The author of this blog is a digital forensic consultant who has been associated with Eclipse Forensics since 2010. They have written many useful guides and blog posts for readers and are credible source of information, thanks to their industry knowledge.

 

Posted in Forensics.