Early demos show Internet of Things devices are potential forensics goldmine
Digital Forensics | May 26, 2016
Jonathan Rajewski, director & digital forensics professor at Vermont’s Champlain College, is an Internet of Things (IoT) buff.
Not in the way your annoying neighbor who buys the latest IoT gizmo, such as a connected Wink app-enabled “smart egg tray” that allows you to check the quantity and freshness of what’s on hand remotely while at the grocery store.
Instead Rajewski wants to hack into the data streams these devices and other IoT devices, such as camera monitors, thermostats, light controllers, and even the Amazon Echo digital assistant, to understand the forensics value that tell the tale of the events in a particular location, all timestamped and giving bits of other relevant insight to what was happening in the room.
His demo at Guidance Software’s Enfuse user conference was quite convincing: These sensors can paint a picture of who’s in which rooms, when, and when they’re off-premises or sleeping. The camera systems from Nest (Google) and Samsung can be particularly helpful, as their video pictures are worth a thousand static data points.
Rajewski pointed out that with these IoT devices, forensics examiners can “luck out” with data stored on the device itself, in cache or databased, and access information on the spot that otherwise might be stored on a cloud and require legal machinations to access.
In other cases, one user setting could shunt all information to the cloud and make the sensor itself of little help to the investigator.
While he and his students at Champlain College are on the cutting edge of deconstructing these new wifi-enabled “smart home” gewgaws to see just how much evidentiary data they can yield for civil and criminal investigations, what practical use do these data streams have for everyday forensics investigators who are working actual cases?
Lots, Rajewski says. As IoT devices get cheaper and cheaper, they will proliferate and become, over the next few years, more powerful tools to build case details. Commercial machine-to-machine IoT (sensors for security, digital billboards, streetlight controls.) will be able to put people in locations or document events like never before.
So far, IoT data hasn’t been used in many cases but he thinks they will be. One case he mentioned involved police using Fitbit data to prove a would-be assault victim, in fact, wasn’t sleeping at the time she claimed she was assaulted in bed.
“[IoT data] is being used now, and as more people become aware of it, it’s only going to be used more,” said Rajewski, who acknowledges courts will have to sort out what data is and isn’t admissible. “It is this nice, third-party witness to what was going on. I can’t wait for more of this. I want to research this forever.”