The Internet of Things

Introduction to the Internet of Things

What is the internet of things? 

Also known as IoT, this is devices which use the internet in order for them to work. An example of this is the Amazon Echo, which can perform tasks such as ordering pizza.

How do they work?

Using sensors and other embedded data, IoT devices record and use data to perform tasks. Our Amazon Echo for example, has microphones so that it can hear speech. This speech is understood by the Echo, who then uses wi-fi and other communication techniques to talk to others.

Example: Using the microphones, Amazon Echo hears that we want pizza. Amazon Echo then connects to the app of the pizza company. Amazon Echo can then choose the favourite pizza for the user; the device should record how many orders have been made, and of what pizza. 

Amazon Echo can also use bluetooth to connect to other smart devices, such as smart switches. By communication, Amazon Echo can control the lighting in a room.

Why is this of interest to forensics?

Amazon Echo and other devices are essentially, mini computers. This mean they have file systems and importantly, data.

If we Refer to this article. It can be seen that the data found can prove substantial in a case. Unfortunately, this also means that devices can accidentally leak data location, including that of secret army bases!

Are Iot devices a completely new entity?

Thankfully, no. Most Iot devices are loosely based on already known file systems. Drones for example, often use the Linux file system. Others may be acquirable through their flash memory

What are the key challenges?

These devices aren't made with digital forensics in mind; as such you cannot simply just connect them via a write blocker. These means that we may need to turn to methods such as J-tag forensics. 

Further Reading

Please read this article on acquisition from an Amazon Echo
This presentation from the SANS DFIR Summit is also suggested!