IoT Forensics: Amazon Echo as a Use Case

Abstract

Internet of Things (IoT) are increasingly common in our society, and can be found in civilian settings as well as sensitive applications, such as battlefields and national security. Given the potential of these devices to be targeted by attackers, they are a valuable source in digital forensic investigations. In addition, incriminating evidence may be stored on an IoT device (e.g., Amazon Echo in a home environment and Fitbit worn by the victim or an accused person). In comparison to IoT security and privacy literature, IoT forensics is relatively under-studied. IoT forensics is also challenging in practice, particularly due to the complexity, diversity, and heterogeneity of IoT devices and ecosystems. In this paper, we present an IoT-based forensic model that supports the identification, acquisition, analysis, and presentation of potential artifacts of forensic interest from IoT devices and the underpinning infrastructure. Specifically, we use the popular Amazon Echo as a use case to demonstrate how our proposed model can be used to guide forensics analysis of IoT devices.