Criminal Investigations involving digital devices often focus on the analysis of mobile phones, tablets, and computers associated with the suspect or the victim. The connection of IoT devices to criminal investigations may not always be considered or understood by professionals handling the crime scene. The language, experience, and understanding needed to articulate the appropriate causes required to include IoT devices in search warrant affidavits are not always known or available to case agents overseeing the evidence-gathering portion of the investigation. For this reason, we introduce a novel methodology that shows how to locate and identify IoT device owner account information, device specifications and configurations, and the location of user activity on the device. We use this methodology to carry out a family of eight experiments on IoT devices that can assist law enforcement professionals in the construction of search warrant affidavits with information that will help satisfy the legal requirement to show evidence of a crime is likely contained on IoT devices. In this paper, we focus on Amazon Echo Show IoT devices and the legal justification for seizing and examining the devices, methods of extraction, and location of user-related artifacts on IoT device hardware. Overall, the implications of our study offer law enforcement professionals specific, practical instructions on how to deal with Amazon IoT devices involved in a crime scene. The analysis of data related to these devices is presented through practical demonstrations of these devices in action.
Read full abstract