IoT Applications in Forensics

With IoT devices, there are more opportunities for bad actors to access your personal data, but also the potential for investigators to use digital forensics to help crack otherwise unsolvable cases.

Reilly Dunn
Image of a compromised laptop with
Illustration: © IoT For All

For most, the word “forensics” brings to mind classic procedural dramas like Bones, Criminal Minds or Cold Case. Maybe you picture white coats in a lab, dusting common household objects for fingerprints. Forensic science is the application of science to both criminal and civil law. Such effort uncovers both tangible and unbiased evidence in determining the outcome of legal proceedings. 

With the evolution of the internet, we’ve seen that the evolution of criminal behavior and digital crime requires a unique and novel form of forensics expertise. If someone takes advantage of your behavior online to steal your money, or worse, your identity, experts use digital forensics to dust for digital fingerprints to catch the bad guy.

IoT, though, introduces a new level of cyber-threat. Your internet behavior no longer exists within the confines of your desktop or mobile devices; it now includes your smart home, connected car and many other devices. Even your smart pet collar opens the door for bad actors to access your data. Here we’ll look at some applications and challenges professionals are encountering in the burgeoning field of IoT forensics.

IoT forensics attempts to align its workflow to that of any forensics practice—investigators identify, interpret, preserve, analyze and present any relevant data. Like any investigation, a timeline is constructed, and, with the aid of smart devices providing data, investigators might be able to capture much more specific data points than in a traditional crime.

However, collecting this data can often be a challenge, as it frequently doesn’t live on the device itself, but rather in the provider’s cloud platform. If you are able to get the data off the device, you’ll have to employ one of a variety of methods given the diverse nature of IoT devices hardware, software and firmware. So, while robust and insightful data is available, acquiring it is no small undertaking.

Authorities must also consider the role of IoT within the context of the crime. Was the IoT device itself the tool to commit the crime, or was it a witness to the crime? In a 2015 homicide in Bentonville, Arkansas, police collected an Amazon Echo device from the home where the murder took place. Because Echo devices can sometimes pick up and record partial conversations (as well as explicit commands) police issued a warrant to Amazon for any captured data from the device.

Similarly, in a 2017 double homicide in Farmington, New Hampshire, a judge issued a warrant ordering Amazon to release 2 days worth of recordings from an Amazon Echo, in hopes it recorded part of the attack. In both instances, Amazon was notably resistant and/or slow to respond in the releasing of customer data to investigators.


While we know that IoT devices collect, store and share valuable information to help us make personal and business decisions, even in these early stages of connected devices we can see ever evolving uses. The potential for these assets to encourage new crimes creates an entirely new kind of wariness for the public, and yet their ability to record and save information could prove invaluable for investigators with no other leads. Leading technology companies also need to reconcile how they choose to assist (or not assist) authorities when their own devices could possibly unlock answers in potentially violent criminal cases.

Reilly Dunn
Reilly Dunn
Reilly is a project manager at Leverege. She is interested in the ways in which tech innovations can and will affect society, and has been called the Kombucha Queen of her office.
Reilly is a project manager at Leverege. She is interested in the ways in which tech innovations can and will affect society, and has been called the Kombucha Queen of her office.