The heist was relatively straightforward: Masked men broke into a woman’s house and made off with a diamond ring. What they didn’t know was that their victim’s doorbell doubled as a camera and recorded the men going inside. There was also evidence that the woman’s connected light bulbs had turned on while she was at work.
But all was not lost. The ring was insured for $50,000 US, and using the records from her smart home devices, the woman filed a claim.
However, an independent forensic analysis of the devices in her house told a very different story. The house’s smart door lock was found to have been unlocked with the woman’s phone. And the Wi-Fi alarm system in her home hadn’t been tampered with, but rather, deactivated with the woman’s code.
Sensing a shift in where digital evidence can hide, forensics examiners have started looking beyond smartphones and laptops to a new crop of internet-connected sensors — and developers of forensics software have been happy to oblige. A handful of companies now advertise support for data generated by activity trackers, GPS navigation systems, drones and even connected cars.
And while experts caution that these devices — often referred to under the umbrella of the Internet of Things (IoT) — don’t always store or even generate the rich troves of behavioural data that people might expect, they’ve nonetheless given investigators in a range of criminal and civil cases a new and sometimes bountiful source for leads.
“There are few significant investigations that don’t involve electronic information,” said David Fraser, a privacy and technology lawyer at the Halifax law firm McInnes Cooper. “And that electronic information is in a bunch more places than it used to be.”
A smartphone supplement
In the case of the diamond ring, it was eventually determined that the break-in had been staged. The masked men were actually the woman’s cousins. The insurance company denied her claim and, with the help of the results from the independent forensic analysis, charged her for fraud.
The smart home devices that she thought would support her claim were actually used against her.
Erik Laykin, a managing director at financial services firm Duff & Phelps, described the diamond ring scenario during a talk at the RSA Conference in San Francisco earlier this year. He told CBC News it was a real case, but declined to provide further details, citing confidentiality agreements.
The ability to perform digital forensics on data generated by connected devices has proven valuable in a handful of other cases too. FitBit data has been used to contradict testimony during multiple criminal investigations, for example, and prosecutors used data obtained from an Amazon Echo speaker and a smart water meter in a recent murder case.
But forensics experts are generally careful not to overstate the amount of information the devices themselves can provide.
“I think smartphones are still going to be one of your key sources of evidence for most investigations,” said Jamie McQuaid, a forensics consultant at the Waterloo, Ont.-based software developer Magnet Forensics, while IoT devices are “really a supplement to that.”
Most have little onboard storage, meaning that the real trove of data — the historical usage patterns — is in the smartphone apps they communicate with, or in the cloud.
On the device itself, basic settings and account information are the best you’re likely to get.
From automobiles to assistants
To augment the data that investigators can already obtain from smartphones and laptops, a handful of companies have started to include support for a range of emerging devices.
Magnet Forensics added support for a handful of connected devices to its smartphone forensics software last fall — including the Nest thermostat, Amazon Echo, FitBit wearables and OnStar. But rather than interacting with the devices themselves, Magnet’s software examines the bits of information that their apps collect and leave behind.
Paraben’s E3 software works in a similar way, pulling a range of data from apps that are used to communicate with DJI Drones, wearables such as FitBit, and Amazon’s Echo.
And there are signs that Cellebrite — a popular Isareli forensics software developer whose clients include both the RCMP and the FBI — is moving to support connected devices, too. A job posting shows that the company is looking for a senior forensic researcher to work on “a product that compiles forensic evidence from all mobile devices, PC and IoT devices and help put the bad guys away.”
It’s not clear whether this is an existing or future product, and Cellebrite didn’t respond to a request for comment.
And the list goes on. A company called Berla offers one software suite called iVe, which does “analysis of a vehicle’s infotainment and telematics systems” for a range of popular car models. They also offer another product called Blackthorn, designed to extract data from navigation devices like portable GPS watches, as well as navigation devices used in boats and planes.
Beyond the bread and butter
At Duff & Phelps, Laykin said he’s working on another case, currently in pre-litigation — a dispute with a builder over a custom-built home with IoT and intelligence throughout.
“When the owners took delivery, systems didn’t function, there were breakdowns, and claims that the builder of the home could eavesdrop and spy,” Laykin said.
Much like the case with the diamond ring, he said that confidentiality agreements limit how much more he can say.
On the one hand, digital forensics companies, such as Magnet and Paraben, acknowledge that they’re partly looking ahead to where the market is heading, with the hope that interest in IoT forensics will only continue to grow another line of business to supplement their bread and butter of laptops and phones.
But on the other hand — and as people like Laykin and recent cases have shown — there are people who are already interested in these capabilities today.
At Paraben, CEO Amber Schroader said her product’s early embrace of IoT analysis has been met with skepticism by some — until they realize that the reality isn’t as far away as they might think.
“And then when it becomes real,” she said, “they’re like ‘Woah, you totally knew that was real.'”