Digital forensic approaches for Amazon Alexa ecosystem

Chung, Hyunji; Park, Jungheum; Lee, Sang-Jin

doi:10.1016/j.diin.2017.06.010

Cited by 150 publications

(77 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The Amazon Echo is activated by wake words like 'Alexa', but must also constantly listen for the wake-up command, and clearly this is a potential evidence source [16], [19], [24]. For example, Chung et al [25] explained how companion clients (i.e. devices used to send and capture commands and responses from intelligent home assistants, such as Alexa) can also be a source of evidence.…”

Section: Related Literaturementioning

confidence: 99%

“…In a prior work involving the analysis of Amazon Echo [25], it was reported that the user's history data and interactions with Alexa are stored in the SQLite database and web cache files. The authors analyzed two Amazon Echo Dots, with Android 4.4.2 + Alexa app, iOS 10.1.1 + Alexa app, OS X 10.10.5 + Chrome and Windows 10 + Chrome.…”

Section: Amazon Echo (Pi) Forensicsmentioning

confidence: 99%

See 1 more Smart Citation

IoT Forensics: Amazon Echo as a Use Case

Choo

Sun

et al. 2019

IEEE Internet Things J.

112

View full text Add to dashboard Cite

Internet of Things (IoT) are increasingly common in our society, and can be found in applications such as battlefields and national security. These devices can also be targeted by attackers and hence, they are a valuable source in digital forensic investigations. In addition, incriminating evidence may be stored on an IoT device (e.g. Amazon Echo in a home environment and Fitbit worn by the victim or an accused person). In comparison to the IoT security and privacy literature, however, IoT forensics is relatively under-studied. IoT forensics is also challenging in practice, particularly due to the complexity, diversity, and heterogeneity of IoT systems. In this paper, we present an IoT based forensic model that supports the identification, acquisition, analysis, and presentation of potential artifacts of forensic interest from IoT devices and the underpinning infrastructure. Specifically, we use the popular Amazon Echo as a use case to demonstrate how our proposed model can be used to guide forensics analysis of IoT devices.

show abstract

Section: Related Literaturementioning

confidence: 99%

Section: Amazon Echo (Pi) Forensicsmentioning

confidence: 99%

IoT Forensics: Amazon Echo as a Use Case

Choo

Sun

et al. 2019

IEEE Internet Things J.

112

View full text Add to dashboard Cite

show abstract

“…For example, the aspect of investigating necessary user remnants for the data stored using Windows 7 and Apple iPhone on cloud services, like Dropbox, is discussed in Quick and Choo . The growing influence of DFs among researchers and practitioners in recent years have already provided new developments, innovative ideas and practices for the advancement of digital investigation in diverse areas, for example, smart TV forensics, smart home forensics, drone forensics, mobile application forensics, alexa ecosystem forensics, Internet of things device forensics, smart cities forensics, scada forensics, and so on. Le‐Khac et al discusses the recent challenges and case studies related to smart vehicle forensics.…”

Section: Background and Related Workmentioning

confidence: 99%

An intelligent approach for examining and detecting target data fragments in suspected large storage drives

Bharadwaj

Singh

2019

Security and Privacy

View full text Add to dashboard Cite

The ever increasing capacity of storage devices is becoming a formidable obstruction to the digital forensic community due to its substantial investigation time and preservation space requirements. However, the investigation process becomes more complicated, whenever the fragmented or partially overwritten drives need forensic consideration. It is becoming extremely necessary to unfold novel methods the examination of storage drives involving a bulk volume of data. In this paper, the differential evolution (DE) technique is utilized with an unsupervised mean-shift clustering approach in the field of digital forensics for intelligently locating the traces of target file in suspected storage drives or raw images. The proposed methodology leverages the drives' geometrical information in DE for obtaining random sector samples followed by fitness value and sector hash computation. The clustering algorithm evaluates the obtained intelligence and assists in estimating the regions of forensic significance in the drive, instead of considering the entire drive contents. As an outcome, a proof-of-concept Python based command line tool has been developed and released to support the study and further enhancement. The experiments and case studies demonstrated using the drives of different capacities demonstrates the efficacy of the proposed method. K E Y W O R D Sdifferential evolution, digital forensics, huge data volumes, mean shift clustering, storage drive, target file 1 Security Privacy. 2019;2:e71.wileyonlinelibrary.com/journal/spy2

show abstract

“…As stated, the IoT is forever expanding; this paper will look forward at ways we can question and seize evidence from new devices, as they become part of the IoT, or the future IoA. For example, the Alexa [5] enabled wireless smart speaker is a gateway for all voice commands submitted in the home. This intelligent virtual assistant interacts with a plethora of compatible IoT devices and third-party applications that leverages cloud resources [5].…”

Section: Introductionmentioning

confidence: 99%

“…For example, the Alexa [5] enabled wireless smart speaker is a gateway for all voice commands submitted in the home. This intelligent virtual assistant interacts with a plethora of compatible IoT devices and third-party applications that leverages cloud resources [5]. Understanding the complex cloud ecosystem that allows ubiquitous use of Alexa may be paramount for supporting IoT digital investigations in the future.…”

Section: Introductionmentioning

confidence: 99%

Iot Forensics: Challenges for the Ioa Era

MacDermott

Baker

Shi

2018

2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)

View full text Add to dashboard Cite

Abstract-Challenges for IoT-based forensic investigations include the increasing amount of objects of forensic interest, relevance of identified and collected devices, blurry network boundaries, and edgeless networks. As we look ahead to a world of expanding ubiquitous computing, the challenge of forensic processes such as data acquisition (logical and physical) and extraction and analysis of data grows in this space. Containing an IoT breach is increasingly challenging -evidence is no longer restricted to a PC or mobile device, but can be found in vehicles, RFID cards, and smart devices. Through the combination of cloud-native forensics with client-side forensics (forensics for companion devices), we can study and develop the connection to support practical digital investigations and tackle emerging challenges in digital forensics. With the IoT bringing investigative complexity, this enhances challenges for the Internet of Anything (IoA) era. IoA brings anything and everything "online" in a connectedness that generates an explosion of connected devices, from fridges, cars and drones, to smart swarms, smart grids and intelligent buildings. Research to identify methods for performing IoT-based digital forensic analysis is essential. The long-term goal is the development of digital forensic standards that can be used as part of overall IoT and IoA security and aid IoT-based investigations.

show abstract

Digital forensic approaches for Amazon Alexa ecosystem

Cited by 150 publications

References 9 publications

IoT Forensics: Amazon Echo as a Use Case

IoT Forensics: Amazon Echo as a Use Case

An intelligent approach for examining and detecting target data fragments in suspected large storage drives

Iot Forensics: Challenges for the Ioa Era

Contact Info

Product

Resources

About