Forensic Analysis of Smart Speakers

Abstract

The Internet of Things (IoT) is a network of billions of smart devices that gather and share data, and communicate with each other over the network without human interaction. Normally, the data is stored on the cloud due to the limited storage of the IoT devices. Smart speakers are one of the IoT devices that are becoming common in every household due to their usability and automation. Also, market trends show that they are expected to grow in the future as well. These speakers offer hands-free activation through the wake word. They work as an assistant and provide features like maintaining lists, making calls, managing events and reminders, keeping user notes, and so on. Since these devices contain user data, they can be a vital source of evidence during a forensic investigation. However, due to privacy concerns and laws, companies resist giving away user data. Therefore, this research aims to find smart speaker’s artifacts and highlight the significance of various forensic approaches in extraction of data. It explores three forensic approaches: Client (Application), Cloud and Network. For experimentation, two smart speakers, Amazon Echo Dot 3rd generation and Google Home Mini, are used to identify the important forensic artifacts. These speaker’s mobile applications, Alexa v2.2.322087.0 and Home v2.19.1.18 respectively, are installed on a smartphone running Android 8.1.0. Different features of these speakers are used for data population purposes. This work shows that all the forensic approaches offer valuable user data such as account information, timestamps, user activities, contacts and so on. However, for Amazon Echo Dot, network forensics delivers more data than any other approach. And, client forensics is better in case of Google Home Mini. However, utilizing multiple approaches can provide a significant amount of artifacts.