Identifying, Seizing, and Preserving Evidence from Internet of Things Devices

Identifying, Seizing, and Preserving Evidence from Internet of Things Devices

This chapter seeks to expand the cybercrime investigator's thinking so that the Internet of Things (IoT) environment is incorporated into the investigation plan, especially when a suspect is an internal employee of a business or a person who had physical access (approved or not) to the cybercri...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Edwards, Graeme
Format: Buchkapitel
Sprache:eng
Schlagworte:
cybercrime investigator
cybercrime scene
evidence seizure
internal storage drive
Internet of Things
investigation plan
remote server
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This chapter seeks to expand the cybercrime investigator's thinking so that the Internet of Things (IoT) environment is incorporated into the investigation plan, especially when a suspect is an internal employee of a business or a person who had physical access (approved or not) to the cybercrime scene. Digital evidence is everywhere, including in wearable technology such as Internet‐connected watches. Everything that captures data tells a portion of a story: even if it is a seemingly unrelated piece of data, it may provide assistance in the future. IoT evidence may be stored in the device, on an internal storage drive, or on a remote server operated by the IoT device manufacturer. As with all evidence, seizure must be lawful. A complainant will be able to provide authority in most instances, but be aware of the value of IoT‐connected devices when petitioning a court for a search warrant or civil court order.
DOI:10.1002/9781119596318.ch13