Digital Forensic on Amazon Devices

In addition to teaching criminal justice, I am also a digital forensics examiner. I have been doing that since 2009. I run a digital forensics lab for Centex Technologies which is located at Texas A&M Central Texas. We perform forensic examinations for computers, mobile phones, IoT devices, cameras, and pretty much anything that store digital data. We do this for many law enforcement agencies.

YouTub Videos - https://youtube.com/playlist?list=PL6JSLK8IHWrKcbqxgacLhBu7deKFV_YeS 

Paper: IoT_Forensic_Analysis__A_Family_of_Amazon_Echo_Show_Devices.pdf

I have been conducting research on all types of digital devices under a grant from Homeland Security. Some of that research involved Amazon Echo Show devices. Some of you may own such devices. The research involves a forensic analysis of the devices to see what the devices store and how to extract that data. I am not able to share the research until receiving clearance from Homeland Security. 

The research and the paper for the Amazon project have been approved for public release so I can share that with you if you are interested. The paper is in a peer-reviewed journal format and we are submitting that to a journal now.

I have also uploaded a couple of YouTube videos showing the process of taking the devices apart and soldering to devices under a microscope. This process is what is necessary to extract the data from the device. Finding the correct locations required disassembly, chip-off, and locating the tiny locations needed to connect forensic hardware to extract data. These locations are tiny and the wires I solder are smaller than a human hair.

The paper is a part procedural law and part digital forensics. Both of those disciplines are necessary to perform digital forensics in criminal investigations. To put it another way, in a real-world crime scene scenario, we need to draft a search warrant asking a judge to seize and search for evidence on these devices. If the judge believes we have demonstrated probable cause to believe a crime has been committed and evidence of a crime is located on the devices, the warrant is signed by the judge and the "affiant". The affiant is the person swearing to the data in the affidavit.

If we do not follow these legal procedures, the search of the device is "illegal" meaning it violates the procedural rules derived from the language in the 4th Amendment. If the search is illegal, the evidence cannot be used in court against the accused. Even if the evidence shows someone committed a crime.

After the warrant is signed, we can seize the devices and begin the forensic process of recovering the data. The 4th amendment requires that we particularly describe the places to be searched and the things to be seized. That can be challenging without knowing what is or can be stored on these devices. My research reveals and describes this process so that law enforcement professionals know how to draft their affidavit and if there is a likelihood any evidence could be found on the device related to the crime which is the object of their investigation.

My documentation and research on these Amazon devices will be used by law enforcement anywhere in the world as a guide on how to describe the probable cause needed to legally search these devices and a complete how-to guide to actually perform the forensics. I make available detailed diagrams and videos on the process from start to finish. You can view them if you like and I will add more as I get them uploaded. 

Before I publish such a guide on how to perform these extractions, I spend many hundreds of hours in the lab researching, tearing apart, chipping off storage chips, and reverse engineering the hardware. This allows other examiners the ability to extract the data from the devices without damaging the devices and losing evidence. I also "seed" the devices with information so that I can test to see what user data is actually stored on them. 

There are many myths about what the government does or can do regarding forensics and your digital devices. Most of the public information about that is total crap and not even close to being true. Movies, TV shows, and social media have it all wrong and I would be happy to prove that to you.

It would take a lot of explaining and details so let me just say that no one from our government is watching you or knows what you are doing on these devices. 

So when looking at the paper, keep in mind the basic concepts we learn in criminal justice classes.

Search & Seizure

Privacy

4th Amendment

Probable Cause

Forensics

Crime Scene

Digital Evidence

Search Warrant

Affidavit

Affiant

YouTub Videos - https://youtube.com/playlist?list=PL6JSLK8IHWrKcbqxgacLhBu7deKFV_YeS 

Paper: IoT_Forensic_Analysis__A_Family_of_Amazon_Echo_Show_Devices.pdf

Let me know if you have any questions.

Lorenz