Investigating the Internet of Things Role in Forensic Investigations

Today, millions of devices are connected to the internet, such as watches, cars, lights, speakers, and radiators. These devices are able to function as smart objects, collecting data to make decisions by following live or pre-saved commands. This connection and exchange of data between devices and the internet is referred to as the Internet of Things (IoT).


Image Credit: NicoElNino/

The IoT enables connection and communication between people and physical and virtual objects over the internet, enabling communication between humans and electronics, tools, and systems. This development has created innovative approaches for objects and people to interconnect and communicate rewardingly through collecting data on the person and their immediate environment.

The usefulness and benefits of the IoT in daily life activities has simultaneously increased security concerns for each individual relying on it. By creating billions of interconnected devices in different organizations and businesses, the IoT has accelerated crime opportunities while introducing complicated challenges in digital forensics.

The data collected through the complex IoT network faces several challenges, most surrounding security and privacy. To understand and tackle inevitable IoT cybercrimes, it is imperative to create effective and reliable security methods to ensure data confidentiality, integrity, and trust. With billions of IoT devices and uncontrollable amounts of data collected and stored, the IoT leaves users at risk for cyberattacks.

Why is IoT a Complex Crime to tackle in Forensics?

As the IoT integrates into every aspect of human culture, the disclosure of sensitive data leaves people and organizations extremely vulnerable. There is an ethical concern surrounding data protection and invasion of privacy through gathering, use, and disclosure of confidential information without user consent or knowledge. This can range from sensitive emails between colleagues and passwords to online banking.

There are further general concerns surrounding IoT forensics in addition to issues with evidence identification, collection, preservation, analysis, and legal presentation. Unlike traditional cyber forensic methods, the IoT system generates further data management problems due to the large amount of data involved and extensive data formats.

Methodology and Tools           

There is no universal method used when investigating crimes involving IoT or digital forensics. The present tools available in the field of digital forensics are limited and unable to cope with tackling the complex infrastructure of IoT networks and devices. Forensic and computer tools are required to search for, extract, preserve, and analyze data while conducting trustworthy digital investigations.

Using methods and tools that are not yet standardized may present doubt when presenting forensic findings in a courtroom.

Legal Jurisdiction         

The cloud data infrastructure is where most data is stored on the internet. Data can also be stored across a variety of locations, including different devices and countries, and mixed with other users' information. Gaining access to the cloud to obtain forensic evidence occurs through the service provider, who can be hesitant in sharing information or providing access to their cloud-based web.

Since IoT is everywhere, identifying evidence located in the IoT levels poses great challenges in evidence gathering by investigators. Establishing case jurisdiction can also be problematic if different devices are in different locations, use different cloud infrastructures, and have various providers. The interactivity becomes more complex with data being broken up and stored in various locations. This poses limitations on what data investigators can legally obtain access to.

Investigation concerns             

The chain of custody is also vital in guaranteeing evidence integrity and continuity in the court. This process revolves around sustaining the chronological history of the evidence during all stages of the investigation process. It is the investigator's job to prove where, when, and who came into contact with the electronic evidence at each stage of an investigation procedure.

Therefore, the security issues brought forward by IoT devices are not only detrimental to its users but can also affect a cybercrime investigation. Issues can include identity spoofing by communicating illegitimately on behalf of someone else, modifying or deleting data rendered as evidence, and flooding a network with useless traffic to exhaust resources and delay the investigation.  

In addition, data extraction without tampering with potential evidence can be difficult from IoT devices using traditional digital forensic methods. By removing certain data from its IoT environment, the evidence can be altered and lose its functionality, rendered forensically useless.

How the IoT is Making Cybercrime Investigation Easier | Jonathan Rajewski | TEDxBuffalo

Further Forensic Opportunities

Though complex, IoT brings a new source of recorded evidence in forensics which were not stored or recorded before. IoT forensic data can add contextual evidence to a committed crime, which is more difficult to destroy due to its storage in a complex cloud system.  

Looking at some of the issues mentioned with IoT devices, there are many areas where more research is needed. These include guidelines and standard procedures for obtaining IoT forensic evidence and solutions to legal jurisdiction challenges in cloud services. Future research needs the continued development of tools to extract and collect evidence from IoT devices while maintaining evidence integrity and continuity.

It is also ultimately important that private sectors and relevant government authorities collaborate their methodologies, tools, and experiences on anti-forensic techniques used to mislead and delay casework.


  • Atlam, H. et al (2020) Internet of Things Forensic: A Review. Elsevier.
  • Alanezi, A. et al (2019) IoT Forensics: A state-of-the-Art Review, Challenges and Future Directions. Science and Technology Publication. DOI: 10.5220/0007905401060115
  • Boozer, A., John., A. and Mukherjee, T. (2021) Internet of Things Software and Hardware Architectures and Their Impacts on Forensic Investigations: Current Approaches and Challenges. Journal of Digital Forensics, Security and Law, 16(2)
  • Mrdovic S. (2021) IoT Forensics. In: Avoine G., Hernandez-Castro J. (eds) Security of Ubiquitous Computing Systems. Springer, Cham.

Further Reading

Last Updated: Jun 1, 2022

Eva Thiel

Written by

Eva Thiel

After completing her Bachelors in Crime Scene and Forensic Investigations and Forensic Science, Eva continued her studies and completed her Masters in Crime and Forensic Science at University College London in October 2019.


Please use one of the following formats to cite this article in your essay, paper or report:

  • APA

    Thiel, Eva. (2022, June 01). Investigating the Internet of Things Role in Forensic Investigations. AZoLifeSciences. Retrieved on July 25, 2024 from

  • MLA

    Thiel, Eva. "Investigating the Internet of Things Role in Forensic Investigations". AZoLifeSciences. 25 July 2024. <>.

  • Chicago

    Thiel, Eva. "Investigating the Internet of Things Role in Forensic Investigations". AZoLifeSciences. (accessed July 25, 2024).

  • Harvard

    Thiel, Eva. 2022. Investigating the Internet of Things Role in Forensic Investigations. AZoLifeSciences, viewed 25 July 2024,


The opinions expressed here are the views of the writer and do not necessarily reflect the views and opinions of AZoLifeSciences.
Post a new comment

While we only use edited and approved content for Azthena answers, it may on occasions provide incorrect responses. Please confirm any data provided with the related suppliers or authors. We do not provide medical advice, if you search for medical information you must always consult a medical professional before acting on any information provided.

Your questions, but not your email details will be shared with OpenAI and retained for 30 days in accordance with their privacy principles.

Please do not ask questions that use sensitive or confidential information.

Read the full Terms & Conditions.