Steve Watson (VTO Labs)

Abstract

As IoT devices continue to grow in popularity, more opportunities will emerge to determine if these new technology wonders can aid investigations. One of the challenges emerging in the interrogation of Internet of Things (IoT) hardware is emergence of file systems that are not often found in current digital forensic challenges. Digital forensics practitioners typically encounter computer and mobile device operating systems with a familiar set of file systems. When working directly with circuit boards and integrated circuit packages (chips) for data acquisitions, a complete and successful acquisitions may result in a binary image that is unreadable in most modern tools. In addition to standard file systems we would expect to find on eMMC storage areas, legacy and Linux files systems are presenting themselves with few industry options available for parsing the data. In this presentation, we will review four different types of IoT devices each with different types of file systems present on the hardware of the IoT device. We will examine the device, identify the storage location on the particular IoT devices, discuss the method of acquisition in each case and review data from the file system. Each exotic file system encountered will include a brief introduction and history. Understanding the complexity and differences in these new technology devices will aid practitioners in being ready to address these devices in their labs.