Authors: Abdur Rahman Onik, Ruba Alsmadi, Ibrahim Baggili, Andrew M. Webb
DFRWS EU 2024
Abstract
The advent of the smart home has been made possible by Internet of Things (IoT) devices that continually collect and transmit private user data. In this paper, we explore how data from these devices can be accessed and applied for forensic investigations. Our research focuses on the iRobot Roomba autonomous vacuum cleaner. Through detailed analysis of Roomba’s cloud infrastructure, we discovered undocumented Application Program Interfaces (APIs). Leveraging these APIs, we developed PyRoomba – an open-source Python application that acquires a Roomba’s complete mission history and navigational data. From this information, PyRoomba generates detailed mission logs and maps of navigated spaces, informing the user about mission duration, detected objects, degree of coverage, and encrypted image captures. We compared the outcomes of PyRoomba with Roomba’s mobile application across six navigation runs in two environments of different sizes. We found that PyRoomba provides more detailed environmental information. A simulated crime scene case study demonstrated PyRoomba’s ability to detect environmental changes, such as bodies and knives, which were identified as hazards or obstacles. PyRoomba offers a more forensically sound approach to cloud acquisition compared to Roomba’s standard mobile application, minimizing the risk of inadvertently triggering the device during a crime scene investigation.