Authors: Maximilian Eichhorn, Felix Freiling
DFRWS APAC 2025
Abstract
To forensically examine an unknown digital device, a method is proposed that involves to perform experiments on an identical device and systematically derive information from the observed behaviour while performing specific actions. We apply this method to the Thermomix TM6 from Vorwerk, a multifunctional kitchen appliance. Using differential forensic analysis together with our method, we identify various forensic artefacts from real-world use, e.g., timestamps when the system was turned on and logs of specific cooking actions like dough kneading and cooking. We also observe inadequate data sanitization after factory reset. Other forensic artefacts we found include Wi-Fi login details and account information for the Cookidoo online service provided by Vorwerk to exchange recipes.