IoT Forensics

The Internet of Things has changed how we live and work, and it has changed the landscape of digital evidence in ways most organisations and investigators have not yet caught up with. Smart security cameras, access control systems, smart TVs, voice assistants, connected vehicles, industrial sensors, fitness trackers, and building management systems all generate, store, and transmit data. Much of that data is forensically significant. Most of it goes unexamined.

When an incident occurs in an environment saturated with IoT devices, those devices may hold the most reliable record of what happened. We have built the expertise to recover and interpret that evidence.

THE GROWING FORENSIC SIGNIFICANCE OF IoT

There are now over 18 billion IoT devices connected globally, a number projected to exceed 29 billion by 2030 (IoT Analytics; Statista, 2024). In Africa, IoT adoption is accelerating across energy, agriculture, financial services, and smart city projects, adding new sources of digital evidence to environments that are not always prepared to handle them.

Smart building systems, including access control logs, CCTV, and environmental sensors, have proven decisive in physical security investigations, establishing presence and timing in ways that other evidence cannot. Law enforcement agencies globally, including the FBI, now routinely subpoena smart device data. Domestic smart speakers, connected vehicles, and wearables have all been admitted as evidence in criminal trials, and that trend is moving toward African courts as well.

IoT devices are also among the most poorly secured in any environment. Attackers know this and exploit it. The same device that records forensically valuable data about an incident may also have been the entry point that enabled it.

WHAT WE DO

Smart Device Data Extraction

We extract stored data from a wide range of IoT devices, including their internal memory, associated cloud accounts, and communication logs, using forensic methods appropriate to each device type rather than a one-size approach.

CCTV and DVR Forensics

Security cameras and digital video recorders are primary evidence sources in physical incident investigations. We recover, authenticate, and analyse footage, including from overwritten or damaged systems.

Access Control and Building System Analysis

Electronic access logs, smart locks, and building management systems record the movement of people and the state of physical access points. This data is often the most direct evidence available in workplace incident investigations.

Connected Vehicle Forensics

Modern vehicles record location history, speed data, driver behaviour, communication logs, and infotainment system activity. We analyse this data for civil and criminal matters where vehicle behaviour or occupant activity is in question.

IoT Attack Investigation

IoT devices are frequently exploited as network entry points or botnet components. We investigate IoT-based attacks, identify compromised devices, and trace attacker activity through the environment.

Firmware and Hardware Analysis

Where standard interfaces do not reach, we conduct low-level analysis of IoT device firmware and hardware to recover evidence that would otherwise remain inaccessible.