IoT Evidence Analysis and Preservation in Investigations and Litigation

Similar documents
Internet of Things and Privacy Issues

Personnel Records: What to Keep, What to Toss

CINCINNATI PUBLIC RADIO PRIVACY NOTICE FOR EU RESIDENTS

Deloitte Discovery Advisory Enabling an agile response to discovery, investigatory, and regulatory requests

Exploration of IoT. Peter Lawther Chief Technology Office. 0 Copyright 2016 FUJITSU

The Top Emerging Technologies For B2C Marketers

Employee Wellness Portals. The 4 Game Changers. Choosing the right Platform for your Wellness Program. An ebook presented by

How APIs Fast-Track IoT Opportunities Across Industries

Global Issues Forum: Finding the Balance When Putting Your Data to Work Best Practices for Information Governance.

PMI CONSUMER PRIVACY NOTICE

Innovation Enabling Transformation Presentation at CIO Insurance Summit

The Three M s of Federal Communications: Millennialize, Mobilize and Modernize

ediscovery

Onsite Wellness vs. All-Digital Wellness

ediscovery at the University of Michigan

Testing Solutions for Hyper-Connected Apps

THE FUTURE IS HERE How Breakthrough Tech Innovations Are Shaping Our World

Marketing & CRM Trends Manuel Hinz & Dr. Markus Wuebben

Privacy and The Internet of Things: Perspectives on Mass Surveillance in the United States. Nishant Jain CPSC 610 4/25/18

Goodbye Starts & Stops... Hello. Goodbye Data Batches... Goodbye Complicated Workflow... Introducing

FINASTRA DIGITAL BANKING CONSUMER THE NEW GENERATION OF BANKING IS A CROSS-PLATFORM, MOBILE EXPERIENCE SOLUTION

Data Privacy and Use: What every compliance professional should know

DISRUPTIVE TECHNOLOGY. FOR PROFESSIONAL INVESTORS MARKETING COMMUNICATION PAM HEGARTY London, 3 October 2017

Measuring Cross-Device, The Methodology

SAFECAP PRIVACY POLICY STATEMENT

Data Privacy and Use: What every compliance professional should know

5 DATA-DRIVEN TECH TRENDS SHAPING CUSTOMER EXPERIENCE AND HOW YOUR BUSINESS CAN QUICKLY ADAPT

Company Overview. April 27, 2018 COPYRIGHT ALL RIGHTS RESERVED. 1 MICROVISION, INC.

VIA Insights: Telcoms CONNECT to Digital Operations

Fireside Chat: Harnessing AI technologies to Ensure a Seamless IoE Connected Experience

CURE FOR THE COUNTERFEITING PANDEMIC IN THE AUTOMOTIVE INDUSTRY

It s time to think about UBI differently

UFED Pro Series. Advance the case with access to the widest amount of digital evidence and insights.

chief marketing officer s guide to artificial intelligence

Brochure. Information Management & Government. Archive Data in the Largest Private Cloud. Micro Focus Digital Safe

Northgate Telematics. Improve customer service, reduce costs and improve control

Microsoft Connected Car Strategy & Solution

Harnessing the power of GIS

Applicant Data Privacy Notice

Creating the Ultimate User Experience. Sheetal Patil Head of Product Management Infotainment

Privacy Policy. To invest significant resources in order to respect your rights in connection with Personal Data about you:

The People-Based Marketing Strategy. Optimize campaign success with humanized data.

Computer Vision Technologies and Markets

OLA Privacy Policy for Australia

Meeting Management Solution

Kevin Petersen President, AT&T Digital Life

Speaking to Vehicular/IoT Technology Listening

Becoming an Intelligent Enterprise to Make Money Out of Data

Innovative Monetization Approaches for Home Security and Automation Organizations

Facebook by Ad Objective

HANDOUT PowerPoint Presentation STRATEGIC TECHNOLOGY MANAGEMENT

BBM Enterprise SDK CPaaS (Communications Platform as a Service) Build Powerful Communications Experiences, Safely and Securely

WL Connected Living solutions. unlock the power. of Internet of Things. through engaging Connected Services

SERVER ANALYTICS EDGE ANALYTICS DISTRIBUTED/ CLOUD ARCHITECTURE SOFTWARE INTERFACE

WHITE PAPER Marketing Automation Beyond 2018

SCORPION TRACK.COM. Technologically Advanced Stolen Vehicle Tracking & Fleet Management System. Part of the Scorpion group

AI Today and Tomorrow

How to tackle Consumer IoT

SMART FLEET MANAGEMENT

WHAT INFORMATION WE MAY COLLECT. "System Data" is information that is ingested or used by or generated through Digital Offerings, which may include:

An Arbitrator s Guide to Successfully Resolving ediscovery Disputes. By: Alison A. Grounds and Kenneth C. Gibbs

How Artificial Intelligence Is Transforming Tax Administration

Snowplow Insights VS Enterprise Digital Analytics Products

UK SCHOOL TRIPS PRIVACY POLICY

Husch Blackwell s ediscovery Solutions Team

Marketing Cloud Advertising Studio

Dynamics 365 and Microsoft stack for a whole New Customer Engagement. September, 2017

MARKET APPLICATION SUITE

The Mobile Enterprise. Presented by: Natalia Chiritescu & Vlad Mihalache

Digital Marketing Solutions

Using Social Media to Defend Workers Compensation Claims

An online advertising strategy for Craft How moving from cost-perclick to cost-per-acquisition helped save money for Craft

INTER CA NOVEMBER 2018

Multiple Sites. Tomorrow s Technology

Integrate Powerful Communications into Your Apps and Services

NUIX for INVESTIGATIONS

What s Behind VPVision? next generation vehicle telemetry V 1.0

Privacy Statement. Information We Collect

Competitive Intelligence 101. Staying Ahead of the Competition

INVESTOR PRESENTATION

Early Information Assessment: The first 72 hours of an investigation

Put cloud-based insights to work for your business

Digital Discovery & e-evidence

On-Demand Solution Planning Guide

Digital Banking BPC s Vision

Best Practices in ediscovery ACC Dallas March 29, 2007

The Global Market for Intelligent Video Analytics

A Marketer s Guide. To Unlocking the Value of Your Customer and Prospect Lists. maxpoint.com

A-List in IoT Awards. Award Description. Connected Car Platform of the Year - Best connected car software platform.

Avigilon Open Security Platforms

Profitability regarding Smart Content Delivery At Stores

A Virtual Game Changer The Next Generation, Online Management Platform That Helps You Run a Better Business.

GDPR and Microsoft 365: Streamline your path to compliance

Lindex Privacy Policy

MOBILE CLOUD ENTERPRISE. The Next Step in Our Evolution and Yours

Gain money doing what you like the most; blogging, sharing on your social networks or even writing articles

Introduction to digital marketing

Identity as a Critical Next Step in Security

PERSONAL INFORMATION

What Do You Need to Ensure a Successful Transition to IoT?

Transcription:

SESSION ID: LAW-W02 IoT Evidence Analysis and Preservation in Investigations and Litigation Erik Laykin Managing Director Duff & Phelps, LLC 310 245 2902 Erik.laykin@duffandphelps.com

An Example of IoT Evidence Determining the Outcome of an Investigation

Insurance Fraud and Insurance Fact A diamond ring is insured for $50,000 The owner suffers a break-in at her home, and the ring is stolen. She uses devices in her home as evidence and to file a claim: A video doorbell shows masked men entering Smart lightbulbs were turned on, showing activity in the home Cameras show her at her office during the break-in

Insurance Fraud and Insurance Fact Analysis by investigators showed: The smart door lock was unlocked with her phone An hour before the break-in, her phone disconnected from her insulin pump. The WiFi alarm system was disarmed with her code, and was not jammed. The Nest Thermostat in the upper area of the house, where the ring was kept, did not detect motion.

Epilogue The woman was stuck in a difficult divorce and needed to cover attorney s fees. She had her cousins fake a break-in to claim the insurance money. The insurance company denied the claim and brought charges for fraud. IoT Data provides historic and contemporary insights into each of our lives. Privacy is dead

A Day in your Life with Iot

Activity Monitoring Fitness Tracker (Fitbit) Motion Heart rate Location Activity Where is the subject? Is the subject awake? Is the subject moving?

Activity Monitoring - Evidence

IP Cameras Facial Recognition Object Recognition (backpacks, bicycles, etc.) License Plate Recognition Activity Recognition (walking from A to B, carrying a particular product) Profiling on Age/Gender/Ethnicity/Dress/Weight /time etc.

IP Cameras - Evidence

IP Cameras - Evidence

Automotive Passengers Location Speed / Direction Journey Start/End Full Telemetry Conversations

Automotive Evidence Tesla refutes a NYT reviewer who claimed that a Model S died, showing telemetry of the car being driven in circles in a parking lot.

Automotive Evidence

Home Automation Are people in the home? What appliances are on and off When are appliances used When were doors locked and unlocked? By whom? When were alarms armed and disarmed?

Home Automation - Evidence Nest Thermostat detects when you leave the home.

Virtual Assistants Voice Recording Records of actions taken searches Interface with other IoT devices Where is the data? Who owns the data?

Virtual Assistants - Evidence

Medical Devices Intrinsically linked to custodian Vital medical data High risk if compromised Wirelessly controlled

Implantable Medical Devices

Implantable Medical Devices

Data Ownership

Data in The Cloud to data centers all over the world Data flows from IoT devices.? to user devices... and to unknown places beyond.

Global Geography Amazon operates more than 42 data centers around the world

Data Ownership Data generated by IoT devices is typically stored in the cloud Can be in many geographic locations Can be very difficult to identify where data is or who controls it May be stored indefinitely May be local May be forwarded to a phone etc.

Data Uses Marketing build demographic profiles Artificial Intelligence research used to train next-generation AI. Every ten hours Tesla records one million miles of driving data Predictions Google can detect flu season before the CDC can Targeted advertising Political campaigns are tailoring messages to individuals based on data about them

Shodan 27

Thingful 28

Preserving, Collecting, and Analyzing Data

EDRM 30

Preservation Clients may be unaware that their IoT wearable and home devices may provide information that is relevant to an existing or anticipated lawsuit. Clients may expect that e.g. health information is protected, when it in fact may not be. Courts have not determined if 5 th amendment protections apply to such data. IoT devices are most commonly connected with 3 rd party service providers, and therefore the data they produce, such as activity data from a Fitbit, may reside in the cloud, on a platform operated by the service provider. Action by the consumer may be required to prevent destruction of relevant data. Upon receipt of a preservation notice, a custodian may overlook such platforms as a source of potentially relevant data. As with any cloud-stored evidence, authenticating the data and providing a clear chain of custody may be highly impracticable.

Collection Immediately upon receipt of a preservation notice or even upon reasonable anticipation of litigation, counsel should determine the likelihood that digital evidence created by IoT devices may be relevant. After determining that IoT-generated data is relevant, counsel should assess the storage location of the data, and determine which third party providers control retrieval and retention and serve a litigation hold notice as soon as practicable. Technical expertise is most often required to collect locally stored IoT data in a forensically sound manner.

Collection Sources Smartphones and Computers Devices which may have interacted with IoT devices Standard collection methodologies (Cellebrite, EnCase, etc.) May need to perform custom analysis of mobile apps to identify additional data Identify relevant IoT devices Custodian Interviews Actual walk-throughs of affected space Remember that some devices, such as cameras, may actually log data onto a recording device elsewhere in the facility. Identify which IoT devices may have on-device data Do not power off without technical guidance data may be lost Identify which IoT service providers may have data in the cloud Send preservation notices Follow-up with subpoena

Burden for Collection See Zubelake v. UBS Warburg, Judge Shira Sheindlin Rulings, the Sedona Conference and new Federal Rules of Civil Procedure related to ediscovery Obligations. In some cases an IoT device was not designed to provide data directly. May need to jailbreak device and have an expert extract data Very expensive process Whereas the service provider can simply export the relevant data into an Excel file Need to determine cost and identify whether plaintiff or defendant is responsible. Need to provide an appropriate unique ID for the data being requested. A provider may have multiple accounts under John Smith, and may require a username or device ID to provide relevant data.

Unanswered Questions In cases where IoT device data is run through large-scale analytics software, how can the analytics techniques be verified? Several cases have attempted to compare an individual s data to an overall average (e.g. to prove diminished physical capacity). Can an average activity level be meaningfully applied? Do individuals have a 5 th Amendment right against certain types of data being disclosed? Do individuals have a 6 th Amendment right to confront IoT devices testifying against them?

Limitations IoT devices have a very narrow worldview: they can only record what their sensors allow them to perceive. Much of the detailed data these devices produce comes from simple sensors. Small sensor errors can compound into massive data errors. Some Apple Watch users have complained that after sitting down and typing for 30 minutes the device lists them as asleep. Comparisons using analytics technology will require that the analytics algorithm and the data sources be validated. Data can be very ephemeral, some IoT devices were never designed to store data.

Analysis Create a timeline showing data from multiple devices Need to account for the native timezone of each data source Consolidate data from different formats Cell phone dumps Computer images Data from IoT service providers Data acquired directly from IoT devices Perform statistical or other analysis on bulk data

Analysis Graphs, charts, and timelines can shed light on data A timeline of activity tracker data over a 30 day period.

Analysis Common Tools: EnCase Computer forensics Blackbag Mac/iPhone forensics Relativity - ediscovery Cellebrite Phone forensics Recent Developments Berla ive Vehicle forensics Berla Blackthorn Forensics of GPS/navigation devices

Going Forward 40

Going Forward Take a minute to walk through your homes and offices and note where IoT devices are being used. Have an informal conversation with people to determine who sold/services the device and what information it collects. Ask yourself Where could I use that evidence? 41

Look around you 42

Look around you 43

Look around you 44

Look around you 45

SESSION ID: LAW-W02 THANK YOU IoT Evidence Analysis and Preservation in Investigations and Litigation Erik Laykin Managing Director Duff & Phelps, LLC 310 245 2902 Erik.laykin@duffandphelps.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback