DoD Digital Forensics: Unlocking Evidence In Cars, Wearables, And IoT

The Department of Defense Cyber Crime Center’s recent emphasis on using AI and leveraging alternative data sources like car in-vehicle telematics and wearable devices when smartphones are inaccessible underscores an important reality of today’s digital world: our devices are deeply interconnected. This interconnection means that even if one device is encrypted or inaccessible, others can serve as alternative reservoirs of overlapping data. Vehicles, wearables, and other IoT devices frequently sync with or pull data from smartphones, creating a diverse ecosystem of traceable digital evidence.

Artificial Intelligence In Digital Forensics

At the recent AFCEA TechNet Indo-Pacific conference, DC3 Chief Scientist Lam Nguyen emphasized how the implementation of AI and machine learning technologies are empowering investigators to analyze vast volumes of digital evidence, including data from unconventional sources such as vehicle telematics, wearables and IoT devices, GovCIO reports.

As a digital forensics expert, I see this integration of AI as a necessary development. Traditionally, digital forensics often involves manually sifting through massive datasets—emails, text messages, GPS logs, app data, and beyond—to reconstruct timelines and uncover key evidence.

While thorough, this approach can be both time-consuming and resource-intensive. AI could change the game for examiners by automating portions of data analysis, identifying patterns, and highlighting anomalies with unparalleled speed and accuracy.

However, as I explained last month, integration of AI also presents challenges, particularly in maintaining the transparency, replicability, and reliability required for evidentiary standards. For forensic experts, understanding how these tools work—and ensuring their results can be replicated—is essential for maintaining credibility in investigations and the courtroom.

FBI Warns Smartphone Users—Hang Up And Create A Secret Word Now

Gmail Takeover Hack Attack—Google Warns You Have Just 7 Days To Act

New Smartphone Warning—Forget What You’ve Been Told About Security

Smartphone Forensics: The Evidence Hub

As Nguyen explains, “If you have a Tesla and an iPhone, we can’t break into the phone, but we can get data from the car’s telematics,” For most people, their smartphone acts as a hub, constantly communicating with other devices.

Vehicles, for instance, routinely connect to smartphones via Bluetooth or USB for navigation, hands-free calling, and media playback. During these interactions, vehicles often pull and store data, including call logs, text messages, and even recent locations. This transfer happens in the background—seamless for the user but critical for investigators.

While some smartphones can be passcode unlocked using advanced cell phone forensic tools, others remain encrypted or physically inaccessible, posing challenges in investigations. In these cases, forensic experts often turn to alternative data sources. Logs from a car’s in-vehicle infotainment and telematics system might reveal the device’s pairing history, GPS coordinates, or even timestamps of interactions, effectively reconstructing parts of the data that were originally stored on the phone.

Modern Cars Are Digital Evidence

Modern cars are no longer just modes of transportation; they are data-rich platforms. In-vehicle infotainment and telematics systems capture granular details such as trip histories, speed, braking patterns and door activity. If a phone paired with a car for navigation, the vehicle might store recent destinations, route history and timestamps that mirror or complement the phone’s data.

For example, imagine a scenario in which a suspect’s smartphone is encrypted and cannot be accessed directly. Investigators could examine the car’s in-vehicle infotainment and telematics logs to track movements, establish alibis or locate potential crime scenes.

Wearable Technology: Your Biometric Digital Evidence

The smartphone’s relationship with wearables, such as smartwatches or fitness trackers, further expands the digital evidence landscape. Many wearables rely on their paired smartphone for connectivity, uploading health metrics, location data, and app activity to the phone and often syncing it to cloud storage. Even if a phone is inaccessible, investigators can extract valuable insights directly from the wearable device or the associated cloud account.

Wearable data might show a suspect’s physical activity during a specific timeframe, while the vehicle data could confirm their location during that period. Together, these devices create a more complete picture than either could alone.

The Silent Witness: IoT Devices At Digital Evidence

Beyond cars and wearables, an array of IoT devices— like home security cameras, smart speakers or even appliances—interact with smartphones, often storing fragments of relevant data. A smart speaker might log voice commands or smartphone-triggered routines, while a home security system might store geofencing logs that indicate when a user left or returned. Even without the smartphone, data can be recovered directly from some IoT devices by digital forensic examiners, and data can also be collected from online accounts associated with the devices.

Digital Evidence: It’s All Interconnected

The crossover of data between devices illustrates a single point of failure—such as an inaccessible smartphone—cannot always fully thwart a digital forensic investigation. Every device in the ecosystem contributes to the larger web of evidence.

This interconnectedness also serves as a reminder for attorneys to understand the broader digital landscape. When presenting or defending a case, knowing how data flows between devices can help clarify the origin and context of evidence. Evidence isn’t confined to a single device—it’s scattered across an interconnected web. Cars, wearables, and other devices are increasingly essential in piecing together this mosaic of data, ensuring that even if one door is locked, another can often be opened.