Internet of Things (IoT) Forensics

Internet of Things (IoT) Forensics

Course provider
VTO Labs
Course dates
13-17th May 2024
Course length
5 Days
Course fee
5,500 USD

Intended for participants with prior digital forensics experience, this 5-day training will introduce the participant to the variety of IoT devices, the potential evidentiary data the devices may hold, methods in which to extract data, and analysis techniques to understand extracted data. The Internet of Things (IoT) continues to expand at an exponential rate. This rapid adoption of technology stands in contrast to the preparedness of law enforcement, public safety officers, and prosecutors to investigate and prosecute crimes committed using or in proximity to these silent witnesses. The VTO Labs training addresses new challenges presented by IoT devices to digital forensic science. 


  • Embedded Systems
    • Embedded systems contrasted against computer systems
  • Definition, Identification, Seizure, and Preservation of IoT devices
    • Pre-seizure planning
    • On-scene identification, disconnection from network and power, preservation of data through examination
  • Targets of data extraction
    • Flash Storage Devices and Flash Controllers
    • NOR and NAND flash
    • Microcontrollers
    • Bluetooth and other transmission modules
  • IoT Device Research
    • Current resources
    • Direct, pre-seizure, research questions
  • Chip Reading Connections and Tools
    • Serial Wire Debug
    • UART
    • I2C
    • SPI
    • JTAG
    • Chip-off
  • Analysis and Custom Scripting
    • Windows PowerShell
    • Hex Editors and Comparison Tools
    • Python Overview
    • Linux Tools Overview
  • Reporting and Testifying
    • Process notes and the examiner’s report
    • Common testimonial challenges


Steve Watson, Chief Executive Officer, VTO Labs

Mr. Watson is a technologist focused in the areas of data recovery, forensics, risk, and compliance. His career spans two decades and a variety of technology environments from start-ups to Fortune 50 companies. He is the Chief Executive Officer of VTO Labs. He has served as the Principal Investigator for two U.S. government scientific programs focused on digital forensics. His research in the area of data recovery and digital forensics is focused on new and emerging technologies and extremely damaged devices. Watson’s expertise lies in getting data off of electronic devices that are challenging for others: damaged devices, old devices, new devices and unsupported devices. He also serves as the Chair of the Forensics Committee on the Scientific Working Group on Digital Evidence (SWGDE), representing expertise in mobile devices, emerging technologies, and damaged devices.

James Darnell, Chief Operations Officer, VTO Labs

Prior to his work at VTO Labs, Mr. Darnell worked over 21 years for the United States Secret Service. He began his career with the Secret Service in 1999 and served as a special agent in the Las Vegas Field Office. In 2005, he transferred to the Criminal Investigative Division in Washington, DC, where he served as the Service’s program manager for computer forensics. In 2008, he built a digital forensics laboratory on the campus of the University of Tulsa dedicated to research, training, and escalation examinations. From Tulsa, he created and administered the USSS’ cell phone and skimmer forensics programs. Darnell is a former Chair and Vice Chair of the Scientific Working Group on Digital Evidence (SWGDE) and former Chair of the NIST OSAC Digital Evidence Subcommittee. He is a member of the ASTM E30 Committee and an adjunct professor at Oklahoma State University.

Matt Domanic, Senior Digital Forensics Analyst, VTO Labs

Matt Domanic is the Senior Technical Lead for VTO Labs. Mr. Domanic has spent his time at VTO focusing on developing forensic methods for acquiring data from devices such as drones, IoT devices, vehicles, and other embedded and leading-edge technology. Prior to joining VTO Labs, Domanic was a detective with the Middlesex County Prosecutor’s Office in New Jersey where he served as a Task Force Agent for the NJ Drug Enforcement Administration field office and specialized in his role as a Digital Forensics Examiner in the office’s Technical Operations Unit. He is a member of the Scientific Working Group on Digital Evidence (SWGDE).

Register Now