With the rapid development of the Internet of Things technology, smart speakers have become increasingly popular. However, smart speaker security is an ensuing threat. At present, smart speakers are activated by voice, and they monitor users’ voices 24 hours per day. Consequently, there may be problems with user privacy leakage. In this paper, we propose a non-intrusive digital forensic method for smart speakers. The main contribution of the paper is an effective method of combining network traffic analysis with the extraction of user intent and alarms about abnormal network traffic to support the investigation of security. We use Xiaomi smart speakers as an example in an experiment to verify our forensic method. The evaluation results show that our method works well for detecting security risks.