Today is the era of Internet of Things (IoT), millions of machines such as cars, smoke detectors, watches, glasses, webcams, etc. are being connected to the Internet. The number of machines that possess the ability of remote access to monitor and collect data is continuously increasing. This development makes, on one hand, the human life more comfortable, convenient, but it also raises on other hand issues on security and privacy. However, this development also raises challenges for the digital investigator when IoT devices involve in criminal scenes. Indeed, current research in the literature focuses on security and privacy for IoT environments rather than methods or techniques of forensic acquisition and analysis for IoT devices. Therefore, in this paper, we discuss firstly different aspects related to IoT forensics and then focus on the current challenges. We also describe forensic approaches for a IoT device -smartwatch as a case study. We analyze forensic artifacts retrieved from smartwatch devices and discuss on evidence found aligned with challenges in IoT forensics.
In an Internet of Things (IoT) environment, IoT devices are typically connected through different network media types such as mobile, wireless and wired networks. Due to the pervasive nature of such devices, they are a potential evidence source in both civil litigation and criminal investigations. It is, however, challenging to identify and acquire forensic artefacts from a broad range of devices, which have varying storage and communication capabilities. Hence, in this paper, we first propose an IoT network architecture for the forensic purpose that uses machine learning algorithms to autonomously detect IoT devices. Then we posit the importance of focusing on the links between different IoT devices (e.g. whether one device is controlled or can be accessed from another device in the system), and design an approach to do so. Specifically, our approach adopts a graph for modelling IoT communications’ message flows to facilitate the identification of correlated network traffic based on the direction of the network and the associated attributes. To demonstrate how such an approach can be deployed in practice, we provide a proof of concept using two IoT controllers to generate 480 commands for controlling two IoT devices in a smart home environment and achieve an accuracy rate of 98.3% for detecting the links between devices. We also evaluate the proposed autonomous discovering of IoT devices and their activities in a TCP network by using real-world measurements from a public dataset of a popular off-the-shelf smart home deployed in two different locations. We selected 39 out of 81 different IoT devices for this evaluation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.