Skip to main content
SpringerLink
Log in

Evidence Gathering in IoT Criminal Investigation

  • Conference paper
  • First Online:
Digital Forensics and Cyber Crime (ICDF2C 2020)

Included in the following conference series:

Abstract

The Internet of Things (IoT) is a new paradigm. It enables communication between physical “things” through a common and distributed architecture. It is based on objects deeply rooted in the intimate lives of users. The devices are constantly scanning and interacting with this physical world. They bear witness to past events and are therefore a rich source of information for criminal investigations. The collection of evidence from the connected infrastructure is a decisive phase of the success of the police investigation. It is about removing objects from their initial environment and placing them in a controlled and secured area. This action allows the evidence to be preserved for later examination. It is crucial, but nevertheless difficult. It can alter or destroy valuable data during manipulation. Moreover, the difficulty lies in the heterogeneous nature of the devices and their strong dependence on the environment. This paper focuses on the collection of IoT devices at the local level, linked to an investigative strategy. It presents several tools and methods to retrieve the objects and proposes to evaluate its relevance in a use case.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Adelstein, F.: Live forensics: diagnosing your system without killing it first. Commun. ACM 49(2), 63–66 (2006)

    Article  Google Scholar 

  2. Attwood, A., Merabti, M., Fergus, P., Abuelmaatti, O.: SCCIR: smart cities critical infrastructure response framework. In: 2011 Developments in E-systems Engineering, pp. 460–464. IEEE (2011)

    Google Scholar 

  3. Brezinski, D., Killalea, T.: Guidelines for evidence collection and archiving. Network Working Group (1), February 2002. http://www.ietf.org/rfc/rfc3227.txt

  4. Carrier, B., Spafford, E.: Getting physical with the digital investigation process. Int. J. Digit. Evid. 2(2), 1–20 (2003)

    Google Scholar 

  5. Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. Academic press, Cambridge (2011)

    Google Scholar 

  6. Chauvenet, C., Etheve, G., Sedjai, M., Sharma, M.: G3-PLC based IoT sensor networks for SmartGrid. In: 2017 IEEE International Symposium on Power Line Communications and its Applications (ISPLC), pp. 1–6. IEEE (2017)

    Google Scholar 

  7. Copos, B., Levitt, K., Bishop, M., Rowe, J.: Is anybody home? inferring activity from smart home network traffic. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 245–251, May 2016. https://doi.org/10.1109/SPW.2016.48

  8. Crispino, F.: Computerized forensic assistance software (FAS 1.0) for training and standardized investigation in distributed and disconnected services. Forensic Sci. Int. 132(2), 125–129 (2003)

    Google Scholar 

  9. Dorsemaine, B., Gaulier, J., Wary, J., Kheir, N., Urien, P.: Internet of Things: a definition & taxonomy. In: Al-Begain, K., AlBeiruti, N. (eds.) 9th International Conference on Next Generation Mobile Applications, Services and Technologies, NGMAST 2015, Cambridge, United Kingdom, 9–11 September 2015, pp. 72–77. IEEE (2015). https://doi.org/10.1109/NGMAST.2015.71

  10. Dovaston, D.: The police perspective. Sci. Justice 40(2)(1), 150–151 (2000)

    Google Scholar 

  11. Gallop, A.: Private practice public duty. Sci. Justice 40(2)(1), 104–108 (2000)

    Google Scholar 

  12. Granja, F.M., Rafael, G.D.R.: The preservation of digital evidence and its admissibility in the court. Int. J. Electron. Secur. Digit. Forensics 9(1), 1–18 (2017)

    Article  Google Scholar 

  13. Hahm, O., Baccelli, E., Petersen, H., Tsiftes, N.: Operating systems for low-end devices in the internet of things: a survey. IEEE Internet Things J. 3(5), 720–734 (2016)

    Article  Google Scholar 

  14. Inoue, H., Adelstein, F., Joyce, R.: Visualization in testing a volatile memory forensic tool. Digital Invest. 8, S42–S51 (2011)

    Google Scholar 

  15. Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to integrating forensic techniques into incident response. NIST Spec. Publ. 10(14), 800–86 (2006)

    Google Scholar 

  16. Kornblum, J.: Preservation of fragile digital evidence by first responders. In: Digital Forensics Research Workshop (DFRWS), pp. 1–11 (2002)

    Google Scholar 

  17. Miorandi, D., Sicari, S., De Pellegrini, F., Chlamtac, I.: Internet of Things: vision, applications and research challenges. Ad Hoc Netw. 10(7), 1497–1516 (2012)

    Article  Google Scholar 

  18. Nelson, B., Phillips, A., Steuart, C.: Guide to Computer Forensics and Investigations. Cengage Learning, Boston (2014)

    Google Scholar 

  19. Oriwoh, E., Jazani, D., Epiphaniou, G., Sant, P.: Internet of Things forensics: challenges and approaches. In: 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 608–615, October 2013. https://doi.org/10.4108/icst.collaboratecom.2013.254159

  20. Oriwoh, E., Sant, P.: The forensics edge management system: a concept and design. In: 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing, pp. 544–550. IEEE (2013)

    Google Scholar 

  21. Perumal, S., Norwawi, N., Raman, V.: Internet of Things (IoT) digital forensic investigation model: top-down forensic approach methodology. In: 2015 Fifth International Conference on Digital Information Processing and Communications (ICDIPC), pp. 19–23, October 2015. https://doi.org/10.1109/ICDIPC.2015.7323000

  22. Pichan, A., Lazarescu, M., Soh, S.: Cloud forensics: technical challenges, solutions and comparative analysis. Digital Invest. 13, 38–57 (2015)

    Article  Google Scholar 

  23. Qin, Y., Sheng, Q., Falkner, N., Dustdar, S., Wang, H., Vasilakos, A.: When things matter: a survey on data-centric internet of things. J. Netw. Comput. Appl. 64, 137–153 (2016). https://doi.org/10.1016/j.jnca.2015.12.016, http://www.sciencedirect.com/science/article/pii/S1084804516000606

  24. Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud forensics. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2011. IAICT, vol. 361, pp. 35–46. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24212-0_3

    Chapter  Google Scholar 

  25. Thing, V.L., Ng, K.Y., Chang, E.C.: Live memory forensics of mobile phones. Digital Invest. 7, S74–S82 (2010)

    Google Scholar 

  26. Vömel, S., Freiling, F.: A survey of main memory acquisition and analysis techniques for the windows operating system. Digital Invest. 8(1), 3–22 (2011)

    Article  Google Scholar 

  27. Zareen, M., Waqar, A., Aslam, B.: Digital forensics: latest challenges and response. In: 2013 2nd National Conference on Information Assurance (NCIA), pp. 21–29. IEEE (2013)

    Google Scholar 

  28. Zawoad, S., Hasan, R.: FAIot: towards building a forensics aware eco system for the Internet of Things. In: 2015 IEEE International Conference on Services Computing, pp. 279–284, June 2015. https://doi.org/10.1109/SCC.2015.46

Download references

Author information

Authors and Affiliations

  1. IRCGN - Forensic Science Laboratory Gendarmerie Nationale, Cergy, France

    François Bouchaud

  2. Univ. Lille, CNRS, Centrale Lille, UMR 9189 - CRIStAL, 59000, Lille, France

    Thomas Vantroys & Gilles Grimaud

Authors
  1. François Bouchaud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Vantroys
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gilles Grimaud
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to François Bouchaud .

Editor information

Editors and Affiliations

  1. State University of New York, University at Albany, Albany, NY, USA

    Sanjay Goel

  2. School of Computer Science, University College Dublin, Dublin, Ireland

    Pavel Gladyshev

  3. Rochester Institute of Technology, Rochester, NY, USA

    Daryl Johnson

  4. Ericsson Security Research, Montréal, QC, Canada

    Makan Pourzandi

  5. CIISE, Concordia University, Montréal, QC, Canada

    Suryadipta Majumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bouchaud, F., Vantroys, T., Grimaud, G. (2021). Evidence Gathering in IoT Criminal Investigation. In: Goel, S., Gladyshev, P., Johnson, D., Pourzandi, M., Majumdar, S. (eds) Digital Forensics and Cyber Crime. ICDF2C 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 351. Springer, Cham. https://doi.org/10.1007/978-3-030-68734-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-68734-2_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-68733-5

  • Online ISBN: 978-3-030-68734-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation