Abstract
The Internet of Things (IoT) is a new paradigm. It enables communication between physical “things” through a common and distributed architecture. It is based on objects deeply rooted in the intimate lives of users. The devices are constantly scanning and interacting with this physical world. They bear witness to past events and are therefore a rich source of information for criminal investigations. The collection of evidence from the connected infrastructure is a decisive phase of the success of the police investigation. It is about removing objects from their initial environment and placing them in a controlled and secured area. This action allows the evidence to be preserved for later examination. It is crucial, but nevertheless difficult. It can alter or destroy valuable data during manipulation. Moreover, the difficulty lies in the heterogeneous nature of the devices and their strong dependence on the environment. This paper focuses on the collection of IoT devices at the local level, linked to an investigative strategy. It presents several tools and methods to retrieve the objects and proposes to evaluate its relevance in a use case.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adelstein, F.: Live forensics: diagnosing your system without killing it first. Commun. ACM 49(2), 63–66 (2006)
Attwood, A., Merabti, M., Fergus, P., Abuelmaatti, O.: SCCIR: smart cities critical infrastructure response framework. In: 2011 Developments in E-systems Engineering, pp. 460–464. IEEE (2011)
Brezinski, D., Killalea, T.: Guidelines for evidence collection and archiving. Network Working Group (1), February 2002. http://www.ietf.org/rfc/rfc3227.txt
Carrier, B., Spafford, E.: Getting physical with the digital investigation process. Int. J. Digit. Evid. 2(2), 1–20 (2003)
Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. Academic press, Cambridge (2011)
Chauvenet, C., Etheve, G., Sedjai, M., Sharma, M.: G3-PLC based IoT sensor networks for SmartGrid. In: 2017 IEEE International Symposium on Power Line Communications and its Applications (ISPLC), pp. 1–6. IEEE (2017)
Copos, B., Levitt, K., Bishop, M., Rowe, J.: Is anybody home? inferring activity from smart home network traffic. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 245–251, May 2016. https://doi.org/10.1109/SPW.2016.48
Crispino, F.: Computerized forensic assistance software (FAS 1.0) for training and standardized investigation in distributed and disconnected services. Forensic Sci. Int. 132(2), 125–129 (2003)
Dorsemaine, B., Gaulier, J., Wary, J., Kheir, N., Urien, P.: Internet of Things: a definition & taxonomy. In: Al-Begain, K., AlBeiruti, N. (eds.) 9th International Conference on Next Generation Mobile Applications, Services and Technologies, NGMAST 2015, Cambridge, United Kingdom, 9–11 September 2015, pp. 72–77. IEEE (2015). https://doi.org/10.1109/NGMAST.2015.71
Dovaston, D.: The police perspective. Sci. Justice 40(2)(1), 150–151 (2000)
Gallop, A.: Private practice public duty. Sci. Justice 40(2)(1), 104–108 (2000)
Granja, F.M., Rafael, G.D.R.: The preservation of digital evidence and its admissibility in the court. Int. J. Electron. Secur. Digit. Forensics 9(1), 1–18 (2017)
Hahm, O., Baccelli, E., Petersen, H., Tsiftes, N.: Operating systems for low-end devices in the internet of things: a survey. IEEE Internet Things J. 3(5), 720–734 (2016)
Inoue, H., Adelstein, F., Joyce, R.: Visualization in testing a volatile memory forensic tool. Digital Invest. 8, S42–S51 (2011)
Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to integrating forensic techniques into incident response. NIST Spec. Publ. 10(14), 800–86 (2006)
Kornblum, J.: Preservation of fragile digital evidence by first responders. In: Digital Forensics Research Workshop (DFRWS), pp. 1–11 (2002)
Miorandi, D., Sicari, S., De Pellegrini, F., Chlamtac, I.: Internet of Things: vision, applications and research challenges. Ad Hoc Netw. 10(7), 1497–1516 (2012)
Nelson, B., Phillips, A., Steuart, C.: Guide to Computer Forensics and Investigations. Cengage Learning, Boston (2014)
Oriwoh, E., Jazani, D., Epiphaniou, G., Sant, P.: Internet of Things forensics: challenges and approaches. In: 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 608–615, October 2013. https://doi.org/10.4108/icst.collaboratecom.2013.254159
Oriwoh, E., Sant, P.: The forensics edge management system: a concept and design. In: 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing, pp. 544–550. IEEE (2013)
Perumal, S., Norwawi, N., Raman, V.: Internet of Things (IoT) digital forensic investigation model: top-down forensic approach methodology. In: 2015 Fifth International Conference on Digital Information Processing and Communications (ICDIPC), pp. 19–23, October 2015. https://doi.org/10.1109/ICDIPC.2015.7323000
Pichan, A., Lazarescu, M., Soh, S.: Cloud forensics: technical challenges, solutions and comparative analysis. Digital Invest. 13, 38–57 (2015)
Qin, Y., Sheng, Q., Falkner, N., Dustdar, S., Wang, H., Vasilakos, A.: When things matter: a survey on data-centric internet of things. J. Netw. Comput. Appl. 64, 137–153 (2016). https://doi.org/10.1016/j.jnca.2015.12.016, http://www.sciencedirect.com/science/article/pii/S1084804516000606
Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud forensics. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2011. IAICT, vol. 361, pp. 35–46. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24212-0_3
Thing, V.L., Ng, K.Y., Chang, E.C.: Live memory forensics of mobile phones. Digital Invest. 7, S74–S82 (2010)
Vömel, S., Freiling, F.: A survey of main memory acquisition and analysis techniques for the windows operating system. Digital Invest. 8(1), 3–22 (2011)
Zareen, M., Waqar, A., Aslam, B.: Digital forensics: latest challenges and response. In: 2013 2nd National Conference on Information Assurance (NCIA), pp. 21–29. IEEE (2013)
Zawoad, S., Hasan, R.: FAIot: towards building a forensics aware eco system for the Internet of Things. In: 2015 IEEE International Conference on Services Computing, pp. 279–284, June 2015. https://doi.org/10.1109/SCC.2015.46
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Bouchaud, F., Vantroys, T., Grimaud, G. (2021). Evidence Gathering in IoT Criminal Investigation. In: Goel, S., Gladyshev, P., Johnson, D., Pourzandi, M., Majumdar, S. (eds) Digital Forensics and Cyber Crime. ICDF2C 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 351. Springer, Cham. https://doi.org/10.1007/978-3-030-68734-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-68734-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68733-5
Online ISBN: 978-3-030-68734-2
eBook Packages: Computer ScienceComputer Science (R0)