Skip to main content
Springer Nature Link
Log in

Digital Forensic Acquisition Using Private Internet of Things Cloud Application Programming Interfaces

  • Conference paper
  • First Online:
Advances in Digital Forensics XX (DigitalForensics 2024)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 724))

Included in the following conference series:

  • 101 Accesses

Abstract

Digital forensic practitioners face two key challenges when investigating Internet of Things devices. One is the need to reverse engineer a plethora of different devices and the other is the volatility of device data, including deleted data. This chapter attempts to address these challenges by focusing on the extraction of Internet of Things device data from the cloud by leveraging private application programming interfaces, an area that is relatively understudied in digital forensics. Specifically, this chapter presents the results of a study of decrypted traffic between six Android mobile apps (not the Internet of Things devices) and their respective cloud systems. The study results point to the feasibility of the approach and highlight the challenge involved in discovering additional application programming interface endpoints in a non-intrusive manner.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. D. Baier and F. Egner, friTap: Decrypting TLS on the fly, lolcads tech blog (lolcads.github.io/posts/2022/08/fritap), 2022.

    Google Scholar 

  2. D. Baier, F. Egner and M. Ufer, friTap: Decrypting TLS traffic on the fly, presented at the OSDFCon Webinar (www.youtube.com/watch?v=GODCq53zgmk), 2023.

  3. Y. Brhan, API-Based Cloud Data Acquisition and Analysis from Smart Home IoT Environments, M.S. Thesis, Institute of Legal Informatics and Forensic Science, Hallym University, Chuncheon, South Korea, 2019.

    Google Scholar 

  4. H. Chung, J. Park and S. Lee, Digital forensic approaches for the Amazon Alexa ecosystem, Digital Investigation, vol. 22(S), pp. S15–S25, 2017.

    Google Scholar 

  5. C. D’Orazio and K. Choo, A technique to circumvent SSL/TLS validations on iOS devices, Future Generation Computer Systems, vol. 74, pp. 366–374, 2017.

    Google Scholar 

  6. Federal Office of Justice, German Code of Criminal Procedure, Federal Ministry of Justice, Berlin, Germany (www.gesetze-im-internet.de/englisch_stpo/englisch_stpo.html), 2023.

  7. H. Fereidooni, J. Classen, T. Spink, P. Patras, M. Miettinen, A. Sadeghi, M. Hollick and M. Conti, Breaking fitness records without moving: Reverse engineering and spoofing Fitbit, in Research in Attacks, Intrusions and Defenses, M. Dacier, M. Bailey, M. Polychronakis and M. Antonakakis (Eds.), Springer, Cham, Switzerland, pp. 48–69, 2017.

    Google Scholar 

  8. Google, Changes to Trusted Certificate Authorities in Android Nougat, Mountain View, California (android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html), July 7, 2016.

    Google Scholar 

  9. C. Howden, L. Liu, Z. Ding, Y. Zhan and K. Lam, Moments in time: A forensic view of Twitter, Proceedings of the IEEE International Conference on Green Computing and Communications, IEEE International Conference on Internet of Things and IEEE International Conference on Cyber, Physical and Social Computing, pp. 899–908, 2013.

    Google Scholar 

  10. C. Howden, L. Liu, Z. Li, J. Li and N. Antonopoulos, Virtual vignettes: The acquisition, analysis and presentation of social network data, Science China Information Science, vol. 57, article no. 032104, 2014.

    Google Scholar 

  11. M. Huber, M. Mulazzani, M. Leithner, S. Schrittwieser, G. Wondracek and E. Weippl, Social snapshots: Digital forensics for online social networks, Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, pp. 113–122, 2011.

    Google Scholar 

  12. T. Hudson, Hacking your dishwasher or cloudless Home Connect appliances, presented at the SEC-T Conference (www.youtube.com/watch?v=rhbLgg8mWxs), 2023.

  13. T. Janarthanan, M. Bagheri and S. Zargari, IoT forensics: An overview of the current issues and challenges, in Digital Forensic Investigation of Internet of Things (IoT) Devices, R. Montasari, H. Jahankhani, R. Hill and S. Parkinson (Eds.), Springer, Cham, Switzerland, pp. 223–254, 2021.

    Google Scholar 

  14. O. Kayode and A. Tosun, Analysis of IoT traffic using an HTTP proxy, Proceedings of the IEEE International Conference on Communications, 2019.

    Google Scholar 

  15. C. Kudera, All your fitness data belongs to you: Reverse engineering the Huawei Health Android app, presented at Easterhegg 2019 (www.youtube.com/watch?v=xQflFhj8Z2w), 2019.

  16. Law Commission, Search Warrants, Law Commission no. 396, HC 852, London, United Kingdom (www.lawcom.gov.uk/project/search-warrants), 2020.

  17. M. Mazdadi, I. Riadi and A. Luthfi, Live forensics on RouterOS using API services to investigate network attacks, International Journal of Computer Science and Information Security, vol. 15(2), pp. 406–410, 2017.

    Google Scholar 

  18. Mozilla Foundation, NSS Key Log Format: Firefox Source Docs, San Francisco, California (firefox-source-docs.mozilla.org/security/nss/index.html), 2024.

    Google Scholar 

  19. Norwegian Ministry of Justice and Public Security, Act on Procedure in Criminal Matters (Criminal Procedures Act): Chapter 15 (in Norwegian), Oslo, Norway (lovdata.no/dokument/NL/lov/1981-05-22-25/KAPITTEL_4#KAPITTEL_4), 2023.

    Google Scholar 

  20. OpenSSL Project Authors, SSL_CTX_set_keylog_callback (www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_keylog_callback.html), 2018.

  21. D. Pawlaszczyk, M. Bochmann, P. Engler, C. Klaver and C. Hummert, API-based evidence acquisition in the cloud – A survey, Open Research Europe, vol. 2, article no. 69, 2022.

    Google Scholar 

  22. V. Roussev, A. Barreto and I. Ahmed, API-based forensic acquisition of cloud drives, in Advances in Digital Forensics XII, G. Peterson and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 213–235, 2016.

    Google Scholar 

  23. V. Roussev and S. McCulley, Forensic analysis of cloud-native artifacts, Digital Investigation, vol. 16(S), pp. S104–S113, 2016.

    Google Scholar 

  24. Y. Shin, H. Kim, S. Kim, D. Yoo, W. Jo and T. Shon, Certificate-injection-based encrypted traffic forensics in AI speaker ecosystem, Forensic Science International: Digital Investigation, vol. 33(S), article no. 301010, 2020.

    Google Scholar 

  25. Softscheck, Reverse engineering the TP-Link HS110, Sankt Augustin, Germany (www.softscheck.com/en/blog/tp-link-reverse-engineering), 2016.

  26. M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis and E. Markakis, A survey of Internet of Things (IoT) forensics: Challenges, approaches and open issues, IEEE Communications Surveys and Tutorials, vol. 22(2), pp. 1191–1221, 2020.

    Google Scholar 

  27. Supreme Court of Norway, HR-2019-610-A (Case no. 19-010640STR-HRET), Criminal Case, Appeal Against Order: Tidal Music AS v. The Public Prosecution Authority, Oslo, Norway (www.domstol.no/globalassets/upload/hret/decisions-in-english-translation/hr-2019-610-a.pdf), 2019.

  28. Swedish Parliament, Modernized Regulations on the Use of Coercive Measures (in Swedish), Stockholm, Sweden (www.riksdagen.se/sv/dokument-lagar/arende/betankande/modernare-regler-for-anvandningen-av-tvangsmedel_H901JuU15), 2022.

  29. Swedish Social Democratic Party, Modernized Regulations on the Use of Coercive Measures (in Swedish), Swedish Parliament, Stockholm, Sweden (www.regeringen.se/rattsliga-dokument/proposition/2022/02/prop.-202122119), 2022.

  30. T. Wu, F. Breitinger and I. Baggili, IoT ignorance is digital forensics research bliss: A survey to understand IoT forensics definitions, challenges and future research directions, Proceedings of the Fourteenth International Conference on Availability, Reliability and Security, article no. 46, 2019.

    Google Scholar 

  31. J. Yang, J. Kim, J. Bang, S. Lee and J. Park, CATCH: Cloud data acquisition through comprehensive and hybrid approaches, Forensic Science International: Digital Investigation, vol. 43(S), article no. 301442, 2022.

    Google Scholar 

  32. M. Youn, Y. Lim, K. Seo, H. Chung and S. Lee, Forensic analysis of AI speaker with display Echo Show 2nd generation as a case study, Forensic Science International: Digital Investigation, vol. 38(S), article no. 301130, 2021.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Stockholm University, Kista, Sweden

    Johannes Olegård & Stefan Axelsson

Authors
  1. Johannes Olegård
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Axelsson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Johannes Olegård .

Editor information

Editors and Affiliations

  1. Johns Hopkins University Applied Physics Laboratory, Laurel, MD, USA

    Elizabeth Kurkowski

  2. University of Tulsa, Tulsa, OK, USA

    Sujeet Shenoi

Rights and permissions

Reprints and permissions

Copyright information

© 2025 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Olegård, J., Axelsson, S. (2025). Digital Forensic Acquisition Using Private Internet of Things Cloud Application Programming Interfaces. In: Kurkowski, E., Shenoi, S. (eds) Advances in Digital Forensics XX. DigitalForensics 2024. IFIP Advances in Information and Communication Technology, vol 724. Springer, Cham. https://doi.org/10.1007/978-3-031-71025-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-71025-4_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-71024-7

  • Online ISBN: 978-3-031-71025-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics