Skip to main content
Springer Nature Link
Log in

Digital Forensics for IoT and WSNs

  • Chapter
  • First Online:
Mission-Oriented Sensor Networks and Systems: Art and Science

Part of the book series: Studies in Systems, Decision and Control ((SSDC,volume 164))

Abstract

In the last decade, wireless sensor networks (WSNs) and Internet-of-Things (IoT) devices are proliferated in many domains including critical infrastructures such as energy, transportation and manufacturing. Consequently, most of the daily operations now rely on the data coming from wireless sensors or IoT devices and their actions. In addition, personal IoT devices are heavily used for social media applications, which connect people as well as all critical infrastructures to each other under the cyber domain. However, this connectedness also comes with the risk of increasing number of cyber attacks through WSNs and/or IoT. While a significant research has been dedicated to secure WSN/IoT, this still indicates that there needs to be forensics mechanisms to be able to conduct investigations and analysis. In particular, understanding what has happened after a failure or an attack is crucial to many businesses, which rely on WSN/IoT applications. Therefore, there is a great interest and need for understanding digital forensics applications in WSN and IoT realms. This chapter fills this gap by providing an overview and classification of digital forensics research and applications in these emerging domains in a comprehensive manner. In addition to analyzing the technical challenges, the chapter provides a survey of the existing efforts from the device level to network level while also pointing out future research opportunities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ahmed, I., Obermeier, S., Naedele, M., Richard III, G.G.: Scada systems: challenges for forensic investigators. Computer 45(12), 44–51 (2012)

    Article  Google Scholar 

  2. Akkaya, K., Younis, M.: A survey on routing protocols for wireless sensor networks. Ad Hoc Netw. 3(3), 325–349 (2005)

    Article  Google Scholar 

  3. Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E.: A survey on sensor networks. IEEE Commun. Mag. 40(8), 102–114 (2002)

    Article  Google Scholar 

  4. Alba, A.: Police, attorneys are using fitness trackers as court evidence (2016). http://www.nydailynews.com/news/national/police-attorneys-fitness-trackers-court-evidence-article-1.2607432

  5. Anderson, D.: White paper: red hat crash utility (2008)

    Google Scholar 

  6. Arora, A., Dutta, P., Bapat, S., Kulathumani, V., Zhang, H., Naik, V., Mittal, V., Cao, H., Demirbas, M., Gouda, M., et al.: A line in the sand: a wireless sensor network for target detection, classification, and tracking. Comput. Netw. 46(5), 605–634 (2004)

    Article  Google Scholar 

  7. Arora, M., Challa, R.K., Bansal, D.: Performance evaluation of routing protocols based on wormhole attack in wireless mesh networks. In: Second International Conference on Computer and Network Technology, pp. 102–104. IEEE (2010)

    Google Scholar 

  8. Ashton, K.: That internet of things thing. RFiD J. 22(7), 97–114 (2009)

    Google Scholar 

  9. Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)

    Article  Google Scholar 

  10. Ayers, R., Brothers, S., Jansen, W.: Guidelines on Mobile Device Forensics (draft), vol. 800, p. 101. NIST Special Publication (2013)

    Google Scholar 

  11. Baccelli, E., Hahm, O., Gunes, M., Wahlisch, M., Schmidt, T.C.: Riot os: towards an os for the internet of things. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 79–80. IEEE (2013)

    Google Scholar 

  12. Baronti, P., Pillai, P., Chook, V.W., Chessa, S., Gotta, A., Hu, Y.F.: Wireless sensor networks: A survey on the state of the art and the 802.15. 4 and zigbee standards. Comput. Commun. 30(7), 1655–1695 (2007)

    Article  Google Scholar 

  13. S. Bluetooth: Bluetooth specification version 1.1 (2001). http://www.bluetooth.com

  14. Boyer, S.A.: SCADA: Supervisory Control and Data Acquisition. International Society of Automation (2009)

    Google Scholar 

  15. Case, A., Cristina, A., Marziale, L., Richard, G.G., Roussev, V.: Face: automated digital evidence discovery and correlation. Digital Invest. 5, S65–S75 (2008)

    Article  Google Scholar 

  16. Chen, Y.-K.: Challenges and opportunities of internet of things. In: 17th Asia and South Pacific Design Automation Conference, pp. 383–388. IEEE (2012)

    Google Scholar 

  17. Christin, D., Reinhardt, A., Mogre, P.S., Steinmetz, R., et al.: Wireless sensor networks and the internet of things: selected challenges. In: Proceedings of the 8th GI/ITG KuVS Fachgespräch Drahtlose sensornetze, pp. 31–34 (2009)

    Google Scholar 

  18. Clarke, G.R., Reynders, D., Wright, E.: Practical modern SCADA protocols: DNP3, 60870.5 and related systems, Newnes (2004)

    Google Scholar 

  19. Committee, I.S., et al.: Isa100. 11a, wireless systems for industrial automation: process control and related applications. Technical Report, Research Triangle Park, North Carolina (2009)

    Google Scholar 

  20. C. Computing: Toward a multi-tenancy authorization system for cloud services (2010)

    Google Scholar 

  21. Cyr, B., Horn, W., Miao, D., Specter, M.: Security analysis of wearable fitness devices (fitbit), p. 1. Massachusets Institute of Technology (2014)

    Google Scholar 

  22. Demirkol, I., Ersoy, C., Alagoz, F.: Mac protocols for wireless sensor networks: a survey. IEEE Commun. Mag. 44(4), 115–121 (2006)

    Article  Google Scholar 

  23. I. Devices. Various iot devices (2016). http://iotlist.co

  24. DoJ: Electronic crime scene investigation: a guide for first responders (2001)

    Google Scholar 

  25. Dunkels, A., Gronvall, B., Voigt, T.: Contiki-a lightweight and flexible operating system for tiny networked sensors. In: 2004 29th Annual IEEE International Conference on Local Computer Networks, pp. 455–462. IEEE (2004)

    Google Scholar 

  26. Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Soulsby, H., Stoddart, K.: A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure, pp. 27–39. Springer International Publishing, Cham (2016). https://doi.org/10.1007/978-3-319-33331-1_3. ISBN 978-3-319-33331-1

    Chapter  Google Scholar 

  27. Estrin, D., Govindan, R., Heidemann, J., Kumar, S.: Next century challenges: scalable coordination in sensor networks. In: Proceedings of the 5th annual ACM/IEEE International Conference on Mobile Computing and Networking, pp. 263–270. ACM (1999)

    Google Scholar 

  28. Gaura, E., Newman, R.: Smart MEMS and Sensor Systems. World Scientific (2006)

    Google Scholar 

  29. Google: Android things (2016). https://developer.android.com/things/index.html

  30. Google: Google trends (2016). https://www.google.com/trends

  31. Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of things (iot): a vision, architectural elements, and future directions. Future Gener. Comput. Syst. 29(7), 1645–1660 (2013)

    Article  Google Scholar 

  32. Hegarty, R., Lamb, D., Attwood, A.: Digital evidence challenges in the internet of things. In: Proceedings of the Tenth International Network Conference (INC 2014), p. 163 (2014). www.Lulu.com

  33. Hosain, S.: Reality check: 50b iot devices connected by 2020 beyond the hype and into reality (2016). http://www.rcrwireless.com/20160628/opinion/reality-check-50b-iot-devices-connected-2020-beyond-hype-reality

  34. iFixit. Fitbit flex teardown (2016). https://www.ifixit.com/Teardown/Fitbit+Flex+Teardown/16050

  35. B. Intelligence: Chip-off forensics (2016). http://www.binaryintel.com/services/jtag-chip-off-forensics/chip-off_forensics/

  36. Jahanbin, A., Ghafarian, A., Seno, S.A.H., Nikookar, S.: Computer forensics approach based on autonomous intelligent multi-agent system. Int. J. Database Theory Appl. 6(5), 1–12 (2013)

    Article  Google Scholar 

  37. Jiang, L., Da Xu, L., Cai, H., Jiang, Z., Bu, F., Xu, B.: An iot-oriented data storage framework in cloud computing platform. IEEE Trans. Ind. Inform. 10(2), 1443–1451 (2014)

    Article  Google Scholar 

  38. Jiang, Y., Zhang, L., Wang, L.: Wireless sensor networks and the internet of things. Int. J. Distrib. Sens. Netw. 9(6), 589750 (2013). https://doi.org/10.1155/2013/589750

    Article  Google Scholar 

  39. Karabiyik, U.: Building an intelligent assistant for digital forensics. Ph.D Thesis, The Florida State University (2015)

    Google Scholar 

  40. Khaitan, S.K., McCalley, J.D.: Design techniques and applications of cyberphysical systems: a survey. IEEE Syst. J. 9(2), 350–365 (2015)

    Article  Google Scholar 

  41. Kleinmann, A., Wool, A.: Accurate modeling of the siemens s7 scada protocol for intrusion detection and digital forensics. J. Digit. Forensics Secur. Law 9(2), 4 (2014)

    Google Scholar 

  42. Ko, J., Terzis, A., Dawson-Haggerty, S., Culler, D.E., Hui, J.W., Levis, P.: Connecting low-power and lossy networks to the internet. IEEE Commun. Mag. 49(4) (2011)

    Google Scholar 

  43. Kollár, I.: Forensic Ram Dump Image Analyzer (2010)

    Google Scholar 

  44. Krutz, R.L.: Securing SCADA Systems. Wiley (2005)

    Google Scholar 

  45. Kumar, V., Oikonomou, G., Tryfonas, T., Page, D., Phillips, I.: Digital investigations for ipv6-based wireless sensor networks. Digit. Investig. 11, S66–S75 (2014)

    Article  Google Scholar 

  46. Kumar, V., Oikonomou, G., Tryfonas, T.: Traffic forensics for ipv6-based wireless sensor networks and the internet of things. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pp. 633–638. IEEE (2016)

    Google Scholar 

  47. Levis, P., Madden, S., Polastre, J., Szewczyk, R., Whitehouse, K., Woo, A., Gay, D., Hill, J., Welsh, M., Brewer, E., et al.: Tinyos: an operating system for sensor networks. Ambient Intell. 35, 115–148 (2005)

    Article  Google Scholar 

  48. Li, F., Xiong, P.: Practical secure communication for integrating wireless sensor networks into the internet of things. IEEE Sens. J. 13(10), 3677–3684 (2013)

    Article  Google Scholar 

  49. Li, T., Liu, Y., Tian, Y., Shen, S., Mao, W.: A storage solution for massive iot data based on nosql. In: 2012 IEEE International Conference on Green Computing and Communications (GreenCom), pp. 50–57. IEEE (2012)

    Google Scholar 

  50. Mainetti, L., Patrono, L., Vilei, A.: Evolution of wireless sensor networks towards the internet of things: a survey. In: 2011 19th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pp. 1–6. IEEE (2011)

    Google Scholar 

  51. Manjrasoft: Aneka: enabling .net-based enterprise grid and cloud computing (2016). http://www.manjrasoft.com

  52. Minerva, R., Biru, A., Rotondi, D.: Towards a definition of the internet of things (iot). IEEE Internet Initiative 1 (2015)

    Google Scholar 

  53. Miorandi, D., Sicari, S., De Pellegrini, F., Chlamtac, I.: Internet of things: vision, applications and research challenges. Ad Hoc Netw. 10(7), 1497–1516 (2012)

    Article  Google Scholar 

  54. I. Modbus: Modbus application protocol specification v1. 1a. North Grafton, Massachusetts (2004). www.modbus.org/specs.php

  55. Mouton, F., Venter, H.: A secure communication protocol for wireless sensor networks. In: Proceedings of the Annual Security Conference, Security Assurance and Privacy: Organizational Challenges, Las Vegas (2009)

    Google Scholar 

  56. Mouton, F., Venter, H.: A prototype for achieving digital forensic readiness on wireless sensor networks. In: AFRICON, pp. 1–6. IEEE (2011)

    Google Scholar 

  57. Mouton, F., Venter, H.S.: Requirements for wireless sensor networks in order to achieve digital forensic readiness. In: WDFIA, pp. 108–121 (2011)

    Google Scholar 

  58. Muniswamy-Reddy, K.-K., Holland, D.A., Braun, U., Seltzer, M.I.: Provenance-aware storage systems. In: USENIX Annual Technical Conference, General Track, pp. 43–56 (2006)

    Google Scholar 

  59. News4JAX: Fitness tracker data used in court cases (2016). http://www.click2houston.com/news/fitness-tracker-data-used-in-court-cases

  60. Nikkel, B.J.: An introduction to investigating ipv6 networks. Digit. Invest. 4(2), 59–67 (2007)

    Article  Google Scholar 

  61. OpenEmbedded: Openembedded, the build framework for embedded linux (2017). http://www.openembedded.org/wiki/Main_Page

  62. Oriwoh, E.,Sant, P.: The forensics edge management system: a concept and design. In: Ubiquitous Intelligence and Computing, 2013 IEEE 10th International Conference on and 10th International Conference on Autonomic and Trusted Computing (UIC/ATC), pp. 544–550. IEEE (2013)

    Google Scholar 

  63. Patzlaff, H.: D7. 1 preliminary report on forensic analysis for industrial systems. In: CRISALIS Consortium, Symantec, Sophia Antipolis, France (2013)

    Google Scholar 

  64. Peña-López, I.: ITU internet report 2005: the internet of things (2005)

    Google Scholar 

  65. Pereira, P.P., Eliasson, J., Kyusakov, R., Delsing, J., Raayatinezhad, A., Johansson, M.: Enabling cloud connectivity for mobile internet of things applications. In: 2013 IEEE 7th International Symposium on Service Oriented System Engineering (SOSE), pp. 518–526. IEEE (2013)

    Google Scholar 

  66. Perumal, S., Norwawi, N.M., Raman, V.: Internet of things (iot) digital forensic investigation model: top-down forensic approach methodology. In: 2015 Fifth International Conference on Digital Information Processing and Communications (ICDIPC), pp. 19–23. IEEE (2015)

    Google Scholar 

  67. Rabieh, K., Akkaya, K., Karabiyik, U., Qamruddin, J.: A secure and cloud-based medical records access scheme for on-road emergencies. In: 2018 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp. 1–8. IEEE (2018)

    Google Scholar 

  68. Rajkumar, R.R., Lee, I., Sha, L., Stankovic, J.: Cyber-physical systems: the next computing revolution. In: Proceedings of the 47th Design Automation Conference, pp. 731–736. ACM (2010)

    Google Scholar 

  69. Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud forensics. In: IFIP International Conference on Digital Forensics, pp. 35–46. Springer (2011)

    Google Scholar 

  70. Saltaformaggio, B., Bhatia, R., Zhang, X., Xu, D., Richard III, G.G.: Screen after previous screens: Spatial-temporal recreation of android app displays from memory images. In: USENIX Security Symposium, pp. 1137–1151 (2016)

    Google Scholar 

  71. Shahzad, A., Musa, S., Aborujilah, A., Irfan, M.: Industrial control systems (icss) vulnerabilities analysis and scada security enhancement using testbed encryption. In: Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, pp. 7. ACM (2014)

    Google Scholar 

  72. Shelby, Z., Bormann, C.: 6LoWPAN: the wireless embedded Internet, vol. 43. Wiley (2011)

    Google Scholar 

  73. Sheng, Z., Yang, S., Yu, Y., Vasilakos, A., Mccann, J., Leung, K.: A survey on the ietf protocol suite for the internet of things: standards, challenges, and opportunities. IEEE Wirel. Commun. 20(6), 91–98 (2013)

    Article  Google Scholar 

  74. Siegal, J.: One Womans Fitbit just Decided a Criminal Case (2016). http://bgr.com/2016/04/20/fitbit-fitness-tracker-legal-case/

  75. SiliconLabs: Battery size matters (2016). http://www.silabs.com/products/wireless/Pages/battery-life-in-connected-wireless-iot-devices.aspx

  76. Skorobogatov, S.: The bumpy road towards iphone 5c nand mirroring (2016). arXiv:1609.04327

  77. Song, J., Han, S., Mok, A., Chen, D., Lucas, M., Nixon, M., Pratt, W.: Wirelesshart: applying wireless technology in real-time industrial process control. In: Real-Time and Embedded Technology and Applications Symposium, 2008. RTAS’08. IEEE, pp. 377–386. IEEE (2008)

    Google Scholar 

  78. Stirland, J., Jones, K., Janicke, H., Wu, T.: Developing cyber forensics for scada industrial control systems. In: The International Conference on Information Security and Cyber Forensics (InfoSec2014), pp. 98–111. The Society of Digital Information and Wireless Communication (2014)

    Google Scholar 

  79. Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security, vol. 800, no. 82, pp. 16–16. NIST Special Publication (2011)

    Google Scholar 

  80. Sundmaeker, H., Guillemin, P., Friess, P., Woelfflé, S.: Vision and challenges for realising the internet of things. Cluster of European Research Projects on the Internet of Things, European Commision (2010)

    Google Scholar 

  81. Swauger, J.: Chip-off Forensics (2012)

    Google Scholar 

  82. Sylve, J., Case, A., Marziale, L., Richard, G.G.: Acquisition and analysis of volatile memory from android devices. Digit. Invest. 8(3), 175–184 (2012)

    Article  Google Scholar 

  83. Szewczyk, R., Mainwaring, A., Polastre, J., Anderson, J., Culler, D.: An analysis of a large scale habitat monitoring application. In: Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems, pp. 214–226. ACM (2004)

    Google Scholar 

  84. Tan, J.: Forensic Readiness. Cambridge, MA, Stake, pp. 1–23 (2001)

    Google Scholar 

  85. Taveras, P.: Scada live forensics: real time data acquisition process to detect, prevent or evaluate critical situations. Eur. Sci. J. ESJ, 9(21) (2013)

    Google Scholar 

  86. Tillman, K.: How many internet connections are in the world? right now (2013). http://blogs.cisco.com/news/cisco-connections-counter

  87. Triki, B., Rekhis, S., Boudriga, N.: Digital investigation of wormhole attacks in wireless sensor networks. In: 2009 Eighth IEEE International Symposium on Network Computing and Applications, NCA 2009, pp. 179–186. IEEE (2009)

    Google Scholar 

  88. Walters, J.P., Liang, Z., Shi, W., Chaudhary, V.: Wireless sensor network security: a survey. In: Security in Distributed, Grid, Mobile, and Pervasive Computing vol. 1, p. 367 (2007)

    Google Scholar 

  89. Wang, C., Sohraby, K., Li, B., Daneshmand, M., Hu, Y.: A survey of transport protocols for wireless sensor networks. IEEE Netw. 20(3), 34–40 (2006)

    Article  Google Scholar 

  90. Werner-Allen, G., Lorincz, K., Ruiz, M., Marcillo, O., Johnson, J., Lees, J., Welsh, M.: Deploying a wireless sensor network on an active volcano. IEEE Internet Comput. 10(2), 18–25 (2006)

    Article  Google Scholar 

  91. Williams, W.: How friday’s cyberattack shut down netflix, twitter, and spotify (2016). http://www.csmonitor.com/Technology/2016/1023/How-Friday-s-cyberattack-shut-down-Netflix-Twitter-and-Spotify

  92. Wu, T., Disso, J.F.P., Jones, K., Campos, A.: Towards a scada forensics architecture. In: Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research 2013, pp. 12–21. BCS (2013)

    Google Scholar 

  93. Xu, N.: A survey of sensor network applications. IEEE Commun. Mag. 40(8), 102–114 (2002)

    Article  Google Scholar 

  94. Yang, H., Zhuge, J., Liu, H., Liu, W.: A tool for volatile memory acquisition from android devices. In: IFIP International Conference on Digital Forensics, pp. 365–378. Springer (2016)

    Google Scholar 

  95. Zaharis, A., Martini, A.I., Perlepes, L., Stamoulis, G., Kikiras, P.: Live forensics framework for wireless sensor nodes using sandboxing. In: Proceedings of the 6th ACM Workshop on QoS and Security for Wireless and Mobile Networks, pp. 70–77. ACM (2010)

    Google Scholar 

  96. Zawoad, S., Hasan, R.: Faiot: Towards building a forensics aware eco system for the internet of things. In: 2015 IEEE International Conference on Services Computing (SCC), pp. 279–284. IEEE (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Information Technology, Purdue University, Knoy Hall, Room 225 401 N. Grant St., West Lafayette, IN, 47907, USA

    Umit Karabiyik

  2. Department of Electrical and Computer Engineering, Florida International University, Miami, FL, 33174, USA

    Kemal Akkaya

Authors
  1. Umit Karabiyik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kemal Akkaya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Umit Karabiyik .

Editor information

Editors and Affiliations

  1. Wireless Sensor and Mobile Ad-hoc Network Applied Cryptography Engineering (WiSeMAN-ACE) Research Lab, Department of Electrical Engineering and Computer Science, Frank H. Dotterweich College of Engineering, Texas A&M University-Kingsville, Kingsville, TX, USA

    Habib M. Ammari

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer International Publishing AG, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Karabiyik, U., Akkaya, K. (2019). Digital Forensics for IoT and WSNs. In: Ammari, H. (eds) Mission-Oriented Sensor Networks and Systems: Art and Science. Studies in Systems, Decision and Control, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-92384-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-92384-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-92383-3

  • Online ISBN: 978-3-319-92384-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics