Skip to main content
SpringerLink
Log in

Toward a unified and secure approach for extraction of forensic digital evidence from an IoT device

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The IoT devices have proliferated into human lives from simple mundane to advanced lifesaving activities by means of automation, control and monitoring. This rapid deployment of IoT devices has also made them to be used as weapon for attack in crimes possibly due to immature adaptation of security solution and/or advancement in technology. The extraction of digital evidence for digital forensic from an IoT device is an important step toward proving the crime in the court of law. The available solution and research focus is toward digital forensic models and frameworks for IoT environments with limited product-specific focus on IoT device. An earnest attempt is being made to define a unified and secure approach toward extraction of digital evidence from IoT devices that will facilitate digital forensics. Considering the vast and distinct types of IoT devices, it is crucial to identify the standard IoT device architecture in order to arrive at the approach for extraction of digital evidence from IoT devices. Threat modeling is used to summarize the security-related requirements as the security of the device requires to remain uncompromised while achieving the goal. The design is implemented and tested in an open source IoT device software platform and the reliability of the software is calculated using the reliability prediction. This approach can address the challenge of extracting data from varied and heterogeneous IoT devices and allow the investigators to focus on corroborating data to reconstruct the crime scene.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Data availability

The datasets supporting the conclusions of this article are included within the article.

References

  1. Conti, M., Dehghantanha, A., Franke, K., Watson, S.: Internet of Things security and forensics: challenges and opportunities. Futur. Gener. Comput. Syst. 78, 544–546 (2018). https://doi.org/10.1016/j.future.2017.07.060

    Article  Google Scholar 

  2. Alabdulsalam, S., Schaefer, K., Kechadi, T., Le-Khac, N.A.: Internet of things forensics – challenges and a case study, In: IFIP Advances in Information and Communication Technology, (2018). https://doi.org/10.1007/978-3-319-99277-8_3

  3. Watson, S., Dehghantanha, A.: Digital forensics: the missing piece of the Internet of Things promise. Computer Fraud Secur. 2016(6), 5–8 (2016). https://doi.org/10.1016/S1361-3723(15)30045-2

    Article  Google Scholar 

  4. Hegarty, R.C., Lamb, D.J., Attwood, A.: Digital evidence challenges in the Internet of Things. In: Proceedings of the Tenth International Network Conference (INC 2014), pp. 163–172, (2014)

  5. ITU, “ITU-T Y.4000/Y.2060 (06/2012),” ITU-T Recommendations, [online] Available: http://handle.itu.int/11.1002/1000/11559 (2016)

  6. Nieto, A., Rios, R., Lopez, J.: Iot-forensics meets privacy: towards cooperative digital investigations. Sensors (2018). https://doi.org/10.3390/s18020492

    Article  Google Scholar 

  7. Information technology- Security techniques- Electronic discovery- Part 1: overview and concepts, ISO/IEC 27050–1:2016, (2016)

  8. Information technology—Security techniques—Electronic discovery- Code of practice for electronic discovery, ISO/IEC 27050–3:2017, (2017)

  9. Nieto, A.,Rios, R., Lopez, J.: A methodology for privacy-aware iot-forensics. In: Proceedings-16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, pp. 626–633, 2017, https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.293

  10. Nieto, A., Roman, R., Lopez, J.: Digital witness: safeguarding digital evidence by using secure architectures in personal devices. IEEE Netw. 30(6), 34–41 (2016). https://doi.org/10.1109/MNET.2016.1600087NM

    Article  Google Scholar 

  11. Kebande, V. R., Ray, I.: A generic digital forensic investigation framework for Internet of Things (IoT) In: Proceedings- 2016 IEEE 4th International Conference on Future Internet of Things and Cloud, FiCloud 2016, pp. 356–362, 2016, https://doi.org/10.1109/FiCloud.2016.57.

  12. Perumal, S., Md Norwawi, N., Raman, V.: “Internet of Things(IoT) digital forensic investigation model: top-down forensic approach methodology, In: 2015 5th International Conference on Digital Information Processing and Communications, ICDIPC 2015, pp. 19–23, 2015, https://doi.org/10.1109/ICDIPC.2015.7323000

  13. Oriwoh, E., Williams, G.: Internet of Things: the argument for smart forensics. In: Handbook of Research on Digital Crime https://doi.org/10.4018/978-1-4666-6324-4.ch026

  14. Oriwoh, E., Jazani, D., Epiphaniou, G., Sant, P.: Internet of Things forensics: challenges and approaches. In: 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Austin, TX, 2013, pp. 608–615. https://doi.org/10.4108/icst.collaboratecom.2013.254159

  15. Meffert, C., Clark, D., Baggili, I., Breitinger, F.: Forensic state acquisition from Internet of Things (FSAIoT): a general framework and practical approach for IoT forensics through IoT device state acquisition, In: Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES '17). ACM, New York, NY, USA, Article 56, 11 pages. https://doi.org/10.1145/3098954.3104053

  16. Harbawi, M.,Varol, A.: An improved digital evidence acquisition model for the Internet of Things forensic I: a theoretical framework, In: 2017 5th International Symposium on Digital Forensic and Security (ISDFS), Tirgu Mures, 2017, pp. 1-6. https://doi.org/10.1109/ISDFS.2017.7916508

  17. Toldinas, J., Damaševičius, R., Venčkauskas, A., Jusas, V., Grigaliūnas, S.: Suitability of the digital forensic tools for investigation of cyber crime in the Internet of Things and Services. In: Proceedings RCITD (Proceedings in Research Conference in Technical Disciplines), vol. 3, no. March 2016, pp. 86–97, (2015) https://doi.org/10.18638/rcitd.2015.3.1.67

  18. Kebande, V.R., Karie, N.M., Venter, H.S.: Adding digital forensic readiness as a security component to the IoT domain. Int. J. Adv. Sci. Eng. Information Technol. 8(1), 1 (2018). https://doi.org/10.18517/ijaseit.8.1.2115

    Article  Google Scholar 

  19. Zawoad, S., Hasan, R.: FAIoT: towards building a forensics aware eco system for the Internet of Things, In: 2015 IEEE International Conference on Services Computing (SCC), New York City, NY, USA, pp. 279–284. (2015) https://doi.org/10.1109/SCC.2015.46

  20. Oriwoh, E., Sant, P.: The forensics edge management system: a concept and design, In: 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing, Vietri sul Mere, pp. 544–550. (2013) https://doi.org/10.1109/UIC-ATC.2013.71

  21. Nguyen, H., Ivanov, R., Phan, L.T.X., Sokolsky, O., Weimer, J., Lee, I.: LogSafe: secure and scalable data logger for IoT devices, In: 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI), Orlando, FL, pp. 141–152 (2018) https://doi.org/10.1109/IoTDI.201x`x`

  22. Dorai, G., Houshmand, S., Baggili, L.: I know what you did last summer: Your smart home internet of things and your iPhone forensically ratting you out, In Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018). Association for Computing Machinery, New York, NY, USA, Article 49, 1–10. https://doi.org/10.1145/3230833.3232814

  23. Harichandran, V.S., Walnycky, D., Baggili, I., Breitinger, F.: CuFA: a more formal definition for digital forensic artifacts. Digit. Investig. 18(Supplement), S125–S137 (2016). https://doi.org/10.1016/j.diin.2016.04.005

    Article  Google Scholar 

  24. Casey, E., Back, G., Barnum, S.: Leveraging CybOXTM to standardize representation and exchange of digital forensic information. Digit. Investig. 12(Supplement 1), S102–S110 (2015). https://doi.org/10.1016/j.diin.2015.01.014

    Article  Google Scholar 

  25. Saleem, S.: Protecting the integrity of digital evidence and basic human rights during the process of digital forensics, PhD dissertation, Department of Computer and Systems Scienc-es, Stockholm University, Stockholm, (2015)

  26. T. S. ETSI, “102 690 V1. 1.1, Machine-to-machine communications (M2M); functional architecture, International Telecommunication Union, Tech. Rep, (2011)

  27. The oneM2M Initiative, TS-0001-V3.17.0- functional architecture, oneM2M technical specification, (2019)

  28. Miller, L.: IoT security for dummies, Carrie A. Johnson, Ed.” Chichester, West Sussex, United Kingdom: Wiley (2016)

  29. Bauer, M., et al., Internet of Things – architecture IoT-a deliverable D1.5 – final architectural reference model for the IoT v3.0. (2013)

  30. GSMA, IoT device connection efficiency guidelines - version 3.0, (2016)

  31. GSMA, IoT security guidelines for endpoint ecosystems - version2.0, (2017)

  32. Bollo, J., LeMere, B.: Vehicles solve crime, Digital Forensics Magazine, February 2017, [online] Available: https://www.msab.com/2017/03/28/vehicles-solve-crime/ (2017)

  33. Scientific Working Group on Digital Evidence, “SWGDE Technical Notes on Internet of Things (IoT) Devices,” (2020)

  34. Chavez, N.: Arkansas judge drops murder charge in Amazon echo case, [online] Available: https://edition.cnn.com/2017/11/30/us/amazon-echo-arkansas-murder-case-dismissed/index.html (2017)

  35. Watts, A.: Cops use murdered woman’s fitbit to charge her husband, [online] Available: https://edition.cnn.com/2017/04/25/us/fitbit-womans-death-investigation-trnd/index.html (2017)

  36. Watts, A.: Pacemaker could hold key in Arson Case, [online] Available: https://edition.cnn.com/2017/02/08/us/pacemaker-arson---trnd/index.html (2017)

  37. Rana, N., Sansanwal, G., Khatter, K., Singh, S.: Taxonomy of digital forensics: investigation tools and challenges, CoRR, vol. abs/1709.06529, [Online]. Available: http://arxiv.org/abs/1709.06529 (2017)

  38. Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E., Markakis, E.K.: A survey on the Internet of Things (IoT) forensics: challenges, approaches, and open issues. IEEE Commun. Surv. Tutor. (2020). https://doi.org/10.1109/COMST.2019.2962586

    Article  Google Scholar 

  39. Yun, J., Ahn, I.Y., Song, J., Kim, J.: Implementation of sensing and actuation capabilities for IoT devices using oneM2M platforms. Sensors (Switzerland) (2019). https://doi.org/10.3390/s19204567

    Article  Google Scholar 

  40. The oneM2M Initiative, TS-0009-V3.5.0-HTTP Protocol Binding, oneM2M technical specification, (2019)

  41. The oneM2M Initiative, TS-0008-V3.6.0-CoAP Protocol Binding, oneM2M technical specification, (2020)

  42. The oneM2M Initiative, TS-0010-V3.1.0-MQTT Protocol Binding, oneM2M technical specification, (2020)

  43. The oneM2M Initiative, TS-0020-V3.0.1-WebSocket Protocol Binding, oneM2M techincal specification, (2019)

  44. The oneM2M Initiative, TS-0004-V3.15.0-Service Layer Core Protocol, oneM2M technical specification (2020)

  45. The oneM2M Initiative, TR-0057-V0.3.0-Getting started with oneM2M, oneM2M technical report (2019)

  46. Scientific working group on digital evidence, SWGDE Best Practices for the Acquisition of Data from Novel Digital Devices, (2017)

  47. Official website of arm platform security architecture solution, [online] Available: https://developer.arm.com/products/architecture/securityarchitectures/platform-security-architecture

  48. Scientific Working Group on Digital Evidence, SWGDE Best Practices for Vehicle Infotainment and Telematics Systems (2016)

  49. Yun, J., Ahn, I.Y., Sung, N.M., Kim, J.: A device software platform for consumer electronics based on the internet of things. IEEE Transactions Consumer Electron (2015). https://doi.org/10.1109/TCE.2015.7389813

    Article  Google Scholar 

  50. Ryu, M., Kim, J., Yun, J.: Integrated semantics service platform for the internet of things: a case study of a smart office. Sensors (Switzerland) (2015). https://doi.org/10.3390/s150102137

    Article  Google Scholar 

  51. Ryu, M., Yun, J., Miao, T., Ahn, I.Y., Choi, S.C., Kim, J.: Design and implementation of a connected farm for smart farming system, In: Proceedings of the IEEE Sensors, Busan, Korea, pp. 1724–1728, https://doi.org/10.1109/ICSENS.2015.7370624 (2015)

  52. Fattah, S., Sung, N.M., Ahn, I.Y., Ryu, M., Yun, J.: Building IoT services for aging in place using standard-based IoT platforms and heterogeneous IoT products. Sensors (Switzerland) (2017). https://doi.org/10.3390/s17102311

    Article  Google Scholar 

  53. Zia, T., Liu, P., Han, W.: Application-specific digital forensics investigative model in internet of things (IoT), In: Proceedings of the 12th International Conference on Availability, Reliability and Security - ARES ’17, (2017)

  54. The oneM2M Initiative, TS-0003-V3.10.2-Security Solutions, oneM2M technical specification (2019)

  55. Open Connectivity Foundation, OCF Security Specification version 2.1.0, (2019)

  56. Bradley, J., Sakimura, N., Jones, M.: JSON Web Signature (JWS) [RFC 7515] (2015)

  57. M. (Microsoft) Jones, JSON Web Algorithms (JWA) [RFC 7518]. (2015)

  58. “STIX™ Version 2.1. Edited by Bret Jordan, Rich Piazza, and Trey Darley”, OASIS Committee Specification 01, 20 March 2020, [online] Available: https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html (2020)

  59. The oneM2M Initiative, TS-0016-V3.0.2- Secure Environment Abstraction, oneM2M technical specification, (2019)

  60. ARM, A.: Security technology building a secure system using trustzone technology (white paper), ARM Limited (2009)

  61. oneM2M List of deployments, [online] Available: https://www.onem2m.org/using-onem2m/list-of-deployments

  62. OCEAN (Open alliance for IoT standards), [online] Available: http://www.iotocean.org/main/

  63. Node.js, [online] Available: https://nodejs.org/en/

  64. Raspberry Pi, [online] Available: https://www.raspberrypi.org/

  65. Enviro pHAT, [online] Available: https://learn.pimoroni.com/article/getting-started-with-enviro-phat

  66. OpenSSL, [online] Available: https://www.openssl.org/

  67. Abu Talib, M.: Towards early software reliability prediction for computer forensic tools (case study). Springerplus (2016). https://doi.org/10.1186/s40064-016-2539-0

    Article  Google Scholar 

  68. The oneM2M Initiative, TS-0033-V3.0.0- Interworking Framework, oneM2M techincal specification (2019)

  69. Official website of OneM2M Open Source Projects, [online] Available: https://www.onem2m.org/developers-corner/tools/open-source-projects.

Download references

Funding

The authors declare that they have not received any funding.

Author information

Authors and Affiliations

  1. Engineering and R & D Services, HCL Technologies, Chennai, 600058, India

    Kapilan Kulayan Arumugam Gandhi

  2. Department of Computer Science and Engineering, SSN College of Engineering, Chennai, 603110, India

    Chamundeswari Arumugam

Authors
  1. Kapilan Kulayan Arumugam Gandhi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chamundeswari Arumugam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kapilan Kulayan Arumugam Gandhi.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gandhi, K.K.A., Arumugam, C. Toward a unified and secure approach for extraction of forensic digital evidence from an IoT device. Int. J. Inf. Secur. 22, 417–431 (2023). https://doi.org/10.1007/s10207-022-00645-z

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-022-00645-z

Keywords

Search

Navigation