The investigative significance of digital artefacts discovered in forensic images of household IoT devices using open-source software

Tools

KUNEV, Dimitar, JANARTHANAN, Tharmini and ZARGARI, Shahrzad (2021). The investigative significance of digital artefacts discovered in forensic images of household IoT devices using open-source software. International Journal of Intelligent Computing Research, 12 (1), 1096-1104.

[img]
Preview
 PDF
The-Investigative-Significance-of-Digital-Artefacts-Discovered-in-Forensic-Images-of-Household-IoT-Devices.pdf - Published Version
Creative Commons Attribution.
Download (975kB) | Preview
Open Access URL: https://infonomics-society.org/wp-content/uploads/... (Published version)

Abstract

As the IoT technology grows, forensic practitioners more often come across IoT devices that present significant challenges to their investigations. IoT devices lack any standardisation in design and security. As a result, the devices can be incredibly different to one another either by running other operating systems or using various data formats and network protocols. IoT devices also use Real-Time operating systems that only store data when used, creating challenges in the data acquisition stage and the analysis stage. The structure of the wider IoT environment also presents jurisdiction and data location challenges, such as identifying who owns the data and how to preserve its integrity. The forensic investigation in the IoT environment involves a combination of cloud forensics, network forensics, and device forensics where there is a lack of a systematic framework for investigation as well as suitable forensic tools. In this study, a comprehensive analysis of IoT datasets published by NIST was conducted to discover the evidential significance of data stored in these IoT devices in order to assist forensic practitioners in their investigations. Two open-source tools (Autopsy and bulk_extractor) were used in this research. Their performance was evaluated. A triage method was proposed to help investigators identify the most forensically valuable IoT devices in a crime scene. The proposal prioritised devices that contained the most significant evidence, which can be used as a starting point in any investigation.

Item Type: Article
Identification Number: https://doi.org/10.20533/ijicr.2042.4655.2021.0133
Page Range: 1096-1104
SWORD Depositor: Symplectic Elements
Depositing User: Symplectic Elements
Date Deposited: 04 Apr 2022 13:45
Last Modified: 04 Apr 2022 14:00
URI: https://shura.shu.ac.uk/id/eprint/30040

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics