The investigative significance of digital artefacts discovered in forensic images of household IoT devices using open-source software

As the IoT technology grows, forensic practitioners more often come across IoT devices that present significant challenges to their investigations. IoT devices lack any standardisation in design and security. As a result, the devices can be incredibly different to one another either by running other operating systems or using various data formats and network protocols. IoT devices also use Real-Time operating systems that only store data when used, creating challenges in the data acquisition stage and the analysis stage. The structure of the wider IoT environment also presents jurisdiction and data location challenges, such as identifying who owns the data and how to preserve its integrity. The forensic investigation in the IoT environment involves a combination of cloud forensics, network forensics, and device forensics where there is a lack of a systematic framework for investigation as well as suitable forensic tools. In this study, a comprehensive analysis of IoT datasets published by NIST was conducted to discover the evidential significance of data stored in these IoT devices in order to assist forensic practitioners in their investigations. Two open-source tools (Autopsy and bulk_extractor) were used in this research. Their performance was evaluated. A triage method was proposed to help investigators identify the most forensically valuable IoT devices in a crime scene. The proposal prioritised devices that contained the most significant evidence, which can be used as a starting point in any investigation.