Christopher Meffert
ABSTRACT
IoT device forensics is a difficult problem given that manufactured IoT devices are not standardized, many store little to no historical data, and are always connected; making them extremely volatile. The goal of this paper was to address these challenges by presenting a primary account for a general framework and practical approach we term Forensic State Acquisition from Internet of Things (FSAIoT). We argue that by leveraging the acquisition of the state of IoT devices (e.g. if an IoT lock is open or locked), it becomes possible to paint a clear picture of events that have occurred. To this end, FSAIoT consists of a centralized Forensic State Acquisition Controller (FSAC) employed in three state collection modes: controller to IoT device, controller to cloud, and controller to controller. We present a proof of concept implementation using openHAB -- a device agnostic open source IoT device controller -- and self-created scripts, to resemble a FSAC implementation. Our proof of concept employed an Insteon IP Camera as a controller to device test, an Insteon Hub as a controller to controller test, and a nest thermostat for a a controller to cloud test. Our findings show that it is possible to practically pull forensically relevant state data from IoT devices. Future work and open research problems are shared.
- Tamas Abraham and Olivier de Vel. 2002. Investigative profiling with computer forensic log data and association rules. In Data Mining, 2002. ICDM 2003. Proceedings. 2002 IEEE International Conference on. IEEE, 11--18. Google Scholar
Digital Library
- Ibrahim Baggili, Jeff Oduro, Kyle Anthony, Frank Breitinger, and Glenn McGee. 2015. Watch what you wear: preliminary forensic analysis of smart watches. In Availability, Reliability and Security (ARES), 2015 10th International Conference on. IEEE, 303--311. Google ScholarDigital Library
- Konstantia Barmpatsalou, Dimitrios Damopoulos, Georgios Kambourakis, and Vasilios Katos. 2013. A critical review of 7 years of Mobile Device Forensics. Digital Investigation 10, 4 (2013), 323--349. Google ScholarDigital Library
- Simson L Garfinkel. 2010. Digital forensics research: The next 10 years. digital investigation 7 (2010), S64--S73. Google ScholarDigital Library
- Pavel Gladyshev and Ahmed Patel. 2004. Finite state machine approach to digital event reconstruction. Digital Investigation 1, 2 (2004), 130--149. Google ScholarDigital Library
- Sharon P Hall and Eric Anderson. 2009. Operating systems for mobile computing. Journal of Computing Sciences in Colleges 25, 2 (2009), 64--71. Google ScholarDigital Library
- Vikram S Harichandran, Frank Breitinger, Ibrahim Baggili, and Andrew Marrington. 2016. A cyber forensics needs analysis survey: Revisiting the domain's needs a decade later. Computers & Security 57 (2016), 1--13. Google ScholarDigital Library
- Andrew Marrington, Ibrahim Baggili, George Mohay, and Andrew Clark. 2011. CAT Detect (Computer Activity Timeline Detection): A tool for detecting inconsistency in computer activity timelines. digital investigation 8 (2011), S52--S61. Google ScholarDigital Library
- Edewede Oriwoh, David Jazani, Gregory Epiphaniou, and Paul Sant. 2013. Internet of Things Forensics: Challenges and approaches. In Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), 2013 9th International Conference Conference on. IEEE, 608--615.Google Scholar
- Edewede Oriwoh and Paul Sant. 2013. The forensics edge management system: A concept and design. In Ubiquitous Intelligence and Computing, 2013 IEEE 10th International Conference on and 10th International Conference on Autonomic and Trusted Computing (UIC/ATC). IEEE, 544--550. Google ScholarDigital Library
- Joseph Ricci, Ibrahim Baggili, and Frank Breitinger. 2016. Watch What You Wear: Smartwatches and. Managing Security Issues and the Hidden Dangers of Wearable Technologies (2016), 47.Google Scholar
- Ting Sang. 2013. A log based approach to make digital forensics easier on cloud computing. In Intelligent System Design and Engineering Applications (ISDEA), 2013 Third International Conference on. IEEE, 91--94. Google ScholarDigital Library
- Shams Zawoad and Ragib Hasan. 2015. FAIoT: Towards Building a Forensics Aware Eco System for the Internet of Things. In Services Computing (SCC), 2015 IEEE International Conference on. IEEE, 279--284. Google ScholarDigital Library
- Ben Zhang, Nitesh Mor, John Kolb, Douglas S Chan, Ken Lutz, Eric Allman, John Wawrzynek, Edward A Lee, and John Kubiatowicz. 2015. The Cloud is Not Enough: Saving IoT from the Cloud. In HotCloud. Google ScholarDigital Library
Recommendations
Internet of things security: challenges and perspectives
No one can deny that the Internet of Things (IOT) will revolutionize our daily thanks to its many benefits in order to improve and simplify people's lives. Us any new technology the internet of things has a number of problems that prevents it to reach ...
The internet of things: a survey
In recent year, the Internet of Things (IoT) has drawn significant research attention. IoT is considered as a part of the Internet of the future and will comprise billions of intelligent communicating `things'. The future of the Internet will consist of ...
Comments