Internet of Things (IoT) Forensics: Needs and Challenges - Digital Forensics | Intelligence | Surveillance

While crime has always existed in human society, the forms in which it is perpetrated are continually evolving. The constantly changing nature of technology gives criminals new tools and strategies to commit crimes. Criminal investigations historically have depended mostly on the examination of physical evidence, the examination of the crime scene, interacting with witnesses and obtaining statements from them, as well as questioning the suspects. In today’s world, or, rather, in today’s digital era, a criminal investigator must be aware that the evidence they must inspect may be in electronic or digital form. Instead of the typical “physical” scene, the crime scene may be of a computer system, digital devices, or network traffic/log, in which computer-generated log files, metadata, or browsing history may serve as the “witnesses.”

Cybercrimes are on the rise as a result of technological advancements, our growing connectivity to the Internet, and everyday devices. Because of these advancements and the anonymity provided by the Internet, criminals are more likely to commit crimes involving computers and cybernetics. The Internet of Things (IoT) is a modern phenomenon that has greatly impacted technology. Ordinary devices can thereby be uniquely identified, contacted, and addressed. To crack down on illegal activities, digital forensics is necessary.
The main purpose of this blog is to look into the major factors that contributed to this sea change, show how digital forensics and cybercrime investigations are adapting to the new wave of cybercrime, and highlight how digital forensics have developed from the infancy of computer forensics to mobile forensics to network/cloud forensics and how the focus is now turning to IoT forensics. Will further discuss the need for and challenges of IoT.
Overview of Internet of Things (IoT)

The newest kid on the block in the world of digital forensics is “IoT Forensics.” It focuses on data captured from IoT devices and uses the same process as standard computer forensics, including identification, preservation, analysis, presentation, and report writing.

The Internet of Things, or IoT, is a network of interconnected devices with sensors and software that are linked to automated systems to gather data. Depending on the data gathered, different actions can be taken. One of the fastest-growing markets, it is predicted that more than 43 billion devices will connect to the internet, while spending on security measures is forecast to hit $6 billion during 2023 (Forbes).

IoT systems typically consist of IoT infrastructures, services, applications, and interfaces to other applications and services. These components can be grouped into four levels, as indicated in the below figure:

1) Sensing layer, which consists of information-gathering sensors such as smart sensors, radio frequency identification (RFID), and IoT end components;
2) Network layer, architecture for supporting connectivity to the Internet and other devices;
3) Service layer, which provides and manages services to users or other applications; and
4) Application-interface layer, which provides an interface to users or other services.

Why IoT Forensics is needed:

The widespread use of Internet-connected devices and sensors has made lives easier and provided numerous benefits. However, it also increases attack vulnerabilities, making it more vulnerable to cyberattacks. Previously, it was thought that IoT devices could only provide a limited amount of information on specific parameters such as movement, position, steps taken, distance travelled, number of calories burned, and so on, but recent research has revealed that it is possible to extract even more data from devices, such as system activity logs that contain information on the events captured by the device sensors as well as the orders sent by users.

These details can help an investigator get a clearer picture. For instance, information from a smartwatch can be used to identify a suspect or deduce what they were doing at the time if the suspect is wearing one. These details can aid investigators in understanding what occurred, when it occurred, and whose user account gave commands to which devices during an investigation.

While investigating, we need to be able to collect and evaluate data from IoT devices in a forensically sound manner in order to determine how the device was compromised, what other systems were accessed from the device, etc. This is the only requirement that applies while we are conducting an investigation. Attackers target IoT devices with the intention of leveraging them to infiltrate enterprise systems.

Forensics Challenges within IoT:

While the Internet of Things provides numerous benefits for criminal investigations, it also presents some challenges for investigators, none of which have a simple solution.

The interesting fact is that the features that make IoT devices excellent digital witnesses to crimes, also become obstacles in the path of forensic investigations.

1. The analysis of network traffic is the first difficulty. Data traffic that is encrypted is spreading more and more. While it is great for users, it poses a significant challenge for investigators, who would be unable to gather crucial traces of data that are being sent and received by IoT devices.

2. Another significant issue that investigators face when working with IoT data is establishing a link between digital traces and physical activities and entities. Despite the fact that IoT is very helpful for investigators in creating a timeline and reconstructing the events in great detail, one inaccurate assumption or one missed event could drastically skew the results, leading to illogical and incorrect conclusions.

3. The legal admissibility of IoT evidence, however, is the biggest difficulty of all. Each piece of data gathered from an IoT device, a smartphone, or the cloud needs to be thoroughly investigated and presented such that even the ordinary person can understand its significance in a court of law. It would have to be supported by professional arguments as well as other types of proof.

4. The chain of custody must be upheld once the data has been collected, and the data’s integrity must be confirmed and verifiable. IoT forensics makes it difficult to maintain a solid Chain of Custody because evidence is gathered from numerous remote servers. Another issue is the potential for the evidence to be overwritten because these devices often have limited storage space and the system runs continuously.

Conclusion:

IoT is a crucial field of study and a significant division of digital forensics. The Internet of Things is an intriguing and difficult subject full of opportunity. It is crucial that these devices are secured and have a reliable method of investigation if and when a breach occurs because, as more and more devices are connected to one another, the attack surface on the target increases. Given the vast array of applications the technology provides, there is a very high need for professionals with expertise in dealing with, understanding, and building IoT solutions.

Pelorus offers industry-leading training and advanced digital forensics solutions, helping law enforcement agencies quickly investigate digital crimes.

To know more about our training programs, reach out to us today!

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Mobile Forensics

Media & Social Media Analytics

Drone Forensics

OSINT

Advanced Wireless Device Shielding

Enterprise Forensics

Computer & Disk Forensics

CDR/IPDR/SDR Analytics Tools

Cryptocurrency

DVR Forensics

Forensics Acoustics

CHILD SEXUAL ABUSE MATERIAL (CSAM)

Image & Video Forensics

Mac Forensics

Embedded Systems

Malware Forensics

Counter Surveillance Tools

Password recovery tools

Telegram Monitoring

Network Forensics

Cyber Threat Intelligence

Field Triage Tools

Damaged Drive Forensics

Big Data Intelligence & Fusion Solutions

Website Forensics

End-to-End Embedded System

Forensic Disk Duplicators

Security & surveillance
Systems

Cloud Forensics

Email Forensics

Forensics Bridges

Digital Forensic and Incident Response

Leave a Reply Cancel reply