First International Workshop on Internet of Things

Research Article

Internet of Things Forensics: Challenges and Approaches

Download2546 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2013.254159,
        author={Edewede Oriwoh and David Jazani and Gregory Epiphaniou and Paul Sant},
        title={Internet of Things Forensics: Challenges and Approaches},
        proceedings={First International Workshop on Internet of Things},
        publisher={ICST},
        proceedings_a={C-IOT},
        year={2013},
        month={11},
        keywords={internet of things; digital forensics; security; model},
        doi={10.4108/icst.collaboratecom.2013.254159}
    }
    
  • Edewede Oriwoh
    David Jazani
    Gregory Epiphaniou
    Paul Sant
    Year: 2013
    Internet of Things Forensics: Challenges and Approaches
    C-IOT
    ICST
    DOI: 10.4108/icst.collaboratecom.2013.254159
Edewede Oriwoh1,*, David Jazani1, Gregory Epiphaniou1, Paul Sant2
  • 1: University of Bedfordshire
  • 2: University Campus Milton Keynes
*Contact email: edewede.oriwoh@beds.ac.uk

Abstract

The scope of this paper is two-fold: firstly it proposes the application of a 1-2-3 Zones approach to Internet of Things (IoT)-related Digital Forensics (DF) investigations. Secondly, it introduces a Next-Best-Thing Triage (NBT) Model for use in conjunction with the 1-2-3 Zones approach where necessary and vice versa. These two ‘approaches’ are essential for the DF process from an IoT perspective: the atypical nature of IoT sources of evidence (i.e. Objects of Forensic Interest - OOFI), the pervasiveness of the IoT environment and its other unique attributes - and the combination of these attributes - dictate the necessity for a systematic DF approach to incidents. The two approaches proposed are designed to serve as a beacon to incident responders, increasing the efficiency and effectiveness of their IoT-related investigations by maximizing the use of the available time and ensuring relevant evidence identification and acquisition. The approaches can also be applied in conjunction with existing, recognised DF models, methodologies and frameworks.