Internet of Things Forensics: Challenges and approaches

9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing Pub Date : 2013-11-12 DOI:10.4108/ICST.COLLABORATECOM.2013.254159

Edewede Oriwoh, D. Jazani, G. Epiphaniou, P. Sant

{"title":"Internet of Things Forensics: Challenges and approaches","authors":"Edewede Oriwoh, D. Jazani, G. Epiphaniou, P. Sant","doi":"10.4108/ICST.COLLABORATECOM.2013.254159","DOIUrl":null,"url":null,"abstract":"The scope of this paper is two-fold: firstly it proposes the application of a 1-2-3 Zones approach to Internet of Things (IoT)-related Digital Forensics (DF) investigations. Secondly, it introduces a Next-Best-Thing Triage (NBT) Model for use in conjunction with the 1-2-3 Zones approach where necessary and vice versa. These two `approaches' are essential for the DF process from an IoT perspective: the atypical nature of IoT sources of evidence (i.e. Objects of Forensic Interest - OOFI), the pervasiveness of the IoT environment and its other unique attributes - and the combination of these attributes - dictate the necessity for a systematic DF approach to incidents. The two approaches proposed are designed to serve as a beacon to incident responders, increasing the efficiency and effectiveness of their IoT-related investigations by maximizing the use of the available time and ensuring relevant evidence identification and acquisition. The approaches can also be applied in conjunction with existing, recognised DF models, methodologies and frameworks.","PeriodicalId":222111,"journal":{"name":"9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"159","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/ICST.COLLABORATECOM.2013.254159","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 159

Abstract

The scope of this paper is two-fold: firstly it proposes the application of a 1-2-3 Zones approach to Internet of Things (IoT)-related Digital Forensics (DF) investigations. Secondly, it introduces a Next-Best-Thing Triage (NBT) Model for use in conjunction with the 1-2-3 Zones approach where necessary and vice versa. These two `approaches' are essential for the DF process from an IoT perspective: the atypical nature of IoT sources of evidence (i.e. Objects of Forensic Interest - OOFI), the pervasiveness of the IoT environment and its other unique attributes - and the combination of these attributes - dictate the necessity for a systematic DF approach to incidents. The two approaches proposed are designed to serve as a beacon to incident responders, increasing the efficiency and effectiveness of their IoT-related investigations by maximizing the use of the available time and ensuring relevant evidence identification and acquisition. The approaches can also be applied in conjunction with existing, recognised DF models, methodologies and frameworks.

查看原文本刊更多论文

物联网取证:挑战和方法

本文的范围有两个方面:首先，它提出了将1-2-3区域方法应用于与物联网(IoT)相关的数字取证(DF)调查。其次，它引入了下一个最好的事物分类(NBT)模型，在必要时与1-2-3区域方法结合使用，反之亦然。从物联网的角度来看，这两种“方法”对于取证过程至关重要:物联网证据来源的非典型性质(即法医感兴趣的对象- OOFI)，物联网环境的普遍性及其其他独特属性-以及这些属性的组合-决定了系统的事件取证方法的必要性。提出的两种方法旨在作为事件响应者的灯塔，通过最大限度地利用可用时间并确保相关证据的识别和获取，提高其物联网相关调查的效率和有效性。这些方法也可以与现有的、公认的DF模型、方法和框架结合使用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

自引率

0.00%

发文量