Towards Digital Forensics 4.0: A Multilevel Digital Forensics Framework for Internet of Things (IoT) Devices

PDF (2161KB), PP.27-54

Views: 0 Downloads: 0

Author(s)

Yaman Salem 1 Majdi Owda 2 Amani Yousef Owda 1,*

1. Department of Natural Engineering and Technology Sciences, Arab American University (AAUP), Ramallah, Palestine

2. Faculty of Data Science, Arab American University (AAUP), Ramallah, Palestine

* Corresponding author.

DOI: https://doi.org/10.5815/ijwmt.2024.02.03

Received: 10 Dec. 2023 / Revised: 20 Feb. 2024 / Accepted: 5 Mar. 2024 / Published: 8 Apr. 2024

Index Terms

Industrial Revolution 4.0 (IR4.0), Internet of Things (IoT), Artifact of Interest (AoI), Multi-level Forensics, IoT Forensics 4.0, Action/Detection (A/D) Matrix, Framework

Abstract

The Internet of Things (IoT) driven Industrial Revolution 4.0 (IR4.0) and this is impacting every sector of the global economy. With IoT devices, everything is computerized. Today's digital forensics is no longer limited to computers, mobiles, or networks. The current digital forensics landscape demands a significantly different approach. The traditional digital forensics frameworks no longer meet the current requirements. Therefore, in this paper, we propose a novel framework called “Multi-level Artifact of Interest Digital Forensics Framework for IoT” (MAoIDFF-IoT). The keynote "Multi-level" aims to cover all levels of the IoT architecture. Our novel IoT digital forensics framework focuses on the Artifact of Interest (AoI). Additionally, it proposes the action/detection matrix. It encompasses the advantages of the previous frameworks while introducing new features specifically designed to make the framework suitable for current and future IoT investigation scenarios. The MAoIDFF-IoT framework is designed to face the challenges of IoT forensic analysis and address the diverse architecture of IoT environments. Our proposed framework was evaluated through real scenario experiments. The evaluation of the experimental results reveals the superiority of our framework over existing frameworks in terms of usability, inclusivity, focus on the (AoI), and acceleration of the investigation process.

Cite This Paper

Yaman Salem, Majdi Owda, Amani Yousef Owda, "Towards Digital Forensics 4.0: A Multilevel Digital Forensics Framework for Internet of Things (IoT) Devices", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.14, No.2, pp. 27-54, 2024. DOI:10.5815/ijwmt.2024.02.03

Reference

[1]C. Maxim, Z. Sherali, B. Zubair, and W. Andrew, “Internet of Things Forensics: The Need, Process Models, and Open Issues.,” IT Professional, vol. 20, pp. 40–49, 2018, doi: 10.1109/MITP.2018.032501747.
[2]K. A. Z. Ariffin and F. H. Ahmad, “Indicators for Maturity and Readiness for Digital Forensic Investigation in Era of Industrial Revolution 4.0,” Computers and Security, vol. 105, p. 102237, 2021, doi: 10.1016/j.cose.2021.102237.
[3]M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis, and E. K. Markakis, “A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues,” IEEE Communications Surveys and Tutorials, vol. 22, pp. 1191–1221, 2020, doi: 10.1109/COMST.2019.2962586.
[4]S. Alabdulsalam, K. Schaefer, T. Kechadi, and N. A. Le, “Internet of Things Foresnsics: Challengaes and Case Study,” in IFIP International Conference on Digital Forensics, 2018, vol. 13, pp. 35–48.
[5]J. Voas, “Demystifying the Internet of Things,” Computer, vol. 49, no. 6, pp. 80–83, 2016, doi: 10.1109/MC.2016.162.
[6]S. Zawoad and R. Hasan, “FAIoT: Towards Building a Forensics Aware Eco System for the Internet of Things,” in Proceedings - 2015 IEEE International Conference on Services Computing, SCC 2015, 2015, vol. 7, pp. 279–284, doi: 10.1109/SCC.2015.46.
[7]Y. Salem, M. Owda, and A. Owda, “An Experimental Approach for Locating WhatsApp Digital Forensics Artifacts on Windows 10 and the Cloud,” International Journal of Electronic Security and Digital Forensics, vol. 15, no. 1, p. 1, 2023, doi: 10.1504/ijesdf.2023.10051774.
[8]Y. Salem, M. Moreb, and K. S. Rabayah, “Evaluation of Information Security Awareness among Palestinian Learners,” in 2021 International Conference on Information Technology (ICIT), 2021, pp. 21–26, doi: 10.1109/icit52682.2021.9491639.
[9]P. S. Lee, M. Owda, and K. Crockett, “The detection of fraud activities on the stock market through forward analysis methodology of financial discussion boards,” Advances in Intelligent Systems and Computing, vol. 887, no. April, pp. 212–220, 2019, doi: 10.1007/978-3-030-03405-4_14.
[10]K. Kyei, P. Zavarsky, D. Lindskog, and R. Ruhl, “A review and comparative study of digital forensic investigation models,” Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 114 LNICST, pp. 314–327, 2013, doi: 10.1007/978-3-642-39891-9_20.
[11]Y. Yusoff, R. Ismail, and Z. Hassan, “Common Phases of Computer Forensics Investigation Models,” International Journal of Computer Science and Information Technology, vol. 49, no. 3, pp. 17–31, 2011, doi: 10.5121/ijcsit.2011.3302.
[12]M. Wu, T. Lu, F.-Y. Ling, L. Sun, and H.-Y. Du, “Research on the application-driven architecture in internet of things,” 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE) Research, vol. 4, pp. 458–465, 2010, doi: 10.3233/978-1-61499-722-1-458.
[13]J. Lin, W. YU, N. Zhang, X. Yang, H. Zhang, and  and W. Zhao, “A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications,” IEEE internet of things journal., vol. 18, pp. 1125–42, 2017, doi: 10.1109/I-SMAC.2018.8653708.
[14]L. Li, “Study on Security Architecture in the Internet of Things,” Proceedings of 2012 international conference on measurement, information and control, vol. 4, pp. 374–377, 2012, doi: 10.1016/B978-0-12-804458-2.00002-0.
[15]R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, “Internet of things (IoT) security: Current status, challenges and prospective measures,” 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), vol. 6, pp. 336–341, 2015, doi: 10.1109/ICITST.2015.7412116.
[16]I. Andrea, C. Chrysostomou, and G. Hadjichristofi, “Internet of Things: Security vulnerabilities and challenges,” Proceedings - IEEE Symposium on Computers and Communications, vol. 8, pp. 180–187, 2015, doi: 10.1109/ISCC.2015.7405513.
[17]L. Patra and U. P. Rao, “Internet of Things-Architecture, applications, security and other major challenges,” Proceedings of the 10th INDIACom; 2016 3rd International Conference on Computing for Sustainable Global Development, INDIACom 2016, vol. 6, pp. 1201–1206, 2016.
[18]M. U.Farooq, M. Waseem, A. Khairi, and S. Mazhar, “A Critical Analysis on the Security Concerns of Internet of Things (IoT),” International Journal of Computer Applications, vol. 6, pp. 1–6, 2015, doi: 10.5120/19547-1280.
[19]M. Pollitt, “Computer Forensics: an approach to evidence in cyberspace,” Proceedings of the National Information Systems Security Conference, vol. 5, 1995, doi: 10.1201/9780849305627.
[20]G. Ruibin, C. K. Yun, and M. Gaertner, “Case-Relevance Information Investigation : Binding Computer Intelligence to the Current Computer Forensic Framework,” International Journal, vol. 4, no. 1, pp. 1–13, 2005, [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.81.4278&rep=rep1&type=pdf.
[21]K. Kent, S. Chevalier, T. Grance, and H. Dang, “Guide to Integrating Forensic Techniques into Incident Response,” The National Institute of Standards and Technology, pp. 800–86, 2006.
[22]M. K. Rogers et al., “Computer Forensics Field Triage Process Model,” Journal of Digital Forensics, Security and Law, vol. 1, no. 2, pp. 1–21, 2006, [Online]. Available: https://commons.erau.edu/jdfsl/vol1/iss2/2.
[23]M. Kohn, E. JHP, and M. Olivier, “Framework for a Digital Forensic Investigation,” Information and Computer Security Architectures Research Group (ICSA) Department of Computer Science ,University of Pretoria, vol. 64, pp. S33–S34, 2006, doi: 10.14943/jjvr.64.suppl.s33.
[24]B. Derek and H. Ewa, “Computer Forensic Analysis in a Virtual Environment,” International journal of digital evidence 6.2, vol. 6, no. 2, pp. 143–151, 2007, doi: 10.1109/SEW.2003.1270737.
[25]I. O, D. Chris, and D. David, “A New Approach of Digital Forensic Model for Digital Forensic Investigation,” International Journal of Advanced Computer Science and Applications, vol. 4, no. 12, pp. 175–178, 2011, doi: 10.14569/ijacsa.2011.021226.
[26]M. D. Kohn, M. M. Eloff, and J. H. P. Eloff, “Integrated digital forensic process model,” Computers and Security, vol. 38, pp. 103–115, 2013, doi: 10.1016/j.cose.2013.05.001.
[27]M. D. K, “Integrated Digital Forensic Process Model,” Computers & Security, vol. 38, no. November, pp. 103–115, 2013.
[28]D. Sudyana, “Analysis and Evaluation Digital Forensic Investigation Framework Using Iso 27037:2012,” International Journal of Cyber-Security and Digital Forensics, vol. 8, no. 1, pp. 1–14, 2019, doi: 10.17781/p002464.
[29]G. Horsman, “Framework for Reliable Experimental Design (FRED): A research framework to ensure the dependable interpretation of digital data for digital forensics,” Computers & Security, vol. 25, pp. 1–24, 2018.
[30]A. A. Thakar, K. Kumar, and B. Patel, “Next Generation Digital Forensic Investigation Model (NGDFIM) - Enhanced, Time Reducing and Comprehensive Framework,” Journal of Physics: Conference Series, vol. 1767, no. 1, pp. 1–10, 2021, doi: 10.1088/1742-6596/1767/1/012054.
[31]E. Oriwoh, D. Jazani, G. Epiphaniou, and P. Sant, “Internet of Things Forensics: Challenges and approaches,” in Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2013, vol. 7, pp. 608–615, doi: 10.4108/icst.collaboratecom.2013.254159.
[32]H. Chung, J. Park, and S. Lee, “Digital Forensic Approaches for Amazon Alexa Ecosystem,” DFRWS 2017 USA - Proceedings of the 17th Annual DFRWS USA, vol. 22, pp. S15–S25, 2017, doi: 10.1016/j.diin.2017.06.010.
[33]A. Awasthi, H. O. L. Read, K. Xynos, and I. Sutherland, “Welcome pwn: Almond Smart Home Hub Forensics,” Proceedings of the Digital Forensic Research Conference, DFRWS 2018 USA, vol. 26, pp. S38–S46, 2018, doi: 10.1016/j.diin.2018.04.014.
[34]J. Song and J. Li, “A Framework for Digital Forensic Investigation of Big Data,” 2020 3rd International Conference on Artificial Intelligence and Big Data, ICAIBD 2020, vol. 5, pp. 96–100, 2020, doi: 10.1109/ICAIBD49809.2020.9137498.
[35]M. S. Kirmani and M. T. Banday, “Digital Forensics in the Context of the Internet of Things,” Cyber Warfare and Terrorism, vol. 24, no. January, pp. 1178–1200, 2020, doi: 10.4018/978-1-7998-2466-4.ch069.
[36]T. Wu, F. Breitinger, and I. Baggili, “IoT Ignorance is Digital Forensics Research Bliss: A Survey to Understand IoT Forensics Definitions, Challenges and Future Research Directions,” Proceedings of the 14th International Conference on Availability, Reliability and Security, vol. 16, pp. 1–15, 2019, doi: 10.1145/3339252.3340504.
[37]N. I. of Standards and T. (NIST), “NIST Cloud Computing Forensic Science Challenges,” 2014, [Online]. Available: http://safegov.org/media/72648/nist_digital_forensics_draft_8006.pdf.
[38]I. Yaqoob, I. A. T. Hashem, A. Ahmed, S. M. A. Kazmi, and C. S. Hong, “Internet of Things Forensics: Recent Advances, Taxonomy, Requirements, and Open Challenges,” Future Generation Computer Systems, vol. 92, pp. 265–275, 2019, doi: 10.1016/j.future.2018.09.058.
[39]Y. Y. Teing, A. Dehghantanha, and K. K. R. Choo, “CloudMe Forensics: A Case of Big Data Forensic Investigation,” Concurrency and Computation: Practice and Experience, vol. 13, pp. 1–12, 2018, doi: 10.1002/cpe.4277.
[40]M. M. Salim, S. Rathore, and J. H. Park, “Distributed Denial of Service Attacks and its Defenses in IoT: A Survey,” Journal of Supercomputing, vol. 76, pp. 5320–5363, 2020, doi: 10.1007/s11227-019-02945-z.
[41]T. Wu, “Digital Forensic Investigation of IoT Devices : Tools and Methods,” (Doctoral dissertation, University of Oxford)., 2020.
[42]S. Watson and A. Dehghantanha, “Digital Forensics: The Missing Piece of the Internet of Things Promise,” Computer Fraud and Security, vol. 6, pp. 5–8, 2016, doi: 10.1016/S1361-3723(15)30045-2.
[43]F. Servida and E. Casey, “IoT Forensic Challenges and Opportunities for Digital Traces,” Digital Investigation, vol. 28, pp. S22–S29, 2019, doi: 10.1016/j.diin.2019.01.012.
[44]B. Carrier, File System Forensic Analysis, vol. 511. 2005.
[45]J. P. Sandvik, K. Franke, H. Abie, and A. Årnes, “Coffee forensics — Reconstructing data in IoT devices running Contiki OS,” Forensic Science International: Digital Investigation, vol. 37, 2021, doi: 10.1016/j.fsidi.2021.301188.
[46]S. Khan, A. Gani, A. W. A. Wahab, M. Shiraz, and I. Ahmad, “Network forensics: Review, taxonomy, and open challenges,” Journal of Network and Computer Applications, vol. 66, pp. 214–235, 2016, doi: 10.1016/j.jnca.2016.03.005.
[47]E. S. Pilli, R. C. Joshi, and R. Niyogi, “Network forensic frameworks: Survey and research challenges,” Digital Investigation, vol. 7, no. 1–2, pp. 14–27, 2010, doi: 10.1016/j.diin.2010.02.003.
[48]O. Afonin and V. Katalov, Mobile Forensics – Advanced Investigative Strategies. 2016.
[49]M. J. Islam, M. Mahin, A. Khatun, B. C. Debnath, and S. Kabir, “Digital Forensic Investigation Framework for Internet of Things (IoT): A Comprehensive Approach,” 1st International Conference on Advances in Science, Engineering and Robotics Technology 2019, ICASERT 2019, vol. 5, pp. 1–6, 2019, doi: 10.1109/ICASERT.2019.8934707.
[50]A. Y. Mahmoud, “Theory and Practice of Forensics Techniques for ‎ Smartphones,” 2018.
[51]R. Tamma, O. Skulkin, H. Mahalik, and S. Bommisetty, Practical Mobile Forensics: Forensically investigate and analyze iOS, Android, and Windows 10 devices. 2014.
[52]M. Faheem, T. Kechadi, and N. A. Le-Khac, “The State of the Art Forensic Techniques in Mobile Cloud Environment,” International Journal of Digital Crime and Forensics, vol. 7, no. 2, pp. 1–19, 2015, doi: 10.4018/ijdcf.2015040101.
[53]R. Ayers, W. Jansen, and S. Brothers, “Guidelines on mobile device forensics (NIST Special Publication 800-101 Revision 1),” NIST Special Publication, p. 85, 2014, [Online]. Available: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-101r1.pdf.
[54]C. Meffert, D. Clark, I. Baggili, and F. Breitinger, “Forensic State Acquisition from Internet of Things (FSAIoT): A General Framework and Practical Approach for IoT Forensics through IoT Device State Acquisition,” Proceedings of the 12th International Conference on Availability, Reliability and Security, vol. 13, pp. 1–12, 2017, doi: 10.1145/3098954.3104053.
[55]L. Babun, A. K. Sikder, A. Acar, and S. Uluagac, “The Truth Shall Set Thee Free: Enabling Practical Forensic Capabilities in Smart Environments,” in The Network and Distributed System Security (NDSS) Symposium, 2022, no. April, pp. 1–17, doi: 10.14722/ndss.2022.24133.
[56]L. Babun, A. K. Sikder, A. Acar, and A. S. Uluagac, “IoTDots: A Digital Forensics Framework for Smart Environments,” ArXiv preprint arXiv:1809.00745, vol. 13, pp. 2–15, 2018, [Online]. Available: http://arxiv.org/abs/1809.00745.
[57]F. Bouchaud, G. Grimaud, and T. Vantroys, “IoT Forensic a Digital Investigation Framework for IoT Systems,” in 2018 10th international conference on electronics, computers and artificial intelligence (ECAI), 2018, vol. 5, pp. 1–4, doi: 10.1145/3230833.3233257.
[58]A. Nieto, R. Rios, and J. Lopez, “A Methodology for Privacy-Aware IoT-Forensics,” 2017 IEEE Trustcom/BigDataSE/ICESS, vol. 7, pp. 626–633, 2017, doi: 10.1109/Trustcom/BigDataSE/ICESS.2017.293.
[59]T. Zia, P. Liu, and W. Han, “Application-Specific Digital Forensics Investigative Model in Internet of Things (IoT),” ACM International Conference Proceeding Series, vol. Part F1305, pp. 1–7, 2017, doi: 10.1145/3098954.3104052.
[60]M. A. Saleh, S. Hajar Othman, A. Al-Dhaqm, and M. A. Al-Khasawneh, “Common Investigation Process Model for Internet of Things Forensics,” 2021 2nd International Conference on Smart Computing and Electronic Enterprise: Ubiquitous, Adaptive, and Sustainable Computing Solutions for New Normal, ICSCEE 2021, vol. 5, pp. 84–89, 2021, doi: 10.1109/ICSCEE50312.2021.9498045.
[61]M. Hossain, Y. Karim, and R. Hasan, “FIF-IoT: A Forensic Investigation Framework for IoT Using a Public Digital Ledger,” Proceedings - 2018 IEEE International Congress on Internet of Things, ICIOT 2018 - Part of the 2018 IEEE World Congress on Services, vol. 8, pp. 33–40, 2018, doi: 10.1109/ICIOT.2018.00012.
[62]W. A. Mahrous, M. Farouk, and S. M. Darwish, “An Enhanced Blockchain-Based IoT Digital Forensics Architecture Using Fuzzy Hash,” IEEE Access, vol. 9, pp. 151327–151336, 2021, doi: 10.1109/ACCESS.2021.3126715.
[63]V. R. Kebande et al., “Towards an Integrated Digital Forensic Investigation Framework for an IoT-based Ecosystem,” 2018 IEEE International Conference on Smart Internet of Things, SmartIoT 2018, vol. 6, pp. 93–98, 2018, doi: 10.1109/SmartIoT.2018.00-19.
[64]M. Hossain, “Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Internet of Things Using Resource-efficient Cryptographic Schemes,” Doctoral dissertation, The University of Alabama at Birmingham, vol. 1–371, p. 371, 2018, doi: 10.13140/RG.2.2.33117.72165.
[65]S. Li, K. K. Raymond, Q. Sun, W. J. Buchanan, and J. Cao, “IoT Forensics: Amazon Echo as a Use Case,” IEEE Internet of Things Journal, vol. 6, no. 4, pp. 6487–6497, 2019, doi: 10.1109/JIOT.2019.2906946.
[66]E. Oriwoh and P. Sant, “The forensics edge management system: A concept and design,” Proceedings - IEEE 10th International Conference on Ubiquitous Intelligence and Computing, UIC 2013 and IEEE 10th International Conference on Autonomic and Trusted Computing, ATC 2013, pp. 544–550, 2013, doi: 10.1109/UIC-ATC.2013.71.
[67]V. R. Kebande and I. Ray, “A Generic Digital Forensic Investigation Framework for Internet of Things (IoT),” Proceedings - 2016 IEEE 4th International Conference on Future Internet of Things and Cloud, FiCloud 2016, vol. 7, pp. 356–362, 2016, doi: 10.1109/FiCloud.2016.57.
[68]J. M. C. Gómez, J. R. Gómez, J. C. Mondéjar, and J. L. M. Martínez, “Non-Volatile Memory Forensic Analysis in Windows 10 IoT Core,” Entropy, vol. 29, pp. 1–28, 2019, doi: 10.3390/e21121141.
[69]N. Koroniotis, N. Moustafa, and E. Sitnikova, “A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework,” Future Generation Computer Systems, vol. 16, pp. 91–106, 2020, doi: 10.1016/j.future.2020.03.042.
[70]B. Carrier and E. Spafford, “An event-based digital forensic investigation framework,” Digital forensic research workshop, pp. 1–12, 2004, [Online]. Available: http://www.digital-evidence.org/papers/dfrws_event.pdf.
[71]D. Quick and K.-K. C. Raymond, “Data reduction and data mining framework for digital forensic evidence: Storage, intelligence, review and archive,” vol. 11, pp. 1–11, 2014.
[72]G. Reith, M., Carr, C., & Gunsch, “An Examination of Digital Forensic Models,” International Journal of Digital Evidence, vol. 13, pp. 1–12, 2002, doi: 10.1109/SADFE.2009.8.
[73]A. Agarwal, M. Gupta, S. Gupta, and S. C. Gupta, “Systematic digital forensic investigation model,” International Journal of Computer Science and Security (IJCSS), vol. 5, no. 1, pp. 118–131, 2011, [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.227.8647&rep=rep1&type=pdf.
[74]Tapo, “Tapo Smart Camera,” 2022. https://www.tapo.com/us/product/smart-camera/tapo-c200/ (accessed Mar. 15, 2022).
[75]G. Palmer, “DTR-T001-01 Technical Report. A Road Map for Digital Forensic Research,” Digital Forensics Workshop (DFRWS), vol. 49, 2001, doi: 10.1016/0032-3950(82)90064-8.
[76]B. Carrier and E. H. Spafford, “Getting Physical with the Investigative Process,” International Journal of Digital Evidence Fall, vol. 2, no. 2, pp. 1–20, 2003, [Online]. Available: https://pdfs.semanticscholar.org/915b/524318e2f0689b586ba7ae89ea39e9b22ce3.pdf.
[77]V. Baryamureeba and F. Tushabe, “The Enhanced Digital Investigation Process Model,” 2004, [Online]. Available: http:/dfrws.org.
[78]S. Ciardhuáin, “An extended model of cybercrime investigations,” International Journal of Digital Evidence, vol. 3, no. 1, pp. 1–22, 2004, [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.80.1289&rep=rep1&type=pdf%5Cnhttps://utica.edu/academic/institutes/ecii/publications/articles/A0B70121-FD6C-3DBA-0EA5C3E93CC575FA.pdf.
[79]N. Beebe, J. Clark, N. L. Beebe, and J. G. Clark, “A Hierarchical, Objectives-Based Framework for the Digital Investigations Process,” Digital Investigation, pp. 147–167, 2005.
[80]F. C. Freiling and B. Schwittay, “A Common Process Model for Incident Response and Computer Forensics,” Imf, vol. 7, no. 2007, pp. 19–40, 2007, [Online]. Available: http://www1.cs.fau.de/filepool/publications/imf2007-common-model.pdf.