A Concept Forensic Methodology For The Investigation Of IoT Cyberincidents

Abstract

Abstract The number of Internet of Things (IoT) forensic investigations has increased considerably over recent years due to the weak nature of the security measures of its devices. In order to ensure the effectiveness and completeness of their examinations, investigators rely on forensic models, frameworks and methodologies. However, given the novelty of the environment, the existing ones are not refined enough, and the conventional counterparts do not satisfy the requirements of the IoT. Consequently, further improvements are needed in order for a more suitable IoT methodology to be designed. After reviewing the proposals from the research community for the development of procedures for performing IoT investigations, this article presents a practical concept methodology for conducting IoT forensic investigations that details step by step the whole examination process from its opening to its closing. In order to test its effectiveness and feasibility, it is submitted to a theoretical, a practical and a hybrid evaluation. Firstly, by comparing its level of detail, practicality and content with the related work. Secondly, by assessing its performance in two practical scenarios that depict real-life forensic investigations and the challenges that they present. And, finally, by studying how the existing models from the research community would have behaved in these cases. After performing these three different evaluations, it can be concluded that the results achieved by the proposed methodology were satisfactory, confirmed the feasibility of the proposal and showed clear benefits compared with the related work in terms of practicality and level of detail.