Unified Methodology for Forensic Analysis of IoT Devices (UM-FAID)

Frank TursiFollow

Author ORCID Identifier

https://orcid.org/0000-0002-2847-9290

Advisor Information

Dr. George Grispos

Presentation Type

Oral Presentation

Start Date

26-3-2021 12:00 AM

End Date

26-3-2021 12:00 AM

Abstract

The world is becoming increasingly dependent on Internet-connected devices. According to industry reports, there are an estimated 26.6 billion devices connected to the Internet with a predicted 51 billion devices by 2023. The range in devices along with the shift from traditional computers to embedded devices makes a digital forensic investigator's job increasingly difficult. This study aims to create a unified methodology for forensic analysis of Internet of Things (IoT) devices. Specifically, it dives into the data extraction from IoT devices through hardware-based methods. To create this methodology a number of existing academic papers and case studies from the digital forensics, computer engineering, and reverse engineering subject areas were acquired to develop an all-encompassing methodology for hardware-based data extraction. To test the methodology, a number of IoT devices were acquired, populated with user-data, and extracted through the methods described in this study. The results of this study supports that an investigator following this methodology (UM-FAID) would be able to extract data directly from the hardware of a sweeping number of IoT devices without access to the linked smartphone or cloud login information. Artifacts from the analyzed data can include personally identifiable information (PII) and hidden data that is not displayed from the smartphone or cloud user interfaces. Consequently, developers should take into account the security of their user's data on their IoT devices in addition to smartphone and cloud security.

Creative Commons License

Creative Commons Attribution 4.0 License
This work is licensed under a Creative Commons Attribution 4.0 License.

This document is currently not available here.

COinS
 
Mar 26th, 12:00 AM Mar 26th, 12:00 AM

Unified Methodology for Forensic Analysis of IoT Devices (UM-FAID)

The world is becoming increasingly dependent on Internet-connected devices. According to industry reports, there are an estimated 26.6 billion devices connected to the Internet with a predicted 51 billion devices by 2023. The range in devices along with the shift from traditional computers to embedded devices makes a digital forensic investigator's job increasingly difficult. This study aims to create a unified methodology for forensic analysis of Internet of Things (IoT) devices. Specifically, it dives into the data extraction from IoT devices through hardware-based methods. To create this methodology a number of existing academic papers and case studies from the digital forensics, computer engineering, and reverse engineering subject areas were acquired to develop an all-encompassing methodology for hardware-based data extraction. To test the methodology, a number of IoT devices were acquired, populated with user-data, and extracted through the methods described in this study. The results of this study supports that an investigator following this methodology (UM-FAID) would be able to extract data directly from the hardware of a sweeping number of IoT devices without access to the linked smartphone or cloud login information. Artifacts from the analyzed data can include personally identifiable information (PII) and hidden data that is not displayed from the smartphone or cloud user interfaces. Consequently, developers should take into account the security of their user's data on their IoT devices in addition to smartphone and cloud security.