IoT Forensic Science
The forensic science principles needed to exploit the full potential of IoT traces, including uniqueness, exchange, provenance, integrity, reliability, repeatability, evaluating links between virtual and physical entities, and formally assessing alternative hypotheses are presented.
Abstract
IoT devices produce information that can be used in criminal investigations and cybersecurity incidents to make inferences about identities, locations, chronologies, and relationships between relevant entities. Before this information is relied upon to make critical decisions, its veracity must be assessed critically, and the link between virtual and physical worlds must be evaluated carefully. This chapter presents the forensic science principles needed to exploit the full potential of IoT traces, including uniqueness, exchange, provenance, integrity, reliability, repeatability, evaluating links between virtual and physical entities, and formally assessing alternative hypotheses. This chapter also discusses core forensic processes and activities, demonstrating their application to forensic analysis of IoT devices using practical examples. A typology of IoT traces is proposed and their usefulness during an investigation is discussed. Finally, an investigative scenario is presented to illustrate the opportunities and challenges of exploiting IoT devices and traces for investigative and forensic purposes.