A holistic forensic model for the internet of things

Abstract

The explosive growth of the Internet of Things offers numerous innovative applications such as smart homes, e-healthcare, smart surveillance, smart industries, smart cities and smart grids. However, this has significantly increased the threat of attacks that exploit the vulnerable surfaces of Internet of Things devices. It is, therefore, immensely important to develop security solutions for protecting vulnerable devices and digital forensic models for recovering evidence of suspected attacks. Digital forensic solutions typically target specific application domains such as smart wearables, smart surveillance systems and smart homes. What is needed is a holistic approach that covers the diverse application domains, eliminating the overhead of employing ad hoc models. This chapter presents a holistic forensic model for the Internet of Things that is based on the ISO/IEC 27043 international standard. The model has three phases – forensic readiness (proactive), forensic initialization (incident) and forensic investigation (reactive) – that cover the entire lifecycle of Internet of Things forensics. The holistic model, which provides a customizable and configurable environment that supports diverse Internet of Things applications, can be enhanced to create a comprehensive framework.