Enterprise Risk management course. Your task this week is to write a research paper discussing the concept of risk modeling. Please also evaluate the importance of risk models. Lastly, construct an approach to modeling various risks and evaluate how an organization may make decisions about techniques to model, measure, and aggregate risks.
Your paper should meet the following requirements:
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
A Survey on Digital Forensics in Internet of Things Jianwei Hou , Yuewei Li, Jingyang Yu, and Wenchang Shi
Abstract—Internet of Things (IoT) is increasingly permeat- ing peoples’ lives, gradually revolutionizing our way of life. Due to the tight connection between people and IoT, now civil and criminal investigations or internal probes must take IoT into account. From the forensic perspective, the IoT environment con- tains a rich set of artifacts that could benefit investigations, while the forensic investigation in IoT paradigm may have to alter to accommodate characteristics of IoT. Therefore, in this article, we analyze the impact of IoT on digital forensics and systematize the research efforts made by previous researchers from 2010 to 2018. We sketch the landscape of IoT forensics and examine the state of IoT forensics under a 3-D framework. The 3-D frame- work consists of a temporal dimension, a spatial dimension, and a technical dimension. The temporal dimension walks through the standard digital forensic process while the spatial dimension explores where to identify sources of evidence in IoT environ- ment. These two dimensions attempt to provide principles and guidelines for standardizing digital investigations in the context of IoT. The technical dimension guides a way to the exploration of tools and techniques to ensure the enforcement of digital forensics in the ever-evolving IoT environment. Put together, we present a holistic overview of digital forensics in IoT. We also highlight open issues and outline promising suggestions to inspire future study.
Index Terms—Cybercrime, digital forensics, Internet of Things (IoT).
W ITH the Internet of Things (IoT) permeating our dailylives, people are becoming more reliant on various kinds of smart IoT services, leaving traces on various IoT devices. These rich repositories of digital traces in IoT envi- ronment can provide insight into people’s daily activities in their home and elsewhere, which are of great value to digital forensics . On the other hand, the number of both civil and criminal cases involving IoT devices or services has grown. IoT devices may not only be targets for attacks, but also tools for committing crimes. Security vulnerabilities in IoT systems can be leveraged to remotely control the systems, for exam- ple, to control the accelerator and brake system of the smart
Manuscript received May 9, 2019; revised July 9, 2019; accepted August 26, 2019. Date of publication September 11, 2019; date of current version January 10, 2020. This work was supported in part by the National Natural Science Foundation of China under Grant 61472429, in part by the Natural Science Foundation of Beijing Municipality under Grant 4122041, and in part by the National High Technology Research and Development Program of China under Grant 2007AA01Z414. (Corresponding author: Wenchang Shi.)
J. Yu is with the School of Information, Renmin University of China, Beijing 100872, China, and also with the School of Computer and Information Engineering, Henan University, Kaifeng 475004, China (e-mail: [email protected]).
Digital Object Identifier 10.1109/JIOT.2019.2940713
vehicle to cause an incident. Therefore, there is an urgent need for IoT forensics research to assist in determining the who, what, where, when, and how for cases.
The rapid adoption of IoT expands the range of digi- tal evidence from the PC or laptops to a wide range of IoT devices (e.g., wearable devices and automobiles) as well as various cloud-based IoT services, which presents multi- faceted challenges for investigators. Although current forensic methodologies and tools still prove useful at some stages of forensics in IoT domain, there is still a pressing need to update current tools, procedures, and legislation to deal with unique characteristics of IoT .
The main goal of this survey is to have an overview of the state of IoT forensics and provide guidelines for future research and practices on it. We try to provide a comprehensive and structured landscape of IoT forensics under a 3-D frame- work. The framework encompasses a temporal dimension, a spatial dimension, and a technical dimension.
From the temporal dimension, IoT forensics follows the standard digital forensic process including collection, exam- ination, analysis, and reporting to transform media into evi- dence and calls for appropriate forensic models to support the reasonable and appropriate use of forensic tools for practi- cal investigations involving IoT. From the spatial dimension, we explore IoT forensics with respect to the forensic envi- ronment where potential evidence may exist. Based on the typical architecture of IoT, the major sources of evidence in IoT forensics can be divided into three domains, i.e., device, network, and cloud. From the technical dimension, we inves- tigate IoT forensics by exploring the enabling methods, tools, or techniques that can provide the ability to collect and exam- ine volatile or nonvolatile data and to perform quick reviews or in-depth analysis of data from various sources of evidence in IoT environment.
Together with the three dimensions, we make a system- atic analysis of existing efforts on digital forensics in IoT paradigm to present a holistic overview of this domain. We also point out open issues that IoT forensics faces and put for- ward promising suggestions to assist with future research. The main contributions of this article are highlighted as follows.
1) We discuss and summarize the impact of IoT on digi- tal forensics according to fundamental characteristics of IoT.
2) We provide an overview of existing research efforts from 2010 to 2018 on IoT forensics and briefly introduce the development of IoT forensics.
3) We sketch the landscape of IoT forensics and review the state of it under a 3-D framework.
4) We highlight the open issues in the field of IoT forensics and propose corresponding suggestions.
2327-4662 c© 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: University of the Cumberlands. Downloaded on June 30,2021 at 23:52:48 UTC from IEEE Xplore. Restrictions apply.
2 IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020
The remainder of this article is organized as follows. In Section II, we introduce the background of digital forensics and discuss the impact of IoT on digital forensics. We also introduce smart home as a typical IoT scene that helps to illustrate digital forensics in IoT environment later in the fol- lowing sections. In Section III, we select and investigate the recent literature on IoT forensics and clarify the development of IoT forensics research. We sketch the landscape of IoT forensics under a 3-D framework in Section IV and illustrate each dimension in detail in Sections V–VII, respectively. In Section VIII, from the three dimensions, we highlight the open issues and present promising suggestions for future research and practices in the field of IoT forensics. Finally, we conclude this article in Section IX.
A. Digital Forensics
Digital forensics aims to gain a better understanding of an event of interest by finding and analyzing the facts related to that event . The digital forensic investigators reveal the truth of an event by discovering and exposing the remnants (footprints or artifacts) of an event left on the digital system.
The NIST Recommendation  has divided the digi- tal forensic investigation process into four consecutive (or iterative if necessary) phases, i.e., collection, examination, analysis, and reporting. Although different sources of evidence may call for different methodologies and generate different types of evidence, digital investigations in IoT environment still need to be carried out under this process to support the admissibility of evidence in legal processing.
B. Forensic Soundness
Forensic soundness is the basic principle for forensic inves- tigations. On the one hand, it refers to the fact that the digital forensic process must follow a certain standard so that it can be admissible in a court of law. On the other hand, the applica- tion or development of forensic tools and techniques should be undertaken in accordance with the relevant rules of forensics to protect the evidence from damage. A process is consid- ered to be forensically sound if it meets the following four criteria .
1) Meaning: The forensic process cannot change the orig- inal meaning of evidence or should try to have the minimum change.
2) Errors: The forensic process should avoid undetectable errors and any error in the process should be properly documented.
3) Transparency and Trustworthiness: The reliability and accuracy of the forensic process are capable of being tested and/or verified by, for example, an external exam- ination of the forensic procedures by a court of law.
4) Experience: The individuals undertaking the forensic investigation should have sufficient experience or knowl- edge and should not undertake an examination that is beyond his/her current level of knowledge and skill.
Fig. 1. Impact of IoT on digital forensics.
C. Impact of IoT on Digital Forensics
IoT enables more and more devices “online,” providing various kinds of smart services (e.g., smart city, medical care, and smart home) that are bound up with peoples’ lives. Considering the fundamental characteristics of IoT, we discuss the impact of IoT on digital forensics, summarized in Fig. 1.
1) Ubiquitous Sensing: With temperature sensors, motion detectors, or pressure sensors, IoT devices have the ubiquitous sensing ability so that they contain potential evidence closely related to the behavior of their owners and other devices in their environments . More diverse sources of evidence and fine-grained sensing in IoT contribute to reconstructing the context of cases, which also produces a large volume of forensic data needing to be dealt with.
2) Dynamic Changes: The state of IoT devices changes dynamically. That is, a device may join or leave a network autonomously or with the movement of users at any time. Due to such temporal and spatial change properties, network topologies change dynamically and network bound- aries become blurry, which would make it more difficult to identify the boundaries of cases . The dynamic fea- ture of IoT calls for real-time logging to record temporal information, such as modified time, accessed time, and cre- ated time, which can help to correlate and sequence the digital evidence gathered from different devices.
3) Automated Execution: There are real-time and auto- mated interactions between IoT devices to facilitate the col- laboration between different IoT applications . Devices may operate automatically according to the information from surroundings or other entities, reducing human intervention. Within automated systems, there are questions of control (who/what did it?) and responsibility (who/what is at fault?) while the increase of interactions makes it prohibitively com- plex to trace back incidents through a chain of different devices.
4) Resource-Limited Characteristic of Devices: Due to the limited resources of some IoT devices, data on the devices may have a short survival period before being overwritten by the latest data and is usually sent to cloud or other data cen- ter. Therefore, it is more difficult to locate where potential evidence may exist. On the other hand, these resource-limited devices may be in the absence of adequate security guarantee, so that malicious users may easily modify or destroy the logs and relevant data on the devices .
Authorized licensed use limited to: University of the Cumberlands. Downloaded on June 30,2021 at 23:52:48 UTC from IEEE Xplore. Restrictions apply.
HOU et al.: SURVEY ON DIGITAL FORENSICS IN IoT 3
Fig. 2. IoT forensics paradigm of smart home.
5) Highly Heterogeneous: Based on different hardware, software, and networks, IoT devices are heterogeneous with multiple protocols, diverse data formats, and proprietary interfaces. Types of data in IoT forensics may be diverse in various vendor-specific formats. Heterogeneous devices may call for different tools or methods for data collection, examination, and analysis, which requires more efforts for investigators. The contemporary forensic tools may not be able to deal with every source of evidence, which calls for new tools. New tools should be properly tested and assessed prior to their use  because unreliable tools may lead to uncer- tainty and loss, and affect the soundness of evidence and even the final conclusion.
6) Special Security Characteristic: IoT bridges the gap between the cyber world and the physical world, so that secu- rity threats in the cyber world can bring safety threats to the real-world and vice versa . IoT enables the communica- tion abilities to various kinds of devices (e.g., smart appliances, connected vehicles, and personal health devices) and connects them to the network, which may lead to broad attack faces. A single IoT device can be used to compromise other connected devices due to the connection between devices, which will transfer or expand the impact and increase the complexity of forensics. Moreover, due to the integration of the cyber world and the physical world, IoT devices can be remotely controlled to operate the physical world. Therefore, unsafe and insecure operations on IoT devices may result in a real loss of services and even the loss of life. There is a growing need for foren- sics to reconstruct security/safety incidents or troubleshoot the operational problems in IoT systems. And the security threat that adversaries can remotely control the device to remove or modify traces (e.g., logs and videos) or even destroy the device may make the evidence fragile and compromise the integrity of evidence.
D. Typical IoT Scene
Smart home is a typical application scenario in IoT includ- ing three layers of a typical IoT architecture: 1) a sensing layer; 2) a networking and data communication layer; and 3) an application layer.
A smart home system is usually composed of a hub, multiple IoT devices, and a back-end server (e.g., a cloud), as shown in Fig. 2. Thermostats, lightings, cameras, and voice assistants are endpoint IoT devices in the sensing layer to measure, collect, and process the state information associ- ated with these things. These devices use wired or wireless communication protocols to communicate in the network and data communication layer. They can communicate through the Internet via the hub or directly through a local network. The hub can send the data from devices to the back-end cloud for storage, processing, and application. Users can control the devices or obtain status information of devices by sending commands to the cloud through Apps on mobile phones or Webs. Then the hub receives commands from the server and sends them to the devices, so that devices will execute relevant operations according to the commands. Devices may also col- laborate with each other automatically according to predefined conditions.
We will take this typical IoT scene as an example to illus- trate in detail the digital forensics in the IoT environment from different perspectives later.
III. LITERATURE REVIEW ON IOT FORENSICS
A. Literature Selection Process
In order to have a clear picture of digital forensics in the IoT environment, this section provides an extensive literature review of the research on IoT forensics. This article selection strategy consists of three main stages.
1) Stage 1: Define the keywords to search relevant papers from electronic databases (DBLP, IEEE Xplorer, and Science Direct). Considering the alternatives and other synonyms of essential components of the keywords, the subsequent exploration string was defined: (“Forensic” OR “Investigation” OR “Evidence”) AND (“Things” OR “Internet of Things” OR “IoT” OR “Smart”).
2) Stage 2: Select papers based on the title, publication year, and language of them (only includes the papers written in English). To ensure that only high-quality pub- lications were included in the study, we focus on jour- nal publications and conferences papers published by Elsevier, IEEE, Springer, ACM, and Wiley. Moreover, opinion-driven reports (editorials, commentaries, and letters) and books were excluded.
3) Stage 3: Review the abstracts and full texts of the selected papers to verify the relevance of these papers. The cited information, abstracts, and keywords of the papers were recorded for further analysis.
Finally, 58 papers published between 2010 and 2018 were extracted through the three phases, as shown in Table I.
B. Overview of Existing Research on IoT Forensics
From the distribution of the papers by the year of publi- cation from 2010 to 2018, there is a sharp increase number of papers in 2018 and all the other years witness a grad- ual increase. Research on IoT forensics has entered a new
Authorized licensed use limited to: University of the Cumberlands. Downloaded on June 30,2021 at 23:52:48 UTC from IEEE Xplore. Restrictions apply.
4 IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020
TABLE I DISTRIBUTION OF EXISTING RESEARCH ON IOT FORENSICS
period of significant growth since 2016 with the wide appli- cation of IoT devices in production and life. The 58 papers are classified under five categories including survey papers, models/frameworks, forensic methods, forensic systems, and forensic techniques/tools.
From 2010 to 2018, there was ongoing research on forensic methods to provide guidelines for investigations on differ- ent sources of evidence in IoT and explore feasible forensic methods and techniques. The greater part of the work stud- ies enabling forensic techniques and tools for the coming new demands and challenges of digital forensics in IoT envi- ronment, concerning evidence collection, examination, and analysis.
Early work on IoT forensics was predominantly theoretical in nature, and aimed to deal with issues about frameworks and models. In 2013, Oriwoh et al.  first explored the conceptual digital forensic models for IoT forensics to guide forensic investigations involving the IoT, which provided the basis for further research on forensic models and frameworks. At the same time, they also explored the automated forensic system that aims to make the IoT environment forensically ready before potential cases occur . The two research
efforts laid the foundation of research on IoT forensics. Since then, there have been a great number of papers exploring IoT forensic frameworks/models to guide procedures for rou- tine forensic tasks and developing forensic systems to ensure forensic readiness abilities for IoT.
Some survey papers , –, , ,  have made a preliminary exploration of challenges in IoT forensics. Chernyshev et al.  mainly focused on conceptual digi- tal forensic models that can be applied to IoT environment. Bréda et al.  analyzed the minimal functional forensic requirements of IoT devices to provide reliable information. The requirements are defined in the user data protection class by the access control policy, the access control functions, the data authentication, and integrity requirements of the stored data to maintain a minimum level of data integrity in the IoT environment. Losavio et al.  analyzed in detail the legal concerns on data collection and analysis in IoT forensics.
There are also some surveys investigating IoT forensics in different IoT applications. The works in , , ,  focus on forensic challenges associated with smart TVs, health and fitness related devices, vehicles, and smart cities, respectively.
HOU et al.: SURVEY ON DIGITAL FORENSICS IN IoT 5
In this article, we aim to outline the landscape of digital forensics in the IoT paradigm to provide guidance for forensic practitioners and researchers. We conduct a systematic review of the research status of IoT forensics under a 3-D framework and indicate future research directions.
IV. LANDSCAPE OF IOT FORENSICS
IoT forensics is a branch of digital forensics that carries out digital forensics in the IoT environment. Forensic researchers and practitioners have tried to make digital forensics applicable to the context of IoT. Therefore, IoT forensics still follows the principles of digital forensics. It consists of two basic aspects. One is the forensic investigation itself and the other is the ability that enables the forensic investigation.
Within a forensic investigation process, data is extracted from various media, then is transformed into information, and finally becomes evidence that can be legally acceptable in a court of law . Therefore, from the perspective of foren- sic investigations, there are two core questions, including how to obtain evidence and where to find evidence. The tempo- ral dimension explores how to generate legally accepted and reliable evidence in line with a standard forensic process in IoT environment, including collection, examination, analysis, and reporting. The spatial dimension focuses on completely identifying potential sources of evidence, that is, to answer where to find evidence. Case-related information in IoT can be collected from different data sources that can be grouped into three types, i.e., device, network, and cloud, based on the typical IoT architecture.
On the other hand, technical abilities to enable forensic investigations also play important roles in the landscape of IoT forensics. The technical dimension aims to explore appropriate techniques/tools for data collection, examination, and analysis. As the forensic environment changes, IoT poses challenges to existing forensic techniques/tools that need to update to deal with the forensics task in IoT environment. Based on our sur- vey, contemporary research on technical preparations for IoT forensics can be broadly divided into three categories includ- ing forensic readiness techniques, evidence extraction tools or techniques for different data sources, and some other forensic techniques to resolve challenges in IoT forensics.
Moreover, IoT forensics is under the legal principle. All activities and actions within investigations start with autho- rization and must comply with laws and regulations in the jurisdictions.
We then survey the literature on forensics in IoT environ- ment under a unified framework consisting of three orthogonal coordinates, as shown in Fig. 3. We try to illustrate in detail various aspects of IoT forensics, which may help forensic researchers and practitioners with a systematic understanding of this domain.
V. IOT FORENSICS FROM THE TEMPORAL DIMENSION
From the temporal dimension, a forensic investigation in IoT environment should be conducted within the standard process, so that the collected evidence can be admissible on the court.
Fig. 3. Landscape of IoT forensics with three dimensions.
A. Forensic Process in Smart Home Scene
When performing a forensic investigation in a smart home scene described in Section II, investigators need to identify objects of forensic interest (OOFIs) on the spot first, includ- ing smart camera, voice assistants and some other appliances. These smart appliances on the spot connect to network devices (i.e., smart hub) to communicate with the external environ- ment. So network traffic, cloud, and companion Apps on cell phones or PCs also need to be included in the investigation. First responders should consider the possible need to col- lect volatile data, which can be collected only from a live system that has not been rebooted or shut down since the event occurred.
Then, investigators need to examine the data obtained from OOFIs using specialized forensic toolkits to screen out the data related to the case. Therefore, investigators need to parse the data of different formats, which not only includes the data with relatively uniform formats from the phones and PCs but also the data with proprietary formats from various IoT devices.
Next, investigators correlate the data from different sources to identify people, places, items, events, and their relations to construct the facts of the case. For example, thermostat readings and lighting records may prove the presence of users when someone claimed he was out of the home and videos from cameras may show the individuals’ behaviors at home.
The three phases above can be iterative because new sources of evidence could be revealed during the analysis of data.
Finally, investigators need to review the actions performed in the above three phases to ensure that all evidence reaches a definitive explanation of what happened. They also need to report in detail the results of the analysis, which may include describing the actions already performed, explaining how tools and procedures were selected, and determining what other actions need to be performed.
B. Research on Forensic Models for IoT Forensics
As a branch of digital forensics, there is a consensus that IoT forensics follows the four-phase forensic process. However, there is no accepted digital forensic model that can help to con- duct digital investigations in an IoT-based environment. Some research aims to explore general and standard forensic mod- els to facilitate consistent, effective, and accurate actions in forensic investigations involving IoT.
6 IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020
Oriwoh et al.  proposed a 1-2-3 zone approach and a nest- best-thing (NBT) approach for evidence acquisition within the IoT domain. The 1-2-3 zone approach divided the investigation area into three zones: 1) the internal network; 2) the middle; and 3) the external network. The evidence extraction process in each zone can be conducted in parallel. The NBT triage model assists with the identification of additional sources of evidence when the primary source is unavailable. The two models are of guiding significance in the identification stage in IoT-based investigations.
Perumal et al.  have proposed a top-down model that follows the standard operating procedures (SoPs). During the investigation, this model starts with authorization and plan- ning. It introduces machine to machine (M2M) communication and integrates 1-2-3 zone model and triage model with the general forensic process to deal with IoT-based investiga- tions. Although this paper gives a complete model covering each stage of the digital forensic process, it mainly focuses on identification without dealing with analysis and other processes.
Rahman et al.  have highlighted the importance of forensic readiness and proposed a forensic-by-design frame- work for cyber-physical cloud systems (CPCSs) based on ISO/IEC 27043:2015 . The framework has defined the design principles of CPCS to facilitate forensic investigations. The principles comprise six factors, including risk manage- ment principles and practices, forensic readiness principles and practices, incident-handling principles and practices, laws and regulations, CPCS hardware and software require- ments, and industry-specific requirements.
DFIF-IoT  is a complete forensic framework to guide digital investigations in IoT-based infrastructures. The frame- work is composed of proactive process, IoT forensics, reac- tive process, and concurrent process. Proactive process aims to make IoT environment forensically ready. IoT forensics consists of cloud forensics, network forensics, and device level forensics. Reactive process is consistent with the tra- ditional forensic investigation process and will be performed in response to an incident of forensic concerns. Concurrent process is conducted throughout the whole process involv- ing obtaining authorization, documentation, preservation of the chain of custody, physical investigation, and interaction with physical investigations. Under the consideration of a complex set of relationships among different IoT entities, IDFIF-IoT  extended DFIF-IoT framework. Discussion of interactions in IoT ecosystems can assist with the planning process for gathering, storing, and handling digital evidence in advance before investigation. The two frameworks cover the complete forensic process, and are insightful in standardiza- tion of IoT-based forensic process. However, the recognition of the frameworks still needs to be discussed further by all stakeholders.
FSAIoT  pointed out that states of IoT devices or the changes of states could be of forensic value. It proposed a model for the state acquisition of plenty of IoT devices to deal with forensics on IoT devices. This paper implemented the prototype of the framework, which can acquire states of
devices from devices, clouds, and controllers, to prove its availability.
Zia et al.  proposed an application-specific digital foren- sic model for IoT forensics. The model provides guidelines for forensic investigations in …
We are a professional custom writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework.
Yes. We have posted over our previous orders to display our experience. Since we have done this question before, we can also do it for you. To make sure we do it perfectly, please fill our Order Form. Filling the order form correctly will assist our team in referencing, specifications and future communication.
2. Fill in your paper’s requirements in the "PAPER INFORMATION" section and click “PRICE CALCULATION” at the bottom to calculate your order price.
3. Fill in your paper’s academic level, deadline and the required number of pages from the drop-down menus.
4. Click “FINAL STEP” to enter your registration details and get an account with us for record keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
5. From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.
Need this assignment or any other paper?
Click here and claim 25% off
Discount code SAVE25