Learn to use AI like a Pro. Learn More

Internet of Things (IoT) Forensics

Estimated read time: 1:20

    Learn to use AI like a Pro

    Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo
    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo

    Summary

    In this engaging presentation, Kelli McGhiey dives into the realm of IoT forensics, highlighting its methodologies, challenges, and future outlook. As IoT devices become increasingly pervasive, understanding and investigating the risks associated with these interconnected systems is crucial. The speech explores various facets of IoT forensics, such as mapping ecosystems, digital provenance, and ethical hacking, emphasizing the need for specialized tools and techniques to tackle unique issues in preserving and analyzing data from these dynamic environments. Moreover, Kelli discusses the essential role of security and regulatory frameworks to keep pace with rapid technological advancements, ensuring user data privacy and system integrity.

      Highlights

      • IoT forensics involves investigating cybercrimes within IoT systems using digital forensics techniques. πŸ”
      • Mapping the IoT ecosystem is essential for understanding case details and potential sources of evidence. πŸ—ΊοΈ
      • Preservation of evidence in IoT environments is challenging due to varied hardware and software architectures. πŸ’Ύ
      • Ethical hacking helps uncover security vulnerabilities, showing the need for better design protocols. πŸ›‘οΈ
      • Future growth in IoT requires better security measures and governmental regulations to protect user data. πŸ“ˆ

      Key Takeaways

      • Understanding IoT forensics is crucial as IoT devices proliferate, pointing to the need for specialized tools to handle unique challenges. πŸ•΅οΈβ€β™‚οΈ
      • Ethical hacking reveals alarming security gaps in IoT devices, stressing the importance of building security by design. πŸ”
      • Preserving a digital crime scene in IoT is complex due to the dynamic nature of interconnected devices and lack of standard logs. πŸ’Ύ
      • The future of IoT forensics involves more supportive regulations and standardized practices to secure devices and data. πŸ“œ
      • IoT forensics must grow with the expanding digital landscape, adapting methods to suit high volumes of data and interconnected systems. 🌐

      Overview

      Kelli McGhiey provides an insightful overview of IoT forensics, showcasing its vital role in today's connected world. By defining the IoT as an ecosystem of interconnected devices, she stresses the investigative needs for this rapidly expanding field. IoT forensics uses digital methods to probe cybercrimes affecting these networks, which come with their own unique complexities.

        She explains various forensic methodologies, like ecosystem mapping and ethical hacking, which are crucial to understanding and tackling cyber issues. With billions of sensors and devices interacting, traditional methods often fall short, requiring an advanced approach to handle the scale and heterogeneity of these systems. McGhiey emphasizes the need for digital provenance and proper toolsets to maintain data integrity and security in IoT.

          Looking ahead, McGhiey anticipates massive growth in IoT, projecting billions of devices by 2027. This underscores the urgent need for robust security frameworks and legislative measures to ensure data protection. By integrating security into the design of IoT devices and emphasizing regulatory compliance, she argues for a future where digital safety is prioritized amidst technological innovation.

            Chapters

            • 00:00 - 01:00: Introduction to IoT Forensics This chapter introduces the concept of IoT Forensics, presented by Kelly McGee. It highlights the increasing connectivity through the Internet of Things (IoT), which drives the evolution of communication and data sharing. IoT is described as a network of interconnected devices that communicate via standardized protocols over the internet.
            • 02:00 - 07:30: IoT Forensic Methodologies The chapter discusses the evolution of technology, with a focus on the increasing connectivity of devices, known as the Internet of Things (IoT). These devices, which include cloud computing resources, mobile devices, computers, tablets, sensors, and RFID technology, form a dynamic and heterogeneous environment made up of billions of connected entities.
            • 12:00 - 24:00: IoT Forensics Challenges The chapter titled "IoT Forensics Challenges" introduces the concept of Internet of Things (IoT) forensics. It defines IoT forensics as a framework that applies digital forensic methods to IoT devices in order to investigate cybercrimes occurring within IoT systems. The chapter highlights the complexity of this field, considering the vast extent of IoT systems that can comprise billions of sensors and chips, interacting over various networks and frameworks.
            • 24:00 - 31:00: Future of IoT and Forensics The chapter discusses the challenges and necessary adaptations in digital forensics due to the complex nature of IoT (Internet of Things). It highlights that traditional digital forensic techniques are often insufficient for IoT devices, thus requiring investigators to implement best practices and tailor their approaches to address the unique characteristics and demands of IoT during investigations.
            • 31:30 - 39:00: Regulations and Security Measures The chapter discusses the evolving landscape of the Internet of Things (IOT) and how current forensic methods and techniques are adapting to meet its complex demands. It highlights the necessity for forensic investigators to understand the unique challenges and complexities of IOT environments. Additionally, it stresses the importance of possessing the appropriate tools and equipment to conduct thorough and reliable forensic examinations. The chapter also mentions various methodologies relevant to IOT forensics.

            Internet of Things (IoT) Forensics Transcription

            • 00:00 - 00:30 hello and welcome my name is Kelly McGee and this is my presentation called internet since forensics methodologies challenges and the future of IOT in a while becoming more and more connected through technology the main driving force behind this evolution of communication and data sharing is the Internet of Things what is the Internet of Things IOT refers to all the devices that are interconnected between each other and connected to the Internet by using various standardized communication
            • 00:30 - 01:00 as technology evolves more and more devices or appliances are becoming smart and are then able to connect to the internet and other devices IOT is made up of a combination of major technology areas including but not limited to cloud computing mobile devices computers and tablets sensors and RFID IOT is a dynamic and heterogeneous environment that is made up of billions of connected
            • 01:00 - 01:30 devices that are capable of communicating with other devices across different networks and frameworks what is IOT forensics IOT forensics is a framework using digital forensics on IOT devices to investigate cyber crime perpetrated on an IOT system IOT forensics attempts to bridge the overarching scope of IOT systems that may include billions of sensors chips
            • 01:30 - 02:00 devices machines and software due to the complex nature of IOT many traditional digital forensics methods and techniques alone are not sufficient to perform reliable investigations on IOT devices for that reason investigators need to be able to implement digital forensics best practices when developing and carrying out their examination while paying careful attention to the unique characteristics and demands of the IOT
            • 02:00 - 02:30 online environment as IOT is continually changing current forensic methods and techniques are being adapted to fit the needs the complex structures created by IOT an alt forensic investigator must be knowledgeable on the nature of IOT including the challenges and difficulties and have the proper equipment and tools to conduct a reliable and sound forensic examination a couple of IOT forensic methodologies
            • 02:30 - 03:00 that we will look at today include mapping the IOT ecosystem IOT forensic steps digital provenance and ethical hacking when preparing for an IOT forensic investigation it is important to prepare and outline the nature of the case and the IOT system involved a forensic investigator must map the IOT ecosystem that will be examined to determine the details of the case such as devices within the network and if
            • 03:00 - 03:30 they can be seized types and amount of digital evidence and the types of hardware software and specifically operating systems the first layer is the interface layer which consists of various application programming interfaces or api's and methods for content retrieval api's and account functions are accessed and analyzed by forensic investigators through fingerprint collection collection or
            • 03:30 - 04:00 other forms of user credentials with this layer investigators can identify potential suspects through biometric evidence or personal login information the second layer is a service layer which illustrates revenue and distribution models allowing investigators to retrieve and use service level agreements SLA s to identify services rendered and the nature of users business on a given
            • 04:00 - 04:30 platform the network layer deals with the complexity that is created with the usage of the Internet smart devices data storage on both hardware and the cloud data collection or retrieval security and privacy issues usage of social media and there privacy policies and the collection and the lab analysis of evidence logs within this layer investigators need to obtain the source and destination addresses
            • 04:30 - 05:00 flow a flow of information and malicious programming details that are revealed through logging log analysis lastly the sensing layer is the heart of the IOT system or the tangible tangible pieces that make up the things that are the Internet of Things this includes sensors smart objects and devices connection media and other hardware at
            • 05:00 - 05:30 this level forensic investigators can use catch or memory data of the IOT hardware for analysis and determine the physical location and the use of IOT this ilt ecosystem framework aids in the planning and mapping of forensic investigations forensic investigators can determine the types of IOT devices they are expecting to examine within the
            • 05:30 - 06:00 network how the data is stored on the hardware or on the internet what applications or software is being used and the security and policy levels for users on the program after mapping out the network of IOT devices that will be investigated an IOT forensic investigator will carry out the traditional forensic steps with the focus on IOT needs and elements the identification of devices and
            • 06:00 - 06:30 connections within an IOT ecosystem as shown in this figure is the first step and perhaps the most important in starting an IOT investigation accurately identifying each IOT device within a network can become difficult when each device can physically and digitally vary in volume and scale some devices can be relatively small and seemingly insignificant compared to its larger complex IOT ecosystem but every
            • 06:30 - 07:00 node or device that is interconnected within an IOT system is important and could be used as a source of can can be a source of vulnerability and have incriminating data stored within its memory though in some cases temporal logs may not be available for analysis and some areas of the network cannot be examined IOT investigators need to find and collect as much relevant evidence
            • 07:00 - 07:30 that is available to them and map out and recreate a digital image of the IOT system one of the biggest challenges for an IOT forensics investigation lies in preservation preservation is preservation of an entire digital crime scene is difficult with such a dynamic environment with varying hardware software architectures resources of power and memory and unreliable or
            • 07:30 - 08:00 sometimes non-existent logs that we see in IOT without the proper tools access or professional skills to be able to access and preserve the IOT forensic image preservation can be very difficult or sometimes impossible the same goes for the analysis of IOT systems and the data and evidence that is collected without proper tools conducting examinations on the collected evidence
            • 08:00 - 08:30 is almost impossible when working with potentially large online IOT ecosystems there will be a large amount of data including unnecessary data that can test the capacity of the investigator and their knowledge tools or laboratory laboratory or workstation abilities forensic investigators may have access to too much or too little evidence that is needed to identify a hacker but being
            • 08:30 - 09:00 able to sort through the data information to find material evidence that is relevant for an investigation is the mission of an investigator lastly the presentation step of the forensic investigation will be the culmination of the findings of each of the previous steps if working with a criminal case an IOT investigator can serve as an expert witness in a court case if hired privately to investigate vulnerabilities within an organization's
            • 09:00 - 09:30 corporate IOT network an ilt investigator must be able to explain their findings accurately and clearly for use of handling a civil dispute or to shape and develop corporate policies if an IOT forensic investigator can successfully collect preserve and analyze the evidence within an IOT ecosystem presentation of the evidence should be easy and reach the investigation goals of the examiner
            • 09:30 - 10:00 digital provenance is another forensic method that can be used within an IOT system it refers to the record of information flow within a computer system that is used to assess the origin of data its quality and validity now being applied to cyber crimes within IOT digital provenance is being used as a means to detect and explain intrusion intrusions within a network Digital provenance records are shown in graphs
            • 10:00 - 10:30 that map the causality relationships between objects that compose a complex system which perfectly describes the ecosystem of IOT provenance graphs can be used by IOT investigators in their analysis of evidence allowing them to understand where when how by whom and why data is being used if interwoven into IOT system frameworks digital provenance could assist in the preservation preservation step of
            • 10:30 - 11:00 forensics as well as capture as a capture mechanism to ensure completeness accuracy and trustworthiness of digital forensic data and evidence ethical hacking is a valuable tool across digital forensics to step into the role of a hacker and test the device or system for its vulnerabilities ethical hacking has been used as a tool to explore the deep insecurities within IOT and ethical hackers have found that
            • 11:00 - 11:30 most devices level of security is inadequate and sometimes non-existent which is alarming when many devices hold users personal information such as credit card details health information or system credentials according to Billy Rios one of the world's top ethical hackers many computing devices were originally designed for closed systems and are not equipped for the hardware software iOS demands of an online
            • 11:30 - 12:00 connected IOT system for that reason developing technology with the hope of security with the hope that security will simply catch up has been a major theme within lt's evolution also revealing a main point of compromise for those systems which is security next we will look at the challenges of IOT forensics when devices are sending and
            • 12:00 - 12:30 receiving data over the Internet there are security vulnerabilities that arise but with the scale and interconnectivity of IOT the risks rise exponentially the main challenge and concerns surrounding IOT is security by nature IOT systems are more vulnerable and susceptible to security threats the data and information needed for many devices to properly and effectively function are sometimes innately personal such as information used with wearable
            • 12:30 - 13:00 technology or healthcare IOT as technology and companies continue to grow their repertoire of IOT possibilities there is more focus on innovation specifically rapid innovation to stay on top of the IOT market the trade off with that innovation however has always been security as the benefits of the newest I would see connected devices overshadow the need and urgency of heightened
            • 13:00 - 13:30 security measures this lack of security and the existence of vulnerabilities within IOT systems are is directly related to IOT forensics and the prevalence of Iowa T related cyber crimes with the example of a network found at a typical modern home an investigator may come across a mobile phone a computer a smart television potentially a hall a smart home security
            • 13:30 - 14:00 system and other small devices that are other that are interconnected with each other on a home network or on the internet and on the Internet just as those devices just among these devices alone there could be several different brands platforms frameworks and data saving and sharing capabilities the next two challenges of IOT forensics are the
            • 14:00 - 14:30 lack of standardization and scalability within IOT devices a single IOT system can house different proprietary data formats methods of communication and large amounts of data that can can or need to be extracted with wide range of devices that can become objects of interest within an IOT investigation
            • 14:30 - 15:00 this creates security risk for users who are unaware of the varying data formats or privacy settings across their interconnected IOT devices as well as create challenges for IOT investigators who need to accurately map and identify and especially hard to preserve such a dynamic online environment next is the potential misuse of data IOT device
            • 15:00 - 15:30 users may wonder how and why is my data being used when dealing with IOT devices we traditionally only see we traditionally only saw tech companies providing IOT solutions but now as IOT becomes more widespread across different industries chip and small many small computer manufacturers are now benefiting from IOT becoming used in other markets and industries who
            • 15:30 - 16:00 then becomes the holder of your data the product manufacturer or the chip manufacturer in the realm of interconnectivity with in IOT data become so heavily stored and shared and the flow of information sometimes becomes skewed and IOT forensics must make it their goal to recreate those online communications if dealing with a compromised system regardless of the
            • 16:00 - 16:30 type of cybercrime whether it's whether it's a hacker or a corporation corporations such as Cambridge analytical exploiting personal data of users security around personal data has become a growing concern for IOT device users as suspicions of surveillance or corporate use of personal data grow with the prevalence of IOT systems so what
            • 16:30 - 17:00 can we expect for the future of IOT there is a lot of growth anticipated for IOT over the next few years and into the next decade IOT has significantly increased the number of smart devices and in ten intelligent autonomous services and has led to the growth of cloud infrastructures for data transfer storage and analysis we can expect manufacturers and technology companies
            • 17:00 - 17:30 to turn to IOT technology and connections across industries and fields such as agriculture advertising and media automobiles oil and gas Public Safety security management and management healthcare manufacturing and telecommunications to just name a few some data points and pretty interesting predictions and expectations for IOT
            • 17:30 - 18:00 include well currently 127 devices are connected to the Internet every second 41 billion IOT devices are connected globe are expected to connect globally by 2027 to support that 41 billion IOT devices it is expected that 779 point four is a two bytes of data we are going to be produced and on the flip
            • 18:00 - 18:30 side needs beep supported 1.9 billions 5 - subscriptions are expected as IOT grows the home IOT market is expected to grow to fifty three point four five billion but billion dollars by 2020 - 70% of cars will be connected to the Internet by 2023 and health care and the health care aisle tu market is expected
            • 18:30 - 19:00 to grow 100 to 140 billion dollars by 2020 for the future of IOT has its implications on IOT security and forensics IOT devices and capabilities are drastically changing the way we communicate and function online rapidly and many times users and digital forensics professionals are left playing catch-up to those effects on society the
            • 19:00 - 19:30 expected growth of the IOT must be met with forensic methods and practices fitting for the scope volume and capabilities of IOT devices in coming years security consultant root Bruce Schneier warns the dangers of society warns of the dangers to society with the reckless expansion of IOT how the now he explains how the novelties of prom and promises of IOT technology can
            • 19:30 - 20:00 to security and private privacy catastrophe for this reason Bruce Schneier stresses the need for government intervention or supervision regarding security requirements this leads to the two-pronged approach effective ILC security can be developed through manual manufacturing reform and laws and regulations that support security and privacy to improve and
            • 20:00 - 20:30 create a more secure IOT online environment users need to raise awareness to companies and government decision-makers about the critical role of security to to protect their privacy and sensitive data as manufacturers may rethink how they develop the latest IOT devices one approach can that can guide companies towards conscious best practices is security by design in
            • 20:30 - 21:00 essence this approach focuses on developing security software and frameworks into the design of IOT devices making security part of the model design rather than an afterthought security by design also means accountability by design allowing for more transparency and trust between users and the devices they are using to share and store personal information turning turning to security professionals and consultants for
            • 21:00 - 21:30 guidance in developing regulations is also important to avoid conflicts of interest from manufacturers or vendors and ensure that appropriate measures are being enforced many countries are creating regulatory groups and organizations with the goal of IOT security the Electronic Privacy Information Center in the United States the general data protection regulation in the EU and individual countries including Japan Canada Mexico and
            • 21:30 - 22:00 Australia have addressed the topic of data governance and are taking steps towards creating a formal IOT regulatory framework the gdpr and its forthcoming privacy regulation will place the responsibility on data controllers to protect personal data of users and notify users of breaches relating to account relating back to the accountability aspect of
            • 22:00 - 22:30 security by design approach no industry improves the safety and security of its products and services without being compelled by the by government regulation by the same token companies need to abide by OSHA regulations to protect employees food safety regulations are in place and regulated by the FDA and car manufacturers aim for high safety ratings and require safety features like airbags think of security
            • 22:30 - 23:00 for IOT s think of security for IOT as a airbag or protective equipment as IOT develops there will be there will be there will need to be laws and regulations in place for the standardization of data across platforms increased privacy policies and procedures and Heights and security for users of IOT devices the goal is to make security a priority and a requirement
            • 23:00 - 23:30 for manufacturers and technology companies however success a successful method for governmental intervention will most likely come in the form of an economic and technical incentive that rewards companies for upholding security standards and building cyber cyber security into its products while punishing those companies that do not Shanaya also argues to this point calling for a new federal agency to be
            • 23:30 - 24:00 created that researches advises and coordinates responses to threats the challenge and the goal for IOT forensics is to acknowledge that every single device created every new sensor that is deployed and every single byte that is synchronized the Nile tea environment has the potential of being a vital being vital to an IOT investigation thus investigators need to have the correct
            • 24:00 - 24:30 specialized tools and techniques and procedures to to secure IOT networks and examine the residual data of a compromised oil tea environment the goal of IOT forensics should be to create a framework that is based on the correlation of data and metadata of IOT devices traditional tools methods and procedures can be applied to IOT forensics however investigators need to be wary and attentive of the unique
            • 24:30 - 25:00 needs and demands of an online iot environment to investigate and uncover evidence in an in a cyber crime perpetrated in an IOT system an investigator needs to be able to identify evidence and vulnerabilities in the system and understand the characteristics and nature of the IOT devices along with the with the network connections and their infrastructure where the data it resides