skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Grey Areas of Digital Forensic Tools and a Framework to Solve the IoT Data Forensic Analysis Problems
The constant and rapid evolution of technology has led to some amazing achievements. Normal people can communicate with others across the globe, relatively cheap Internet of Things (IoT) devices can be used to secure homes, track fitness and health, control appliances, etc., many people have access to a seemingly endless wealth of information in small devices in their pockets, organizations can provide high availability for important services by spinning up/down servers in minutes to scale with demand through cloud services, etc. However, not everyone who uses these technologies does so with a pure heart and good intentions, many people use them to commit or help commit crimes. A nefarious individual may use cloud services to host a highly available Command and Control (C2) server, a messaging app to form and communicate with a gang or hacking group, or IoT devices as part of a botnet designed to perform Distributed Denial of Service (DDoS) attacks. When these technologies are used in the commission of a crime, they hold valuable information that needs to be recovered forensically to use as evidence to convict the perpetrators. Unfortunately, that ever-evolving technology poses many challenges for digital forensics. This paper identifies and presents many of the challenges faced in digital forensics involving mobile devices, IoT devices, and cloud services in addition to proposing a framework for solving the IoT Forensic Data Analysis problem.  more » « less
Award ID(s):
2043302
PAR ID:
10559366
Author(s) / Creator(s):
;
Publisher / Repository:
Microservices 2022
Date Published:
Format(s):
Medium: X
Location:
Microservices 2022
Sponsoring Org:
National Science Foundation
More Like this
  1. (, IEEE transactions on dependable and secure computing)
    Smart homes are interconnected homes in which a wide variety of digital devices with limited resources communicate with multiple users and among themselves using multiple protocols. The deployment of resource-limited devices and the use of a wide range of technologies expand the attack surface and position the smart home as a target for many potential security threats. Access control is among the top security challenges in smart home IoT. Several access control models have been developed or adapted for IoT in general, with a few specifically designed for the smart home IoT domain. Most of these models are built on the role-based access control (RBAC) model or the attribute-based access control (ABAC) model. However, recently some researchers demonstrated that the need arises for a hybrid model combining ABAC and RBAC, thereby incorporating the benefits of both models to better meet IoT access control challenges in general and smart homes requirements in particular. In this paper, we used two approaches to develop two different hybrid models for smart home IoT. We followed a role-centric approach and an attribute-centric approach to develop HyBAC RC and HyBAC AC , respectively. We formally define these models and illustrate their features through a use case scenario demonstration. We further provide a proof-of-concept implementation for each model in Amazon Web Services (AWS) IoT platform. Finally, we conduct a theoretical comparison between the two models proposed in this paper in addition to the EGRBAC model (RBAC model for smart home IoT) and HABAC model (ABAC model for smart home IoT), which were previously developed to meet smart homes’ challenges. 
    more » « less
  2. ; ; (, IEEE transactions on dependable and secure computing)
    Smart homes are interconnected homes in which a wide variety of digital devices with limited resources communicate with multiple users and among themselves using multiple protocols. The deployment of resource-limited devices and the use of a wide range of technologies expand the attack surface and position the smart home as a target for many potential security threats. Access control is among the top security challenges in smart home IoT. Several access control models have been developed or adapted for IoT in general, with a few specifically designed for the smart home IoT domain. Most of these models are built on the role-based access control (RBAC) model or the attribute-based access control (ABAC) model. However, recently some researchers demonstrated that the need arises for a hybrid model combining ABAC and RBAC, thereby incorporating the benefits of both models to better meet IoT access control challenges in general and smart homes requirements in particular. In this paper, we used two approaches to develop two different hybrid models for smart home IoT. We followed a role-centric approach and an attribute-centric approach to develop HyBAC RC and HyBAC AC , respectively. We formally define these models and illustrate their features through a use case scenario demonstration. We further provide a proof-of-concept implementation for each model in Amazon Web Services (AWS) IoT platform. Finally, we conduct a theoretical comparison between the two models proposed in this paper in addition to the EGRBAC model (RBAC model for smart home IoT) and HABAC model (ABAC model for smart home IoT), which were previously developed to meet smart homes’ challenges. 
    more » « less
  3. (, Forensic science international)
    null (Ed.)
    The global pandemic of COVID-19 has turned the spotlight on video conferencing applications like never before. In this critical time, applications such as Zoom have experienced a surge in its user base jump over the 300 million daily mark (ZoomBlog, 2020). The increase in use has led malicious actors to exploit the application, and in many cases perform Zoom Bombings. Therefore forensically examining Zoom is inevitable. Our work details the primary disk, network, and memory forensic analysis of the Zoom video conferencing application. Results demonstrate it is possible to find users' critical information in plain text and/or encrypted/encoded, such as chat messages, names, email addresses, passwords, and much more through network captures, forensic imaging of digital devices, and memory forensics. Furthermore we elaborate on interesting anti-forensics techniques employed by the Zoom application when contacts are deleted from the Zoom application's contact list. 
    more » « less
  4. ; ; (, 2017 IEEE 3rd International Conference on Collaboration and Internet Computing)
    Abstract—Internet of Things (IoT) has become a pervasive and diverse concept in recent years. IoT applications and services have given rise to a number of sub-fields in the IoT space. Wearable technology, with its particular set of characteristics and application domains, has formed a rapidly growing subfield of IoT, viz., Wearable Internet of Things (WIoT). While numerous wearable devices are available in the market today, security and privacy are key factors for wide adoption of WIoT. Wearable devices are resource constrained by nature with limited storage, power, and computation. A Cloud-Enabled IoT (CEIoT) architecture, a dominant paradigm currently shaping the industry and suggested by many researchers, needs to be adopted for WIoT. In this paper, we develop an access control framework for cloud-enabled WIoT (CEWIoT) based on the Access Control Oriented (ACO) architecture recently developed for CEIoT in general. We first enhance the ACO architecture from the perspective of WIoT by adding an Object Abstraction Layer, and then develop our framework based on interactions between different layers of this enhanced ACO architecture. We present a general classification and taxonomy of IoT devices, along with brief introduction to various application domains of IoT and WIoT. We then present a remote health and fitness monitoring use case to illustrate different access control aspects of our framework and outline its possible enforcement in a commercial CEIoT platform, viz., AWS IoT. Finally, we discuss the objectives of our access control framework and relevant open problems. 
    more » « less
  5. ; ; (, WCSE)
    The increasing prevalence of Internet of Things (IoT) devices has introduced significant challenges in digital forensic investigations, requiring new strategies for effective evidence prioritization and analysis. Traditional forensic methods struggle with data heterogeneity, volatility, and legal constraints, making IoT evidence collection complex and time-sensitive. This paper presents a weighted prioritization model (WPM) that ranks IoT devices based on six forensic criteria, enabling investigators to focus on highpriority evidence first, reducing data loss and optimizing forensic workflows. Through case studies in arson, homicide, and missing person investigations, we demonstrate how WPM enhances investigative decisionmaking and resource allocation in real-world forensic scenarios. The proposed framework offers a structured, scalable, and adaptable approach to IoT forensic investigations, improving efficiency, reliability, and legal compliance in digital evidence collection. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email