Common Investigation Process Model for Internet of Things Forensics

TL;DR

This paper introduces a unified investigation process model for IoT forensics, aiming to address heterogeneity challenges and improve organization and management of forensic tasks in IoT environments.

Contribution

It proposes the Common Investigation Process Model (CIPM), a metamodeling approach with four core processes to standardize IoT forensic investigations.

Findings

CIPM simplifies IoT forensic investigations.

Enhances organization and task management in IoT forensics.

Addresses heterogeneity challenges in IoT environments.

Abstract

Internet of Things Forensics (IoTFs) is a new discipline in digital forensics science used in the detection, acquisition, preservation, rebuilding, analyzing, and the presentation of evidence from IoT environments. IoTFs discipline still suffers from several issues and challenges that have in the recent past been documented. For example, heterogeneity of IoT infrastructures has mainly been a key challenge. The heterogeneity of the IoT infrastructures makes the IoTFs very complex, and ambiguous among various forensic domain. This paper aims to propose a common investigation processes for IoTFs using the metamodeling method called Common Investigation Process Model (CIPM) for IoTFs. The proposed CIPM consists of four common investigation processes: i) preparation process, ii) collection process, iii) analysis process and iv) final report process. The proposed CIPM can assist IoTFs users to facilitate, manage, and organize the investigation tasks.