A context-centered methodology for IoT forensic investigations
- PDF / 4,461,723 Bytes
- 27 Pages / 595.276 x 790.866 pts Page_size
- 69 Downloads / 233 Views
REGULAR CONTRIBUTION
A context-centered methodology for IoT forensic investigations Juan Manuel Castelo Gómez1
· Javier Carrillo Mondéjar1 · José Roldán Gómez1 · José Luis Martínez Martínez1
© Springer-Verlag GmbH, DE 2020
Abstract The weakness of the security measures implemented on Internet of Things (IoT) devices, added to the sensitivity of the data that they handle, has created an attractive environment for cybercriminals to carry out attacks. This has caused a substantial increase in the number of cyberincidents, requiring the opening of digital investigations in order to shed light on what has occurred. However, the characteristics of this new environment, such as its variety of contexts, make it impossible to use the methodology followed until now in conventional analysis. Therefore, a new common procedure is needed to ensure that IoT examinations are carried out in a complete and efficient manner. In this article, after reviewing the methodological requirements of IoT forensics, and studying the suggestions made by the research community, a methodology to perform investigations in a certain context of the IoT environment is proposed. In addition, its practicality is evaluated in three different security incident scenarios, proving its effectiveness and appropriateness to be used in future cases. Keywords IoT forensics · Internet of Things · Forensic methodology · Non-volatile memory
1 Introduction The broad definition given to the Internet of Things has made it very difficult to establish boundaries on what is considered the IoT, and the growth that this environment has experienced over recent years has not facilitated the task. The concept was introduced by Kevin Ashton in 1999, and it was used for the application of Radio-Frequency Identification (RFID) in a supply chain [1]. More than twenty years later, it is still used for that purpose, but its range has expanded so immensely that we can no longer consider that the IoT exists only in an industrial context. On the contrary, it is almost impossible to imagine a scenario in which an IoT device cannot be present. Unfortunately, the approach followed by developers in the design of security measures for IoT devices has not been as successful as their growth, and this is evidenced by the number of cyberattacks detected in the first half of 2019, which surpassed a hundred million, seven times higher than the previous year. On scrutinizing the data, it can be seen that 60% of the attacks targeted the Telecommunication Network (Telnet) [2] service, which is well known to be deprecated
B 1
Juan Manuel Castelo Gómez [email protected] Universidad de Castilla-La Mancha, Albacete Research Institute of Informatics, Investigación 2, Albacete 02071, Spain
due to its security flaws. Additionally, the vector used in those attacks was mainly brute force, taking advantage of the weak default configuration of the devices and gaining access to them with the default credentials, which was also used in attacks aimed at the Secure SHell (SSH) service [3]. The c
Data Loading...
