Forensic analysis of the Xiaomi Mi Smart Sensor Set

Abstract

Forensic investigations in the Internet of Things (IoT) are becoming ever more important as the number of cyberincidents that occur in it continues to rise. As a result, it has become necessary to determine how to proceed in performing examinations in this environment, as its novelty and new characteristics demand the development of new forensic solutions that can guarantee a complete and efficient analysis. The approach followed until now by the research community has been to examine the most popular IoT devices and systems with the aim of gaining an insight into what data can be extracted from them, how to extract these data, and what limitations an investigator may encounter in the process. Following this idea, this article, apart from studying the state of the art of IoT forensic investigations, details the examination process for the “Xiaomi Mi Smart Sensor Set” smart home kit, emphasizing the acquisition and analysis of the three main types of forensic evidence: non-volatile memory, volatile memory and network traffic. In particular, we extract and list the useful forensic artifacts that can be obtained from this kit, describing their purpose and location.