Abstract
IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.
Highlights
IntroductionThis discipline is incessantly adapting its tools, procedures and methodologies to cover new contexts and scenarios
Computer forensics is in constant evolution. This discipline is incessantly adapting its tools, procedures and methodologies to cover new contexts and scenarios. Such is the case of IoT-Forensics [1], which is the term coined to describe a new branch of computer forensics dedicated to the particular features and requirements of digital investigations in Internet of Things (IoT) scenarios
The first use case presents a malware infection scenario, which shows the flexibility of PRoFIT to properly balance digital forensics and data privacy
Summary
This discipline is incessantly adapting its tools, procedures and methodologies to cover new contexts and scenarios. To operate as a digital witness and be eligible as a member of a DCoC-IoT, a personal device must satisfy the following properties or capabilities: Anti-tampering behavior: a digital witness must integrate some form of Trusted Computing Hardware (e.g., Secure Element, TPM) to provide anti-tampering capabilities to the device. Embedding such hardware inside the device enables detecting whether digital evidence has been compromised and performing periodic integrity checks of the device. If the device is found to have been corrupted it will not be allowed to participate in a DCoC-IoT
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
