AbstractThe increased frequency and severity of cybersecurity incidents impacting healthcare organizations has prompted the publication of suggested best practices for these organizations, when attempting to respond to incidents in their respective settings. While these best practices provide a wealth of information on how to respond to a cybersecurity incident impacting medical devices, minimal information is provided related to the forensics investigation of the devices themselves. A growing appetite for digital evidence from medical devices, coupled with limited practical guidance from industry best practices prompts an investigation into identifying tools and techniques to assist digital forensic investigators with device disassembly, data acquisition, and preservation of evidence in medical devices. This paper presents the results of a detailed exploratory case study involving the digital forensic investigation of a General Electric MAC 800 electrocardiogram medical device. The contributions of this research are threefold. First, it provides an empirical demonstration of practical techniques for acquiring and examining residual data from the electrocardiogram medical device. Second, the research documents the artifacts that can be recovered from the medical device, which could be used as potential evidence. Third, it provides the foundation for future investigations regarding the tools and processes suitable for examining additional medical devices.This article is categorized under: Digital and Multimedia Science > Cybercrime Investigation Digital and Multimedia Science > IoT Forensics
Read full abstract