Light Dark
March 22, 2017 By Usama Salama 2 min read
Endpoint
Risk Management

Interconnecting smart devices open companies, government agencies and individual consumers to a whole new world of useful applications. But while the Internet of Things (IoT) makes our day-to-day lives more convenient and dynamic, it also creates more opportunities for malicious actors to attack in ways that directly impact us.

Today, discussions around IoT typically focus on applications, benefits and privacy, while there isn’t much talk about incident response and forensic investigations. The need for an intelligent, adaptable forensic methodology to investigate IoT-related crimes, however, is becoming pertinent.

Forensics Investigations in the New Age

Digital forensics is slowly developing as a solution to this problem. At its core, this brand of forensics is the process of identifying, preserving, analyzing and presenting digital evidence to the court of law. It does so using well-defined principles and accredited tools.

IoT forensics has more areas of interest than traditional forensics. In addition to the traditional type of networks — wired, Wi-Fi, wireless and mobile — IoT also has the RFID sensor network. Different IoTware such as appliances, tags and medical devices should be considered as sources of evidence during investigation as well.

The main challenge in investigating an IoT crime is introduced by the dynamic nature of IoT solutions. IoT is a combination of many major technology areas, which includes cloud computing, mobile devices, computers and tablets, sensors and RFID technologies. As a result, forensics for IoT will encompass all of these aforementioned areas.

Sources of evidence on IoT can be categorized into three groups:

  1. All evidence collected from smart devices and sensors;
  2. All evidence collected from hardware and software that provide a communication between smart devices and the external world (e.g., computers, mobile, IPS, IDS and firewalls), which are included in traditional computer forensics; and
  3. All evidence collected from hardware and software that are outside the network under investigation. This group includes cloud, social networks, ISPs and mobile network providers, virtual online identities and the internet.

A Multifaceted Approach

While there are no defined principles for IoT forensics, investigations will significantly rely on the mechanical and physical nature of the smart device, since identifying evidence sources is a major challenge. Evidence could be collected from fixed sensors in homes and buildings, moving sensors built into cars and wearable devices, communication devices, cloud storage and even ISP logs. However, another main challenge is constrained evidence collection due to proprietary jurisdictions.

Cloud forensics will also play a main role in reinforcing cybersecurity best practices, since all data generated by IoT components will be stored on cloud due to its scalability, capacity and convenience.

As a result of the continued growth in the number of IoT-connected devices, it has become a necessity to develop a new process to investigate IoT-related incidents. Addressing security concerns will rely on a new era of digital forensics and best practices to simulaneously verify and leverage physical and digital evidence within a changing regulatory landscape.

 |  |  |  |  | 
Usama Salama
Fraud and Forensics Data Scientist, IBM

More from Endpoint
November 28, 2023

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature