Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Emulation Versus Instrumentation for Android Malware Detection Read chapter Read first chapter

2021 | OriginalPaper | Chapter

Towards a Generic Approach of Quantifying Evidence Volatility in Resource Constrained Devices

Authors : Jens-Petter Sandvik, Katrin Franke, André Årnes

Published in: Digital Forensic Investigation of Internet of Things (IoT) Devices

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Forensic investigations of the Internet of Things (IoT) is often assumed to be a combination of existing cloud, network, and device forensics. Resource constraints in many of the peripheral things, however, are affecting the volatility of the potential forensic evidence, and evidence dynamics. This represents a major challenge for forensic investigations. In this chapter, we study the dynamics of volatile and non-volatile memory in IoT devices, with the Contiki operating system as an example. We present a way forward to quantifying volatility during the evidence identification phase of a forensic investigation. Volatility is expressed as the expected time before potential evidence disappears. This chapter aims to raise awareness and give a deeper understanding of the impact of IoT resource constraints on volatility and the dynamics of forensic evidence. We exemplify in which way volatility can be quantified for a popular operating system and provide a path forward to generalize this approach. The quantification of the volatility of potential evidence helps investigators to prioritize acquisition and examination tasks to maximize the likelihood of collecting relevant evidence from resource-constrained devices. Our work contributes to establishing a scientific base for evidence volatility and evidence dynamics in IoT devices. It strengthens methods for on-scene triage, event reconstruction, and for assessing the reliability of evidence findings.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Emulation Versus Instrumentation for Android Malware Detection
next chapter Application of Artificial Intelligence and Machine Learning in Producing Actionable Cyber Threat Intelligence
Footnotes
1
This assessment can go both ways. Either prioritize the high volatility device to collect data before it disappears, or prioritize the low volatility one because there is only time to collect data from one of the devices.
 
2
Non-Uniform Memory Access.
 
4
Free as in beer and speech.
 
Literature
1.
Conti M, Dehghantanha A, Franke K, Watson S (2017) Internet of things security and forensics: challenges and opportunities. Future Gener Comput Syst
2.
Casey E (2002) Error, uncertainty, and loss in digital evidence. Int J Digit Evid 1(2):45
3.
Roussev V, Quates C, Martell R (2013) Real-time digital forensics and triage. Digit Investig 10(2):158–167CrossRef
4.
Brezinski D, Killalea T (2002) RFC 3227: guidelines for evidence collection and archiving. RFC 3227
5.
Årnes A, Flaglien A, Sunde IM, Dilijonaite A, Hamm J, Sandvik J-P, Bjelland P, Franke K, Axelsson S (2017) Digital forensics. Wiley, Ltd
6.
Ruan K, Carthy J (2013) Cloud forensic maturity Model. In: Digital forensics and cyber crime. ICDF2C 2012. Lecture notes of the institute for computer sciences, social informatics and telecommunications engineering, vol 114. Springer, Berlin, Heidelberg. pp 22–41
7.
Dykstra J, Sherman AT (2012) Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digit Investig 9(SUPPL.)
8.
Zulkipli NHN, Alenezi A, Wills GB (2017) IoT forensic: bridging the challenges in digital forensic and the internet of things. In: Proceedings of the 2nd international conference on internet of things, big data and security, pp 315–324, Jan 2017
9.
Montasari R, Hill R (2019) Next-generation digital forensics: challenges and future paradigms. In: Proceedings of 12th international conference on global security, safety and sustainability, ICGS3 2019
10.
Sandvik J-P, Årnes A (2018) The reliability of clocks as digital evidence under low voltage conditions. Digit Invest 24:S10–S17CrossRef
11.
12.
Cover TM, Thomas JA (2006) Elements of information theory, 2nd edn. Wiley, Inc., Hoboken, New JerseyMATH
13.
Klaver C (2010) Windows mobile advanced forensics. Digit Investig 6(3–4):147–167CrossRef
14.
Murphy KE, Carter CM, Brown SO (2002) The exponential distribution: the good, the bad and the ugly. A practical guide to its implementation. In: Proceedings of the annual reliability and maintainability symposium, pp 550–555
15.
Billinton R, Allan RN (1992) Reliability evaluation of engineering systems. Springer US, Boston, MACrossRef
16.
Meza J, Wu Q, Kumar S, Mutlu O (2015) A large-scale study of flash memory failures in the field. Perform Eval Rev 43(1):177–190CrossRef
17.
Dunkels A, Grönvall B, Voigt T (2004) Contiki—a lightweight and flexible operating system for tiny networked sensors. In: Proceedings—conference on local computer networks, LCN, pp 455–462
18.
Eclipse Foundation (2019) Eclipse IoT developer survey 2019. Technical report, Eclipse Foundation, Apr 2019
Metadata
Title
Towards a Generic Approach of Quantifying Evidence Volatility in Resource Constrained Devices
Authors
Jens-Petter Sandvik
Katrin Franke
André Årnes
Copyright Year
2021
Book
Digital Forensic Investigation of Internet of Things (IoT) Devices

Print ISBN: 978-3-030-60424-0

Electronic ISBN: 978-3-030-60425-7

Copyright Year: 2021

DOI
https://doi.org/10.1007/978-3-030-60425-7_2

Premium Partner

    Image Credits