Sensors: – the main function of sensors in IoT is to monitor the IoT environment for example the temperature in smart home or person’s activities in wearable smart devices, and based on the sense mode, the sensor starts collecting measurements and information, these collected information I. from one sensor or more usually would not be useful in its analog form, so there is a need to be processed and analyzed.
II. Local ProcessingLocal Storage: – after data is received from sensors, microcontrollers and embedded boards are used to process data and stored it locally, a very important aspect of these devices is that it has limited storage unit, especially in Smart Home devices and wearable smart devices,
III. Network and Internet: – collected data is transmitted through Gateways to IoT service provider, protocols could be used at this level (MQTT, CoAp, AMQP …etc.).
IoT Cloud: – data finally is stored in the IoT service provider servers, IoT provider could process the data and usually provide the user with a web interface to access data after processing and analysis1. IoT Forensics Challenges
Digital forensics encompasses four stages identification, preservation, analysis and presentation of evidences 2, in this section we will discuss challenges related to each stage separately.
1.1 IoT identification forensics challenges
The first stage of any digital forensic investigation requires the investigator to determine the location of the evidence, what it is format and how it is stored, answer these questions enable the investigator to draw a proper plan for the rest of investigation, following are challenges related to these questions in IoT investigation: –
Due to the design and functional nature of IoT infrastructure, evidences could be anywhere, mainly we could divide the location of evidences to two locations the first is IoT devices and/or IoT cloud provider, and in some special cases evidences could be in other’s IoT devices or cloud like when a sensor detects a motion in neighbor’s house then collect and measure that motion, in first scenario where evidences located in IoT devices