The never-before-seen proliferation of interconnected low-power computing devices, patently dubbed the Internet of Things (IoT), is revolutionizing how people, organizations, and malicious actors interact with one another and the Internet. Many of these devices collect data in different forms, be it audio, location data, or user commands. In civil or criminal nature investigations, the data collected can act as evidence for the prosecution or the defense. This data can also be used as a component of cybersecurity efforts. When data is extracted from these devices, investigators are expected to do so using proven methods. Still, unfortunately, given the heterogeneity in the types of devices that need to be examined, few widely agreed-upon standards exist. In this paper, we look at some of the architectures, current frameworks, and methods available to perform forensic analysis of IoT devices to provide a roadmap for investigators and researchers to form the basis of an investigation.


Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications.

IEEE Communications Surveys & Tutorials , 17 (4), 2347-2376. Retrieved

from https://doi.org/10.1109/COMST.2015.2444095

Al-Masri, E., Bai, Y., & Li, J. (2018). A fog-based digital forensics investigation framework for iot systems. In 2018 ieee international conference on smart cloud (smartcloud). IEEE. Retrieved from https://doi.org/10.1109/SmartCloud.2018.00040

Al-Sadi, M. B., Chen, L., & Haddad, R. J. (2018). Internet of things digital forensic investigation using open source gears. In Southeastcon 2018. Retrieved from https://doi.org/10.1109/SECON.2018.8479042

Atlam, H. F., El-Din Hemdan, E., Alenezi, A., Alassafi, M. O., & Wills, G. B. (2020). Internet of things forensics: A review. Internet of Things , 11 , 100220. Retrieved from https://www.sciencedirect.com/science/article/pii/S2542660520300536 doi: https://doi.org/10.1016/j.iot.2020.100220

Awad, R. A., Beztchi, S., Smith, J. M., Lyles, B., & Prowell, S. (2018). Tools, techniques, and methodologies. Proceedings of the 4th Annual Industrial Control System Security Workshop on -

ICSS ’18 , 4 . Retrieved from https://doi.org/10.1145/3295453.3295454

Chernyshev, M., Zeadally, S., Baig, Z., & Woodward, A. (2018). Internet of things forensics: The need, process models, and open issues. IT Professional , 20 (3), 4049. Retrieved from https://doi.org/10.1109/mitp.2018.032501747

Chhabra, G. S., Singh, V. P., & Singh, M. (2018). Cyber forensics framework for big data analytics in iot environment using machine learning. Multimedia Tools and Applications , 79 (23-24), 1588115900. Retrieved from https://doi.org/10.1007/s11042-018-6338-1

Chung, H., Park, J., & Lee, S. (2017). Digital forensic approaches for amazon alexa ecosystem. Digital Investigation, 22, S15-S25. Retrieved from http://dx.doi.org/10.1016/j.diin.2017.06.010 doi:10.1016/j.diin.2017.06.010

D’Onfro, J. (2018, Dec). Google’s small hardware business is shaping up, could book $20 billion in sales by 2021, rbc says. CNBC. Retrieved from https://www.cnbc.com/2018/12/21/google-hardware-revenue-profit-potential-rbc-analyst-mark-mahaney.html

Dorai, G., Houshmand, S., & Aggarwal, S. (2020). Data extraction and forensic analysis for smartphone paired wearables and iot devices. HICSS. Retrieved from http://dx.doi.org/10.24251/HICSS.2020.172

Dorai, G., Houshmand, S., & Baggili, I. .(2018). August 27). i know what you did last summer. Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES . Retrieved from http://dx.doi.org/10.1145/3230833.3232814 doi: 10.1145/3230833.3232814

Eden, P., Blyth, A., Jones, K., Soulsby, H., Burnap, P., Cherdantseva, Y., & Stoddart, K. (2017). Scada system forensic analysis within iiot. 73101: Springer Series in Advanced Manufacturing Cybersecurity for Industry 4.0. Retrieved from https://doi.org/10.1007/978-3-319-50660-9_4

Guth, J., Breitenbucher, U., Falkenthal, M., Leymann, F., & Reinfurt, L. (2016). Comparison of iot platform architectures: A field study based on a reference architecture. Cloudification of the Internet of Things (CIoT), 2016 . Retrieved from https://doi.org/10.1109/CIOT.2016.7872918

Gmez, J. M. C., Gmez, J. R., Mondjar, J. C., & Martnez, J. L. M. (2019). Non-volatile memory forensic analysis in windows 10 iot core. Entropy , 21 (12), 1141. Retrieved from https://doi.org/10.3390/e21121141

Hossain, M., Karim, Y., & Hasan, R. (2018). Fif-iot: A forensic investigation framework for iot using a public digital ledger. IEEE International Congress on Internet of Things (ICIOT), 2018 . Retrieved from https://doi.org/10.1109/iciot.2018.00012

Huang, C., Lu, R., & Choo, K.-K. R. (2017). Vehicular fog computing: Architecture, use case, and security and forensic challenges. IEEE Communications Magazine, 55 (11), 105111. Retrieved from https://doi.org/10.1109/mcom.2017.1700322

Jacobs, D., Choo, K.-K. R., Kechadi, M.-T., & Le-Khac, N.-A. (2017). Volkswagen car entertainment system forensics. IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Retrieved from https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.302

Jahankhani, H., & Ibarra, J. (2019). Digital forensic investigation for the internet of medical things (iomt). Journal of Forensic, Legal & Investigative Sciences ,5 (2), 1-6. Retrieved from https://doi.org/10.24966/flis-733x/100029

Kebande, V. R., Ikuesan, R. A., Karie, N. M., Alawadi, S., Choo, K.-K. R., & Al-Dhaqm, A. (2020). Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (eco) in iot environments. Forensic Science International: Reports , 2 (10012), 2. Retrieved from https://doi.org/10.1016/j.fsir.2020.100122

Kebande, V. R., Karie, N. M., Michael, A., Malapane, S., Kigwana, I., Venter, H., & Wario, R. D. (2018). Towards an integrated digital forensic investigation framework for an iot-based ecosystem. IEEE International Conference on Smart Internet of Things (SmartIoT), 2018 . Retrieved from https://doi.org/10.1109/smartiot.2018.00-19

Kebande, V. R., & Ray, I. (2016). A generic digital forensic investigation framework for internet of things (iot). IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), 2016 . Retrieved from https://doi.org/10.1109/FiCloud.2016.57

Koroniotis, N., Moustafa, N., & Sitnikova, E. (2020). A new network forensic framework based on deep learning for internet of things networks: A particle deep framework. Future Generation Computer Systems , 110 , 91106. Retrieved from https://doi.org/10.1016/j.future.2020.03.042

Kumar, G., Saha, R., Lal, C., & Conti, M. (2021). Internet-of-forensic (iof): A blockchain based figital forensics framework for iot applications. Future Generation Computer Systems , 120 , 13-25. Retrieved from https://www.sciencedirect.com/science/article/pii/S0167739X21000686 doi: https://doi.org/10.1016/j.future.2021.02.016

Lacroix, J., El-Khatlib, K., & Akalu, R. (2016). Vehicular digital forensics: What does my vehicle know about me? DIVANet ’16: Proceedings of the 6th ACM Symposium on Development and Analysis of Intelligent Vehicular Networks and Applications , 10 , 1145. Retrieved from https://doi.org/10.1145/2989275.2989282

Le, D.-P., Meng, H., Su, L., Yeo, S. L., & Thing, V. (2018). Biff: A blockchain-based iot forensics framework with identity privacy. TENCON IEEE Region Conference, 10 , 2018-2018. Retrieved from https://doi.org/10.1109/tencon.2018.8650434

Liu, J., Sasaki, R., & Uehara, T. (2020). Towards a holistic approach to medical iot forensics. IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), 10 , 1109. Retrieved from https://doi.org/DOI10.1109/QRS-C51114.2020.00121

Mansor, H., Markantonakis, K., Akram, R. N., Mayes, K., & Gurulian, I. (2017). Log your car: The non-invasive vehicle forensics. IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Retrieved from https://doi.org/10.1109/TrustCom.2016.0164

Maras, M.-H. (2015). Internet of things: security and privacy implications. International Data Privacy Law , 5 (2), 99104. Retrieved from https://doi.org/10.1093/idpl/ipv004

Mrabet, H., Belguith, S., Alhomoud, A., & Jemai, A. (2020). A survey of iot security based on a layered architecture of sensing and data analysis. Sensors (Basel, Switzerland), 20 (13), 3625. Retrieved from https://doi.org/10.3390/s20133625

Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. to (Tech. Rep.). Nakamoto Institute. Retrieved from https://nakamotoinstitute.org/bitcoin/

Newman, L. . (2020, November). November 06). Out of Nowhere, Amazon Is Releasing a Speaker That’s Also an Always-On Personal Assistant , 9 . Retrieved from https://slate.com/technology/2014/11/amazon-echo-is-an-always-on-personal-assistant-that-s-also-a-speaker.html

Oriwoh, E., Jazani, D., & Epiphaniou, S., G. (2013). Internet of things forensics: Challenges and approaches. In Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing. Retrieved from https://doi.org/10.4108/icst.collaboratecom.2013.254159

Pawlaszczyk, D., Friese, J., & Hummert, C. (2019). Alexa, tell me - a forensic examination of the amazon echo dot 3 rd generation. International Journal of Computer Sciences and Engineering , 7 (11), 20-29. Retrieved from http://dx.doi.org/10.26438/ijcse/v7i11.2029 doi: 10.26438/ijcse/v7i11.2029

Peppet, S. R. (2014). Regulating the internet of things: First steps toward managing discrimination, privacy, security, and consent. Texas Law Review , 93 (85), 85176. Retrieved from https://scholar.law.colorado.edu/articles/83/

Ryu, J. H., Sharma, P. K., Jo, J. H., & Park, J. H. (2019). A blockchain-based decentralized efficient investigation framework for iot digital forensics. The Journal of Supercomputing , 75 (8), 43724387. Retrieved from https://doi.org/10.1007/s11227-019-02779-9

Sayakkara, A., Le-Khac, N.-A., & Scanlon, M. (2019). Leveraging electromagnetic side-channel analysis for the investigation of iot devices. Digital Investigation, 29 . Retrieved from https://doi.org/10.1016/j.diin.2019.04.012

Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E., & Markakis, E. K. (2020). A survey on the internet of things (iot) forensics: Challenges, approaches, and open issues. IEEE Communications Surveys & Tutorials , 22 (2), 11911221. Retrieved from https://doi.org/10.1109/comst.2019.2962586

Torabi, S., Bou-Harb, E., Assi, C., & Debbabi, M. (2020). A scalable platform for enabling the forensic investigation of exploited iot devices and their generated unsolicited activities. Forensic Science International: Digital Investigation,32 (30092), 2. Retrieved from https://doi.org/10.1016/j.fsidi.2020.300922

Venkauskas, A., Toldinas, J., Grigalinas, ., Damaeviius, R., & Jusas, V. (2015). Suitability of the digital forensic tools for investigation of cyber crime in the internet of things and services. Proceedings of The 3rd International Virtual Research Conference In Technical Disciplines , 3 . Retrieved from http://dx.doi.org/10.18638/rcitd.2015.3.1.67 doi: 10.18638/rcitd.2015.3.1.67

Watson, S., & Dehghantanha, A. (2016). Digital forensics: the missing piece of the internet of things promise. Computer Fraud & Security , 2016 (6), 58. Retrieved from https://doi.org/10.1016/s1361-3723(15)30045-2

Weber, R. H. (2010). Internet of things - new security and privacy challenges. Computer Law & Security Review , 26 (1), 23-30. Retrieved from https://doi.org/10.1016/j.clsr.2009.11.008

Widiyasono, N., Putra, I. K. G. D., Giriantari, I. A. D., & Sudarma, M. (2019). Iot forensic: Optimizing raspberry pi for investigation on the smart home network. IOP Conference Series: Materials Science and Engineering , 550 , 012019. Retrieved from https://doi.org/10.1088/1757-899x/550/1/012019

Yaqoob, I., Hashem, I. A. T., Ahmed, A., Kazmi, S. A., & Hong, C. S. (2019). Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges. Future Generation Computer Systems , 92 , 265-275. Retrieved from https://doi.org/10.1016/j.future.2018.09.058

Yazdinejad, A., Parizi, R. M., Dehghantanha, A., Zhang, Q., & Choo, K. R. (2020). An energy-efficient sdn controller architecture for iot networks with blockchain-based security. IEEE Transactions on Services Computing , 13 (4), 625-638. Retrieved from https://doi.org/10.1109/TSC.2020.2966970 doi: 10.1109/tsc.2020.2966970

Yoon, Y. H., & Karabiyik, U. (2020). Forensic analysis of fitbit versa 2 data on android. Electronics , 9 (9), 1431. Retrieved from https://doi.org/10.3390/electronics9091431

Zawoad, S., & Hasan, R. (2015). In Faiot: Towards building a forensics aware eco system for the internet of things. 2015 IEEE International Conference on Services Computing. Retrieved from https://doi.org/10.1109/SCC.2015.46

Zhang, X., Upton, O., Beebe, N. L., & Choo, K.-K. R. (2020). Iot botnet forensics: A comprehensive digital forensic case study on mirai botnet servers. Forensic Science International: Digital Investigation, 32 (30092), 6. Retrieved from https://doi.org/10.1016/j.fsidi.2020.300926

Zhong, C.-L., Zhu, Z., & Huang, R.-G. (2015). In Study on the iot architecture and gateway technology. 2015 14th International Symposium on Distributed Computing and Applications for Business Engineering and Science (DCABES). Retrieved from https://doi.org/10.1109/DCABES.2015.56

Zhou, L., Hu, Y., & Makris, Y. (2020). A hardware-based architecture-neutral framework for real- time iot workload forensics. IEEE Transactions on Computers , 1 , 1-1. Retrieved from https://doi.org/10.1109/tc.2020.3000237



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.