Back to Projects

Forensic Analysis Framework for Securing Consumer Internet of Things Devices: Identifying Vulnerabilities and Improving Evidence Collection.

Personal Completed
Summary
This master's thesis addresses the critical shortage of standardized digital forensic methodologies in the rapidly expanding consumer Internet of Things (IoT) ecosystem. Employing a socio-technical approach, the research identifies prevalent security gaps across IoT device hardware, firmware, network protocols, and applications. The core outcome is a novel, layered forensic analysis framework designed to bridge the gap between technical vulnerability assessments and the legal challenges.

The Problem: Traditional digital forensics rely on static data sources like PCs and centralized servers. Consumer IoT devices operate on highly fragmented architectures, proprietary operating systems (e.g., FreeRTOS, Zephyr), volatile storage, and asynchronous clocks. This creates a high risk of evidence loss or manipulation, rendering standard incident investigation techniques ineffective.

  • The Innovation: To overcome these barriers, a multi-layered forensic framework was developed:

    a. Vulnerability Classification and Mapping Layer: Systematically maps device, firmware, network, and application vulnerabilities directly to specific forensic artifacts and risk profiles.

    b. Forensic Readiness and Procedural Guidance Layer: Implements standard-compliant pre-incident readiness and post-incident response protocols—such as network quarantine, volatile data isolation via RAM/JTAG capture, and secure storage utilizing Write Once and Read Many (WORM) disks or AFF4 containers to preserve the chain of custody.

    c. User Awareness and Engagement Layer: Transforms forensic readiness into a socio-technical process by introducing educational microlearning modules, interactive device checklists, and clear incident management guidelines for everyday consumers.

     

  • Real-World Application Scenarios: The flexibility and scalability of the framework were validated against realistic compromise simulations, including unauthorized smart camera access, smart lock Bluetooth/API exploitation, and botnet-driven baby monitor hijacking.
Tech Stack

Research Frameworks & Methodologies: Design Science Research (DSR) , Mixed-Methods Research Design , Systematic Literature Review (utilizing PRISMA guidelines) , and Primary Quantitative User Surveys.

  • Core Technical Domains: Cyber-Physical Systems Security (CPSS) , Network Isolation Architecture (VLANs, MAC Filtering) , Wireless & Messaging Protocols (MQTT, CoAP, Bluetooth, TLS) , and Operating Systems (FreeRTOS, Zephyr).

  • Forensic Software & Extraction Techniques: Forensic Tool Kit (FTK) Imager , Binwalk , Live Volatile Memory Capture (RAM via physical/JTAG/UART methods).

  • Artifacts & Controls: Mobile UI/UX Wireframes/Mockups (IoT Forensics Assistant companion application) , Incident Action Cards , Regional Compliance Matrices (GDPR, CCPA, and PIPEDA compliance tracking) , and Secure Evidence Storage Formats (WORM disks, AFF4 forensic containers).

Links & Documents
Download PDF
Previous: Offline-First Android POS System Next: Data Privacy and Public Surveillance: …