Digital forensics is the branch of forensic sciences that deals with the analysis and examination of evidence obtained from digital devices. With the advent of "healthcare 4.0" and medical IoT wearables and devices, digital forensics will increasingly have to deal with medical equipment and devices. These new sources of digital evidence pose new challenges to the forensic examiners: a wide range of devices, from simple wearables that gather health-related signals, to implanted devices, robots that perform surgery, and complex imaging machinery, they are all potential sources of digital evidence. The data structures used by these systems to store information, and the protocols that they use to communicate are not always documented, occasionally forcing an examiner to reverse engineer the meaning behind the raw bytes found in the storage media or network dumps. Finally, devices used in healthcare use a variety of operating systems, some common but customized by the manufacturer, and some nice and relatively unknown. The systems software can potentially be and older, unmaintained version, which was certified in the past, and cannot be updated. To understand the data and information extracted from these devices and equipment, the digital forensics expert will need the aid of medical experts and could also potentially require help from engineers and technicians that know the inner workings, mechanisms, and physical, chemical, and biological phenomena that come into play in their operation and use. It is thus necessary to work on updating and adapting the existing guidelines for digital forensics analysts and incident responders to consider the specific issues they will encounter when working on medical devices and equipment. In this work we propose a starting point and considerations that can help lay the groundwork needed and lay the path forward for future work.
