FIF-IoT: A Forensic Investigation Framework for IoT Using a Public Digital Ledger

The increased deployment of Internet of Things (IoT) devices will make them targets for attacks. IoT devices can also be used as tools for committing crimes. In this regard, we propose FIF-IoT-a forensic investigation framework using a public digital ledger to find facts in criminal incidents in IoT-based systems. FIF-IoT collects interactions that take place among various IoT entities (clouds, users, and IoT devices) as evidence and store them securely as transactions in a public, distributed and decentralized blockchain network which is similar to the Bitcoin network. Hence, FIF-IoT eliminates a single entity's control over the evidence storage, avoids single-point-of-failure on the storage media, and ensures high availability of evidence. FIF-IoT presents a framework that ensures integrity, confidentiality, anonymity, and non-repudiation of the evidence stored in the public digital ledger. Furthermore, FIF-IoT provides a mechanism to acquire evidence from the ledger and to verify the integrity of the obtained evidence. We present a case study of a forensic investigation to demonstrate that FIF-IoT is secure against evidence tampering. We also implement a prototype to evaluate the performance of FIF-IoT.