Advanced digital forensics and anti-digital forensics for IoT systems: Techniques, limitations and recommendations

Recently, the number of cyber attacks against IoT domains has increased tremendously. This resulted into both human and financial losses at all IoT levels especially individual and organization levels. Recently, cyber-criminals have kept on leveraging new skills and capabilities by conducting anti-forensics activities and employing techniques and tools to cover their tracks to evade any possible detection of the attack's events, which has targeted either the IoT system or/and its component(s). Consequently, IoT cyber-attacks are becoming more efficient and more sophisticated with higher risks and threat levels based on their more frequent likelihood to occur and their impact. However, traditional security and forensics solutions are no longer enough to prevent nor investigate such cyber attacks, especially in terms of acquiring evidence for attack investigation. Hence, the need for well-defined, sophisticated, and advanced forensics investigation techniques is highly required to prevent anti-forensics techniques and track down cyber criminals. This paper reviews the different forensics and anti-forensics methods that can be applied in the IoT domain including tools, techniques, types, and challenges, while also discussing the rise of the anti-anti-forensics as a new forensics protection mechanism against anti-forensics activities. This would help forensics investigators to better understand the different anti-forensics tools, methods and techniques that cyber criminals employ while launching their attacks. Moreover, the limitations of the current forensics techniques are discussed, especially in terms of issues and challenges. Finally, this paper presents a holistic view from a literature point of view over the forensics domain in general and for IoT in particular.