The state of IoT forensics: Trends, challenges, and future research directions

Salmon Oliech Owidi; Elyjoy Muthoni Micheni; Lilian Ronoh Cherotich

doi:10.51867/ajernet.7.2.109

Autores

Salmon Oliech Owidi Tom Mboya University (TMU), Kenya https://orcid.org/0000-0002-0280-9319
Elyjoy Muthoni Micheni Tom Mboya University (TMU), Kenya https://orcid.org/0009-0000-8533-2618
Lilian Ronoh Cherotich Kaimosi Friends University (KAFU), Kenya

DOI:

https://doi.org/10.51867/ajernet.7.2.109

Palavras-chave:

Cybercrime Investigation, Digital Forensics, Evidence Collection, IoT Forensics, IoT Security

Resumo

The Internet of Things (IoT) has experienced exponential growth across healthcare, agriculture, transportation, and manufacturing sectors, with the number of connected devices projected to reach 29 billion by 2030, simultaneously creating new avenues for cybercriminal activities and unprecedented challenges for digital forensic investigators. This paper provides a comprehensive analysis of the current state of IoT forensics, examining the specialized techniques, tools, and methodologies required to extract, analyze, and preserve digital evidence from IoT devices. Through a qualitative synthesis of 29 recent peer-reviewed studies, key impediments to effective IoT forensic investigations uncovered by this review include device diversity, the absence of uniform technical standards, restrictions in device resources, the ephemeral character of data, and unresolved legal and ethical dimensions surrounding privacy and multi-jurisdictional evidence handling. A concrete finding from this review is that only 3 of the 29 examined studies reported any form of empirical validation in real-world IoT environments. This reveals that most existing IoT forensic frameworks remain theoretical rather than applied, with significant gaps in evidence collection and pre-processing methodologies. This paper acknowledges that its recommendations similarly lack empirical validation, reflecting a broader field-wide challenge rather than a limitation unique to any single study. Nevertheless, this paper recommends the development of standardized forensic frameworks incorporating artificial intelligence and blockchain technologies, mandatory forensic readiness in IoT device design, and enhanced cross-disciplinary collaboration between computer scientists, legal experts, and law enforcement agencies.

Downloads

Os dados de download ainda não estão disponíveis.

Referências

Ahmed, A. A., Al-Bakri, K., Al-Othman, A., Gara, A. G., & Abdullah, W. A. (2024). A state-of-the-art review of IoT forensics: Challenges, techniques, and future directions. Sensors, 24(16), 5210. https://doi.org/10.3390/s24165210

Akinbi, A., MacDermott, A., & Ismael, A. M. (2022). A systematic literature review of blockchain-based Internet of Things (IoT) forensic investigation process models. Forensic Science International: Digital Investigation, 42, 301470.

https://doi.org/10.1016/j.fsidi.2022.301470

Alenezi, A., Atlam, H., Alsagri, R., Alassafi, M., & Wills, G. (2019). IoT forensics: A state-of-the-art review, challenges and future directions. In Proceedings of the 4th International Conference on Complexity, Future Information Systems and Risk (COMPLEXIS 2019) (pp. 106-115). Crete, Greece. https://doi.org/10.5220/0007905401060115

Almohlis, N., Alashjaee, A. M., & Haney, M. (2021). Requirements for IoT forensic models: A review. In K. Daimi, H. R. Arabnia, L. Deligiannidis, M. S. Hwang, & F. G. Tinetti (Eds.), Advances in Security, Networks, and Internet of Things (pp. 123-138). Springer. https://doi.org/10.1007/978-3-030-71017-0_25

Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., ... & Yegneswaran, V. (2017). Understanding the Mirai botnet. In Proceedings of the 26th USENIX Security Symposium (pp. 1093-1110).

Atlam, H. F., Hemdan, E. E.-D., Alenezi, A., Alassafi, M. O., & Wills, G. B. (2020). Internet of Things forensics: A review. Internet of Things, 11, 100220. https://doi.org/10.1016/j.iot.2020.100220

Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787-2805.

https://doi.org/10.1016/j.comnet.2010.05.010

Chernyshev, M., Zeadally, S., Baig, Z., & Woodward, A. (2018). Internet of things forensics: The need, process models, and open issues. IT Professional, 20(3), 40-49. https://doi.org/10.1109/MITP.2018.032501747

Conti, M., Dehghantanha, A., Franke, K., & Watson, S. (2018). Internet of Things security and forensics: Challenges and opportunities. Future Generation Computer Systems, 78, 544-546. https://doi.org/10.1016/j.future.2017.07.060

Da Silva De Queiroz, H. J. (2025). Explainable AI in high-stakes forensic decision-making. In AI in Digital Forensics and Cybercrime Investigation (pp. 245-278). IGI Global. https://doi.org/10.4018/979-8-3373-6536-7.ch011

Ding, W., Abdel-Basset, M., Ali, A. M., & Moustafa, N. (2024). A survey of intelligent multimedia forensics for internet of things communications: Approaches, strategies, perspectives, and challenges for a sustainable future. Engineering Applications of Artificial Intelligence, 136, 109234. https://doi.org/10.1016/j.engappai.2024.109451

Fairbanks, J., Arifin, M. M., Afreen, S., & Curtis, A. (2024). Survey and analysis of IoT operating systems: A comparative study on the effectiveness and acquisition time of open-source digital forensics tools. ArXiv Preprint:2407.01474.

Garrett, B. L., & Rudin, C. (2023). Interpretable algorithmic forensics. Proceedings of the National Academy of Sciences, 120(41), e2301842120. https://doi.org/10.1073/pnas.2301842120

Gupta, J., Nayyar, A., & Gupta, P. (2015). Security and privacy issues in internet of things (IoT). International Journal of Research in Computer Science, 2(4), 18-22.

Harbawi, M., & Varol, A. (2017). An improved digital evidence acquisition model for the Internet of Things forensic I: A theoretical framework. In Proceedings of the 2017 5th International Symposium on Digital Forensic and Security (ISDFS) (pp. 1-6). Tirgu Mures, Romania. https://doi.org/10.1109/ISDFS.2017.7916508

Hou, J., Li, Y., Yu, J., & Shi, W. (2019). A survey on digital forensics in Internet of Things. IEEE Internet of Things Journal, 7(1), 1-15. https://doi.org/10.1109/JIOT.2019.2940713

Kaushik, K., Bhardwaj, A., & Dahiya, S. (2024). Unique taxonomy and review of new age smart home IoT forensics tools. Recent Advances in Computer Science and Communications, 19(2). 1-19. DOI: https://doi.org/10.2174/0126662558335096241012163610

Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80-84. https://doi.org/10.1109/MC.2017.201

Kouahla, Z., Benrazek, A. E., Ferrag, M. A., Farou, B., Seridi, H., Kurulay, M., Anjum, A., & Asheralieva, A. (2021). A survey on big IoT data indexing: Potential solutions, recent advancements, and open issues. Future Internet, 14(1), 19.

https://doi.org/10.3390/fi14010019

Kumar, V. S. (2024). In-circuit forensic analysis of IoT memory modules (Doctoral dissertation). Edith Cowan University. https://doi.org/10.25958/3rrf-j702

Kyei, K., Zavarsky, P., Lindskog, D., & Ruhl, R. (2013). A review and comparative study of digital forensic investigation models. In Proceedings of the Digital Forensics and Cyber Crime: 4th International Conference, ICDF2C 2012 (pp. 314-327). Lafayette, IN: Springer. https://doi.org/10.1007/978-3-642-39891-9_20

Le, D.-P., Meng, H., Su, L., Yeo, S. L., & Thing, V. (2018). BIFF: A blockchain-based IoT forensics framework with identity privacy. In Proceedings of the TENCON 2018-2018 IEEE Region 10 Conference (pp. 1234-1239). Jeju, Republic of Korea.

https://doi.org/10.1109/TENCON.2018.8650434

Lorenz, S., Stinehour, S., & Chennamaneni, A. (2026). A case study on the use of Amazon visual ID facial recognition metadata in investigation. Forensic Science International: Digital Investigation, 46, 301700.

https://doi.org/10.1016/j.fsidi.2026.302089

Lutta, P., Sedky, M., Hassan, M., Jayawickrama, U., & Bakhtari Bastaki, B. (2021). The complexity of internet of things forensics: A state-of-the-art review. Forensic Science International: Digital Investigation, 38, 301210.

https://doi.org/10.1016/j.fsidi.2021.301210

Malik, A., Khan, S., & Lee, J. (2024). Federated deepfake detection for smart city IoT networks. IEEE Internet of Things Journal, 11(8), 13456-13468.

Nadir, I., Mahmood, H., & Asadullah, G. (2022). A taxonomy of IoT firmware security and principal firmware analysis techniques. International Journal of Critical Infrastructure Protection, 37, 100552.

https://doi.org/10.1016/j.ijcip.2022.100552

Oriwoh, E., Jazani, D., Epiphaniou, G., & Sant, P. (2013). Internet of things forensics: Challenges and approaches. In Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (pp. 608-615). Austin, TX. https://doi.org/10.4108/icst.collaboratecom.2013.254159

Qureshi, S. U., He, J., Tunio, S., Zhu, N., Nazir, A., Wajahat, A., Ullah, F., & Wadud, A. (2024). Systematic review of deep learning solutions for malware detection and forensic analysis in IoT. Journal of King Saud University - Computer and Information Sciences, 36(8), 102164. https://doi.org/10.1016/j.jksuci.2024.102164

Rao Gudlur, V. V. (2024). Enhanced digital forensic model for securing the Internet of Things. 2024 IEEE 14th Symposium on Computer Applications & Industrial Electronics (ISCAIE), 5-9. https://doi.org/10.1109/ISCAIE61308.2024.10576479

Rao, P., & Krishnan, S. (2024). AI biometric surveillance in public spaces: Legal and ethical challenges. Computer Law & Security Review, 52, 106015.

Rizal, R., Selamat, S. R., Mas'ud, M. Z., & Widiyasono, N. (2025). Enhanced readiness forensic framework for the complexity of Internet of Things (IoT) investigation based on artificial intelligence. Journal of Advanced Research in Applied Sciences and Engineering Technology, 50(1), 121-135.

https://doi.org/10.37934/araset.50.1.121135

Rizvi, S., Scanlon, M., McGibney, J., & Sheppard, J. (2024). Pushing network forensic readiness to the edge: A resource constrained artificial intelligence-based methodology. 2024 Cyber Research Conference - Ireland (Cyber-RCI), 1-8. IEEE. https://doi.org/10.1109/Cyber-RCI60769.2024.10939120

Ross, A., Banerjee, S., & Chowdhury, A. (2020). Security in smart cities: A brief review of digital forensic schemes for biometric data. Pattern Recognition Letters, 138, 346-354. https://doi.org/10.1016/j.patrec.2020.07.009

Sayakkara, A., Le-Khac, N.-A., & Scanlon, M. (2019). A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics. Digital Investigation, 29, 43-54.

https://doi.org/10.1016/j.diin.2019.03.002

Sharma, R., & Gupta, V. (2025). Multi-modal forensic analysis for Internet of Multimedia Things. Forensic Science International: Digital Investigation, 52, 301800.

Shin, D-H., Han, S-J., Kim, Y-B., & Euom, I-C. (2024). Research on digital forensics analyzing heterogeneous Internet of Things incident investigations. Applied Sciences, 14(3), 1128. https://doi.org/10.3390/app14031128

Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E., & Markakis, E. K. (2020). A survey on the internet of things (IoT) forensics: Challenges, approaches, and open issues. IEEE Communications Surveys & Tutorials, 22(2), 1191-1221.

https://doi.org/10.1109/COMST.2019.2962586

Studiawan, H., Sohel, F., & Payne, C. (2019). A survey on forensic investigation of operating system logs. Digital Investigation, 29, 1-20. https://doi.org/10.1016/j.diin.2019.02.005

Surange, G., & Khatri, P. (2021). IoT Forensics: A review on current trends, approaches and foreseen challenges. In Proceedings of the 2021 8th International Conference on Computing for Sustainable Global Development (INDIACom) (pp. 909-913). New Delhi, India.

Susin, R. P., Parizotto, R., Gaspary, L. P., & Schaeffer-Filho, A. E (2024). IoTP4Chain: Leveraging programmable data plane for efficient IoT forensics using blockchain. 2024 IEEE Latin-American Conference on Communications.

https://doi.org/10.1109/NFV-SDN61811.2024.10807486

SWGDE. (2024). Best Practices for Internet of Things Seizure and Analysis (23-F-003-1.0). Scientific Working Group on Digital Evidence (pp77-79)

Yadav, P., Feraudo, A., Arief, B., Shahandashti, S. F., & Vassilakis, V. G. (2020). Position paper: A systematic framework for categorising IoT device fingerprinting mechanisms. In Proceedings of the 2nd International Workshop on Challenges in Artificial Intelligence and Machine Learning for Internet of Things (pp. 62-68). New York, NY: Association for Computing Machinery. https://doi.org/10.1145/3417313.3429384

Yousefnezhad, N., Malhi, A., & Framling, K. (2021). Automated IoT device identification based on full packet information using real-time network traffic. Sensors, 21(8), 2660. https://doi.org/10.3390/s21082660

Zia, T., Liu, P., & Han, W. (2017). Application-specific digital forensics investigative model in internet of things (IoT). In Proceedings of the 12th International Conference on Availability, Reliability and Security (pp. 1-7). Reggio Calabria, Italy: Association for Computing Machinery. https://doi.org/10.1145/3098954.3104052