The Internet of Things (IoT) smart devices have been used widely in several applications such as healthcare, education, environment, transportation, smart city, etc. These objects are resource-constrained devices which involve lacks regarding security and may lead to cyber-crime. Therefore, the IoT devices may contain evidence that are considered as an important need to investigators and can be admitted in courts. To tackle this problem most current research focuses on security issues for different IoT architectures rather than approaches and techniques of forensic acquisition and analysis for IoT objects. In this paper, we propose a new Digital Forensics Investigation Model for IoT (DFIM). The DFIM has two main components: The Data Provider Zone (DPZ) which responsible for grouping all data gathered by sensor nodes into a set of groups, where each group contains data or documents related to each other, and the investigation authority which receives the requests from the claimers for investigation, check the validation of the request, and finally select the appropriate investigators. In order to improve the IoT forensics investigation process, the proposed DFIM consists of seven stages and takes into consideration a set of principles such as security, privacy accuracy, performance, data reduction, Openness and transparency.
展开▼