Transcription
Internet of Things (IoT)Forensics3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
Keith Cottenden CISSPHead of Digital Forensics and Incident Response and a Certified InformationSystems Security Professional with 3B Data Security. Responsible foroverseeing PCI Forensic Investigations and Incident Response; addressing andmanaging the aftermath of a security breach or cyberattack.Prior to this appointment, Technical Director at CYFOR for 15 years;responsible for directing all digital forensic operations within the company;providing specialist knowledge of information technology investigativetechniques and dealing with complex evidential and legal issues, instructinginvestigating officers and counsel as appropriate; ensuring evidencecontinuity, evidential integrity and admissibility of any recovered evidence ina manner acceptable to a Court of Law.Previously, Counter Intelligence Investigator in the Royal Air Force Police for22 years.3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
OverviewThe objective of traditionaldigital forensics is to identify,preserve, collect, analyse,interpret and present digitalevidence, collected from variousmediums, in a cyber relatedincident; the exponential growthof IoT devices and the increasingnumber of cyber securityincidents has given birth to theterm IoT forensics and theresulting challenges.3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
DigitalForensics“Digital Forensics is the use ofscientifically derived and provenmethods toward the preservation,collection, validation, identification,analysis, interpretation, documentationand presentation of digital evidencederived from digital sources for thepurpose of facilitating or furthering thereconstruction of events found to becriminal, or helping to anticipateunauthorized actions shown to bedisruptive to planned operations.”Palmer G. A road map for digital forensic research. Technical Report DTR-T0010-01, DFRWS, November2001. Report from the First Digital Forensic Research Workshop (DFRWS).3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
Internet of ThingsThe term Internet of Things generally refers toeverything other than a computer or mobiledevice that could connect to the Internet.But where does the line get drawn?3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
IoT Devices Smart TV’s; smart speakers Home automation, CCTV, air conditioning, lighting, smart meters, locks Commercial security systems Wireless Sensor Networks (WSN) Use of mobile phones to interact with the real world (e.g. sensing) Devices that connect via Bluetooth enabled mobile phones to the Internet Connected Cars RFID enabled tracking Low power embedded systems Wearables3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
IoT devices generate andretain data artefacts that canbe critical to a forensicinvestigation.3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
When compared to the standarddigital forensic techniques, IoTforensics portrays multiplechallenges depending on theversatility and complexity of theIoT devices.3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
Variance of IoT devices; Proprietary hardware and software; Data present across multiple devices andplatforms;Challenges Data can be updated, modified, or lost; Data location, stored on cloud or a differentjurisdiction; Data format; Limitation of storage space; big data; IoT devices not supported by current digitalforensic software.3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
Develop a method in which data can beacquired and utilised in the analysis offorensic investigations while stillconsidering laws and procedures that arecurrently in place.ApproachPotential sources of evidence include: Smart devices and sensors; Hardware and Software; External resources.3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
ConclusionMost IoT devices come with noinbuilt security features and thereis a requirement for moreresearch into IoT devices security,IoT forensic readiness, and aforensic framework for IoT device.3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
Case Study - MedicalDevices BluetoothWindowsCloudEthernetWireless Keyboards3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
Default, weak, and hardcoded credentials Difficult to update firmware and OS Lack of vendor support and interestIoTVulnerabilities Vulnerable web interfaces (SQL injection, XSS) Coding errors (buffer overflow) Clear text protocols and open ports DoS / DDoS Theft and tampering3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
Finally:https://www.shodan.io/3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
FORENSICS AND INCIDENT RESPONSE SERVICESForensics & Incident Response (Forensics)Forensics & Incident Response (IR)Digital Forensic InvestigationsIncident Response, Breach &Data Compromise InvestigationsIP Theft / Computer Misuse / HarassmentPCI Forensic Investigator (PFI)Data Recovery / Secure DestructionIR Workshops & PlanningMobile Phone InvestigationsIR First Responder & Breach Prevention TrainingCardholder & PII Data DiscoveryIR Policy Planning & Playbook CreationLitigation Support & eDiscovery AssistanceIR Table-Top ExercisesCyber Liability / Insurance MarketsIR Data Compromise Assessments3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
3B DATA SECURITYKEITH COT TENDEN3B DATA SECURITYKEITH.COT TENDEN@3BDATASECURITY.COM3B DATA SECURITYTELEPHONE: 01223 298 333 EMAIL: INFO@3BDATASECURITY.COM WEB: WWW.3BDATASECURITY.COM
Digital Forensics “Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital
