Crime Scene Reconstruction in IoT Forensics

What is it about?

This paper talks about how to investigate crimes or security incidents in smart homes that use Internet of Things (IoT) devices, like smart lights or sensors. Normally, investigators look at the devices' and apps' code to find clues, but new platforms like SmartThings do not let people access that code anymore. To solve this problem, the authors created a system called ForenThings. It turns each smart device and app into a kind of “witness” that can share what it saw or did. Instead of reading the devices' or apps' code, ForenThings looks at the events and messages sent between devices to figure out what happened. ForenThings is built and tested on SmartThings and found that it could fully recreate what happened in both normal use and real attack situations, without slowing down the system or using too many resources.

Featured Image

Photo by BENCE BOROS on Unsplash

Photo by BENCE BOROS on Unsplash

Why is it important?

This work is important because it provides a new way to conduct digital forensics in modern IoT environments where access to code is no longer possible. Unlike previous methods that depend on static code analysis, ForenThings enables devices and smart apps themselves to assist in investigations by reporting event data directly. This approach makes forensic analysis more practical and reliable for today’s cloud-based smart home platforms, helping security experts accurately reconstruct incidents and improve IoT safety overall.