| IoT devices are increasingly applied to the smart home environment,which not only brings convenience to people's lives,but also brings opportunities for digital forensic investigations.The rich digital traces in the smart home environment can restore the attacked incidents,which plays an important role in digital forensics investigation.However,the diversity and heterogeneity of devices in the smart home environment lead to heterogeneous data and the difficulty in precise and complete evidence location.The current digital forensics models are insufficient in the smart home environment.This thesis studies the key issues of digital forensics in the smart home environment.The main work includes the following three parts.First,in view of the lack of forensic model in smart home environment,this thesis designs an IoT forensics model for smart home by analyzing the characteristics of the smart home environment.Considering the diversity of attack methods in the smart home environment and the multi-layer feature of forensics,this thesis adopts multi-angle evidence identification strategies and multi-round evidence identification process based on iterative were presented to enhance the completeness and accuracy of evidence identification.Then uniformly represent the data with heterogeneous formats.On the basis of the unified representation of evidence,abstract the forensic model is used to share the knowledge of forensics.In addition,the integrity of evidence is verified during the forensics process to establish a complete chain of custody.Finally,compared with the existing IoT forensics model to demonstrate the advantages of the model.Second,Aiming at the problem of heterogeneous data in the evidence analysis phase in the smart home environment,this thesis proposes an ontology-based evidence representation method in smart home environment.By analyzing the characteristics of electronic data in the smart home environment,the evidence is divided into three categories,device class,cloud class and network class,and then the attributes of each evidence are determined to realize the standardized unified representation of heterogeneous data from multiple source.This method solves the problem of heterogeneous evidence data,so that it can be exchanged and shared in a unified format among relevant personnel,such as forensics investigations,for comprehensive analysis of evidence.Third,this thesis uses the data set released by the DFRWS 2018-2019 Forensics Challenge to analyze the case of smart home forensics.This thesis implements a file parser in the equipment evidence analysis,which can parse the log file of the alarm system.Unified presentation of evidence data after evidence analysis is completed.The event timeline is automatically generated by parsed the unified representation of the evidence file,which verifies the feasibility of the evidence representation method proposed in this thesis. |
PDF Full Text Request