Figure 2 - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
Source publication
Due to recent developments in IT technology, various IoT devices have been developed for use in various environments, such as card smart TVs, and smartphones Communication between IoT devices has become possible. Various IoT devices are found in homes and in daily life, and IoT technologies are being combined with vehicles, power, and wearables, am...
Contexts in source publication
Context 1
... we conducted a metadata analysis and file extraction for the file system. Figure 2 shows the system-layer structures of JFFS2 and UBIFS. JFFS2 operates on memory technology device (MTD) devices, but UBIFS operates on UBI volumes and only on raw flash memory. ...
Context 2
... could then follow the branch of the indexing node to observe the directory entry and inode of the files and folders in that directory. Figure 20 shows the directory entry and inode, which can be distinguished by the node type value. By searching for the inode number of the file, the file data node could be found. ...
Context 3
... unlike JFFS2, UBIFS applied compression and encryption in the data area, which made it difficult to extract the files. Figure 22 shows the data of the dcu.tar file and the data node of this file stored in the UBIFS. It can be seen that these data differed from existing data owing to the encryption and compression of the UBIFS. ...
Context 4
... a partition dump was applied in the present study. Figure 25 shows the inode and dirent node of the test2.txt file. ...
Context 5
... The left side of Figure 25 shows that the version was 0x04 with data prior to the deletion of the file, and the right side shows that the version changed to 0x05 with data after the file was deleted. Therefore, when analyzing the JFFS2 file system, if a deleted file with only a dirent node was found, a search for the inode prior to the file deletion could be conducted, and the deleted file could be recovered. ...
Similar publications
The geological data of the mineral resource potential evaluation results (MRPERs) are diverse and extremely large; efficiently retrieving data remains a challenging problem. In this work, a new way of using the Hadoop platform is proposed. The Hadoop distributed file system is used to store the massive data and construct the data storage model of g...
Citations
... Most of the smart home forensic studies conducted thus far have focused on IoT devices and smartphones such as AI speakers and smartwatches [22][23][24][25][26][27][28]. These studies have analyzed the data generated by IoT devices and smartphone applications in detail, which is meaningful in that it is a forensic methodology that can respond when a new device is released. ...
The smart home platform communicates with internet of things(IoT) devices, smartphones, and cloud servers to provide convenient services, storing user information and device operation and user behavior-related data. This data is crucial for criminal investigations, highlighting the importance of smart home forensics. Currently, advanced software and hardware technologies continue to be developed in the smart home market, and based on this, companies are releasing new services and devices. Therefore, scalable platform-oriented forensic research is needed for efficient digital investigation. This study identifies the components and structures of smart homes to derive a common architecture representing various environments. It proposes a three-stage smart home forensics framework: analyzing application functions to infer data, extracting and analyzing data from devices, and identifying data useful for criminal investigations. Its applicability is demonstrated with Samsung SmartThings and Xiaomi Mi Home platform testbeds.
... The CyberDevice often form entire closely interacting cyber-physical information systems. One of the ways to ensure security is the static analysis of such information systems and their devices [13,14], which are subject to attacks or in which the carriers of malicious actions themselves [15] operate. ...
This work solves the problem of identification of the machine code architecture in cyberphysical devices. A basic systematization of the Executable and Linkable Format and Portable Executable formats of programs, as well as the analysis mechanisms used and the goals achieved, is made. An ontological model of the subject area is constructed, introducing the basic concepts and their relationships. The specificity of the machine code is analyzed, and an analytical record of the process of identifying the architecture of the machine code (MC) processor is obtained. A method for identifying the MC architecture has been synthesized, which includes three successive phases: unpacking the OS image (for a set of identified architectures); building signatures of architectures (their “digital portraits” from the position of MC instructions); identification of the MC architecture for the program under test (using the collected architecture signatures), implemented using four operating modes. A software tool for identifying the MC architecture has been developed in the form of a separate utility that implements the algorithms of the method. The principle of operation of the utility is presented in the form of functional and informational diagrams. Basic testing of the identification utility has been conducted. As a result, a probabilistic assessment of the utility’s work was obtained by assigning various programs to the Top-16 selected architectures.
... Finally, in [12] the forensic study targets Linux-Compatible platforms, specifically Tizen and Linux. Similarly to the approach followed in the previous research, the authors examine several characteristics of the file systems used, such as the metadata, type, size, files, and folders in it. ...
The number of cyber incidents in which the Internet of Things (IoT) device or system is present is increasing every day, requiring the opening of forensic investigations that can shed light on what has occurred. In order to be able to provide investigators with proper solutions for performing complete and efficient examinations in this new environment, IoT systems and devices are being studied from a forensic perspective so that tools and procedures can be designed accordingly. In this article, besides reviewing the proposals from the community on this matter, the multi-purpose IoT operating system Ubuntu Core is studied to determine in what way a forensic investigation of this system should be performed, detailing how to approach the acquisition and analysis phases. In addition, both the volatile and non-volatile artifacts that might hold useful information are listed and described, and a forensic tool is presented for their recovery as well as for the acquisition of the non-volatile memory.
