Content uploaded by Norman Nelufule
Author content
All content in this area was uploaded by Norman Nelufule on Apr 01, 2024
Content may be subject to copyright.
An Adaptive Digital Forensic Framework for the
Evolving Digital Landscape in Industry 4.0 and 5.0
Norman Nelufule
Council for Scientific and Industrial
Research (CSIR)
Defense and Security Cluster
Information and Cybersecurity Center
Pretoria, South Africa
nnelufule@csir.co.za
Daniel Shadung
Council for Scientific and Industrial
Research (CSIR)
Defense and Security Cluster
Information and Cybersecurity Center
Pretoria, South Africa
dshadung@csir.co.za
Tanita Singano
Council for Scientific and Industrial
Research (CSIR)
Defence and Security Cluster
Information and Cybersecurity Centre
Pretoria, South Africa
zsingano@csir.co.za
Boitumelo Nkwe
Council for Scientific and Industrial
Research (CSIR)
Defense and Security Cluster
Information and Cybersecurity Center
Pretoria, South Africa
bnkwe@csir.co.za
Kele Masemola
Council for Scientific and Industrial
Research (CSIR)
Defence and Security Cluster
Information and Cybersecurity Centre
Pretoria, South Africa
kmasemola1@csir.co.za
Japhtalina Mokoena
Council for Scientific and Industrial
Research (CSIR)
Defense and Security Cluster
Information and Cybersecurity Center
Pretoria, South Africa
cmokoena@csir.co.za
Abstract: Digital forensics is one of the most challenging
disciplines in the field of cybercriminals. This article examines
the evolving landscape of digital forensic investigations,
identifies the unique challenges posed by emerging technologies
such as Industry 4.0, and outlines a comprehensive approach not
only to confront these challenges, but also to pave the way for a
seamless transition to Industry 5.0. The proposed framework
focuses on the development of an adaptive digital investigation
framework customized for the evolving digital landscape in
emerging technology environments. The framework combines
dynamic evidence collection techniques, advanced analytics
technologies, and multi-stakeholder collaborative engagement
to ensure the fidelity and admissibility of the collected digital
evidence. The analysis of the proposed framework has been
discussed in detail using real-life case studies to ensure that the
framework can be implemented and deployed in real-life
scenarios.
Keywords: Digital Forensics, Industry 4.0, Industry 5.0,
Cyber-Physical Systems, Internet of Things, Investigation
Methodologies, Industrial Revolution, Technological Evolution.
I. INTRODUCTION
The rapid development of digital technology and the
growing interconnectivity of devices have created an ever-
evolving digital landscape. This landscape is characterized by
an increasing volume and complexity of data, making it
increasingly difficult to conduct digital forensic investigations
[1], [2]. Traditional digital forensics technologies are often
insufficient to respond to the challenges of this new
environment, especially in the context of emerging
technologies such as Industry 4.0 and Industry 5.0. The
Industry 4.0, which is also called the Fourth Industrial
Revolution (4IR) has ushered in a new era of industrialization,
which is characterized by the integration of advanced
technologies into various aspects of industrial processes [1]–
[3]. This integration is mainly manifested through the cyber
physical systems and the proliferation of devices on the
Internet of Things (IoT), which has led to an unparalleled
advances in efficiency and productivity [3]. The IoT
connectivity has also enabled multiple devices to seamlessly
generate and share massive amount of data which also include
sensitive personal data such as Personal Identifiable
Information (PII) and health data. The IoT landscape has also
transformed and advanced the way industries such as smart
factories, smart cities, smart homes, and hospital facilities,
functions. An example of the IoT transformation is also
depicted in Fig. 1.
Fig. 1. Applications of the Fourth Industrial Revolution
However, the evolving digital landscape in Industry 4.0
and Industry 5.0 presents significant challenges for digital
forensics investigations due to the vast and diverse data
sources, which demands efficient technologies to handle the
data acquisition, processing, and analysis at an incredible
speed. Traditional digital forensic tools may not be able to
handle the scale and variety of data generated in Industry 4.0
and Industry 5.0 environments. In any critical industrial
environments, there is often a need for a real-time analysis of
digital evidence to enable timely incident response and fast
decision-making. Traditional digital forensic processes may
be too slow for these requirements, potentially delaying
incident response and increasing the risk of further damage or
compromise. The continuous development of new
technologies through industrial revolutions, and the
emergence of highly sophisticated cyberattacks demand an
adaptable digital forensic technique to keep pace with the
evolving cyberthreats. Traditional digital forensic frameworks
may not be able to easily adapt to address these new
challenges, potentially leaving organizations vulnerable to
emerging attack vectors. The challenges of digital forensics in
Proceedings of the 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT-2024)
IEEE Xplore Part Number: CFP24CV1-ART; ISBN: 979-8-3503-2753-3
979-8-3503-2753-3/24/$31.00 ©2024 IEEE 1686
2024 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT) | 979-8-3503-2753-3/24/$31.00 ©2024 IEEE | DOI: 10.1109/IDCIOT59759.2024.10467482
Authorized licensed use limited to: CSIR Information Svcs. Downloaded on April 01,2024 at 10:19:26 UTC from IEEE Xplore. Restrictions apply.
Industry 4.0 and Industry 5.0 can have severe consequences
which include but not limited to delayed incident response,
insufficient evidence for legal proceedings, loss of Intellectual
Property and sensitive data.
To address the challenges of digital forensics in Industry
4.0 and Industry 5.0, this paper proposes an adaptive digital
forensic framework designed to be dynamic, scalable, and
adaptable to the ever-evolving nature of the industrial
environments. The framework encompasses several key
components or elements including the continuous monitoring
and adaptation, integration with industrial systems, real-time
advanced data processing and analysis, digital evidence
preservation and Chain of Custody, adaptable digital evidence
analysis techniques, cross border jurisdiction collaboration,
multi stakeholder collaboration. Using these pillars,
investigators can effectively navigate the complexities of
digital environments, ensuring accurate and comprehensive
forensic investigations.
The proposed framework is novel in its emphasis on
adaptability, integration with industrial systems, and real-time
data processing and analysis. It provides a comprehensive and
adaptable approach to digital forensics in the evolving digital
landscape of the Industry 4.0 and the Industry 5.0, effectively
addressing the challenges posed by vast and diverse data
sources, the real-time requirements, the distributed and
heterogeneous systems, and the evolving technologies and
security threats. What distinguishes the proposed framework
is its holistic approach to digital forensic investigations in the
context of Industry 4.0 and Industry 5.0. In essence, the
proposed adaptive digital forensic framework represents a
significant advancement in the field of digital forensics,
addressing the unique challenges and opportunities posed by
the evolving digital landscape of Industry 4.0 and Industry 5.0.
Its adaptability, integration capabilities, real-time data
processing, and emphasis on evidence preservation make it a
valuable tool for organizations operating in these
environments.
II. LITERATURE SURVERY
Existing digital forensic frameworks primarily focus on
traditional computing environments and lack the adaptability
required for the complex and dynamic digital landscape of
Industry 4.0 and Industry 5.0 [4]–[7]. Research on digital
forensics in industrial settings is still in its early stages, with a
growing need for comprehensive and adaptable frameworks
[8]–[13]. The field of digital forensics has a long history from
the period of visual inspection of questioned documents and
has seen significant evolution over the past several decades
[7], [14], [15]. Initially focused on computer systems, it has
expanded to encompass a wide range of digital devices and
platforms such as mobile forensics, database forensics, IoT
forensics, network forensics, ransomware forensics and many
others. Traditional forensic methods as depicted in
Fig. 4, primarily designed for static environments and are now
faced with intricate challenges in keeping pace with the
dynamic nature of the modern digital ecosystems due to the
forever evolving landscape of technology through the
industrial revolution [8], [16]–[25]. During the Industry 3.0
era, there were not so many challenges pertaining to the
investigations of digital crimes because not many devices
connected through the Internet unlike currently. The 4IR
brings about a new era of communication in which devices are
connected and massive data can be generated and processed at
high speed through IoT technology.
Fig. 2. The Overview of Industrial Revolutions
In Industry 4.0, there is a new paradigm shift in industrial
processes, characterized by the integration of IoT devices,
advanced analytics, and automation, which plays a crucial role
in the current world development [3]. This transformation not
only brought about unprecedented levels of efficiency and
productivity, but has also introduced complexities in the
digital forensics process, with a surge in the volume and
diversity of data sources, privacy, and security of data, and the
lack of legal frameworks for cross-border jurisdictional digital
crimes. The sheer scale of interconnected devices, as depicted
in Fig.
3, coupled with the heterogeneity of data sources, necessitates
innovative investigative frameworks, tools, and technologies.
These emerging technologies and tools are good for increasing
production in industrial settings, healthcare, and research, but
they have also created a platform for cybercriminals to create
malicious intelligence software much faster than before. The
real-time incident response has also added further complexity,
requiring agile and efficient forensic procedures.
Fig. 3. Overview of some emerging technologies
The imminent transition to Industry 5.0, which introduces
a human-centric approach to technology development
focusing on collaboration between humans and machines, has
also introduced more complex challenges for digital forensic
investigators [26]–[31]. This evolution necessitates another
shift in the focus of digital forensics toward human-machine
interaction analysis. In addition to this, the integration of
Artificial Intelligence (AI) and collaborative robotics in
Industry 5.0 brings forth new challenges and opportunities for
digital investigations.
Existing digital forensic techniques and technologies as
depicted in Fig.
4, while effective in traditional environments, face limitations
in the context of Industry 4.0 and the upcoming Industry 5.0.
These methodologies often lack the adaptability, real-time
capabilities, and collaborative frameworks required to
navigate the complexities of modern industrial ecosystems.
Proceedings of the 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT-2024)
IEEE Xplore Part Number: CFP24CV1-ART; ISBN: 979-8-3503-2753-3
979-8-3503-2753-3/24/$31.00 ©2024 IEEE 1687
Authorized licensed use limited to: CSIR Information Svcs. Downloaded on April 01,2024 at 10:19:26 UTC from IEEE Xplore. Restrictions apply.
Fig. 4. Traditional Digital Forensic Investigation Process
Blockchain technology has also emerged as one of the best
technologies known for its immutability and transparency, and
is also being exploited in the digital forensic investigation
process [32]–[37]. Blockchain technology is crucial due to its
potential to ensure the integrity and authenticity of digital
evidence and is particularly relevant in environments where
evidence can be subject to manipulation or alteration [38]–
[41].
The integration of machine learning (ML) and AI in digital
forensics is a burgeoning area of research, and can improve
the digital investigation process using AI powered digital
forensic processes such as smart evidence acquisition, smart
evidence extraction, smart evidence analysis, and also smart
evidence presentation and reporting as depicted in
Fig. 5. These technologies offer capabilities for automated
anomaly detection, pattern recognition, and contextual
analysis, significantly enhancing the efficiency and accuracy
of forensic investigations.
Fig. 5. An overview of the AI Powered Forensic Investigations
The importance of multidisciplinary collaboration in
digital forensics cannot be overstated. Engaging forensic
experts, legal professionals, industry stakeholders, and
technology providers fosters a comprehensive understanding
of the investigative landscape. This collaborative approach
ensures that a wide range of expertise and resources are used
for effective investigations.
Anticipating future trends is essential to ensure the
continued relevance and effectiveness of digital forensics
methodologies. Areas such as quantum computing, edge
computing, and the integration of augmented reality (AR) and
virtual reality (VR) technologies are poised to introduce new
challenges and opportunities for digital investigations. The
evolution of new technologies has already presented intricate
challenges in digital forensics, including cross-border
jurisdiction, emerging hardware, and software, IoT, and
forensic data pooling. Big IoT Data analysis, as summarized
in Fig.
6.
Fig. 6. An overview of the future challenges in digital forensics
The background literature survey provides a
comprehensive overview of the key elements that influence
the evolution of digital forensics in the context of Industry 4.0
and Industry 5.0. It serves as the foundation for the proposed
methodology which addresses the unique intricate challenges
and opportunities presented by these evolving landscapes of
the industrial revolution.
III. PROPOSED METHODOLOGY
The proposed framework offers several advantages due to
the combination of technologies used, as depicted in
Fig. 7. The technology in the proposed framework offers the
following key components:
A. AI-powered data acquisition component.
AI powered tools can automate the collection and
processing of large quantities of digital evidence and
significantly reduce the time and effort required by
researchers. This automation frees researchers to concentrate
on higher-level tasks such as analysis and interpretation.
AI algorithms can identify and extract relevant data from
a wide range of sources, including complex non-structured
data formats. This capability helps researchers quickly find
critical evidence that traditional methods can ignore.
AI can assist in determining and prioritizing large datasets
and enable researchers to focus first on the most relevant and
high-value evidence. This prioritization simplifies the
investigation process and helps ensure that investigators do
not miss important information.
AI algorithms can analyze large-scale data sets to identify
hidden patterns, anomalies and correlations that may indicate
malicious activity or data manipulation. This capability helps
to discover evidence that cannot be seen by the human eye.
AI can provide real-time insights into the data collected,
allowing researchers to make informed decisions quickly and
proactively address potential threats. This real-time analysis is
particularly valuable for time-sensitive research. The
acquisition of data by artificial intelligence reduces the risk of
human errors and biases, ensuring that evidence is collected
and processed consistently, objectively and impartially.
Proceedings of the 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT-2024)
IEEE Xplore Part Number: CFP24CV1-ART; ISBN: 979-8-3503-2753-3
979-8-3503-2753-3/24/$31.00 ©2024 IEEE 1688
Authorized licensed use limited to: CSIR Information Svcs. Downloaded on April 01,2024 at 10:19:26 UTC from IEEE Xplore. Restrictions apply.
Artificial intelligence algorithms can adapt to new and
evolving data sources, ensuring that digital forensic tools
remain effective in changing the digital landscape.
AI-powered data acquisition tools can be integrated with
existing digital forensic tools to improve their capabilities and
provide a comprehensive solution for digital investigations.
Overall, AI-based data acquisition has transformed the
field of digital forensics and enabled researchers to collect,
analyze, and interpret large amounts of data more efficiently
and effectively. With the continued development of AI
technologies, its role in digital criminal justice is expected to
grow further, increasing the ability to uncover hidden
evidence, identify malicious activities and protect sensitive
information.
B. Blockchain-based data preservation component.
Blockchains can be used to create an immutable chain of
custody for digital evidence and ensure its integrity and
traceability. The inherent immutability of the blockchain
technology ensures that once data is recorded on the
blockchain it cannot be altered or modified. This creates a
record of all data audits that are performed and provides
indisputable records of its authenticity and integrity.
The distributed nature of the blockchain makes it
transparent to all authorized participants, enabling them to
follow the chain of custody of digital evidence. This
transparency promotes trust and cooperation between
researchers and stakeholders and ensures that no one can
manipulate evidence without being detected.
The decentralized storage model of the blockchain
eliminates the need for a single point of failure, making it
highly resistant to manipulation and data loss. Data is
distributed over multiple nodes and reduces the risk of data
loss and unauthorized access.
In legal proceedings, the integrity and authenticity of
digital evidence are crucial for its admissibility. Blockchain's
tamper-proof nature and transparent chain of custody
strengthen the credibility of digital evidence, making it more
likely to be accepted by courts.
Blockchain technology is platform independent, allowing
it to process data from various sources such as computers,
mobile devices, IoT devices, and cloud storage systems. This
versatility makes it a valuable tool for digital legal research
involving multiple data sources.
Blockchain architecture is scalable and can accommodate
increasing amounts of data with increasing complexity in
digital legal investigations. In addition, its adaptability allows
it to integrate with emerging technologies and developing
criminal law methods.
Overall, blockchain-based data storage provides
promising solutions to the challenges of data integrity,
transparency, and security in digital forensics. As blockchain
technology matures, adoption in the field of digital forensics
is expected to increase, thereby improving the reliability and
effectiveness of digital investigations.
C. Edge Computing for Advanced Data Analysis
component.
Edge computing allows a real-time or near-real-time
analysis of digital data, reducing latency and improving
response time. This is crucial for time-sensitive investigations
to enable investigators to make timely decisions and respond
more effectively to potential threats.
By processing data closer to the source, the edge
calculation significantly reduces the amount of data to be
transferred to the network and minimizes bandwidth
consumption and associated costs.
Edge computing maintains the location of sensitive data,
reducing the risk of data breach and unauthorized access
during transmission. This increased security is particularly
important for investigations of confidential or sensitive
information.
Edge computing can be distributed, and computing
resources can be located near data sources. This scalability
enables efficient processing of large amounts of data and
allows for the expansion of legal capabilities to remote
locations. Edge computing allows offline data analysis in
environments where network connectivity is limited or absent.
This ability is particularly valuable in research in remote areas
and in situations where network damage occurs.
Edge computing facilitates the integration of IoT devices
and their generated data into digital forensics investigations.
This integration provides a comprehensive view of the digital
landscape, enabling investigators to identify potential
correlations and uncover hidden evidence.
Edge computing allows real-time threat detection and
response, so that researchers can identify and neutralize
cyberattacks when they occur. This capability is essential to
prevent further damage and protect sensitive data.
Edge computing reduces dependence on cloud
infrastructure, minimizes the risks associated with cloud
failures or data privacy concerns. This self-reliance allows
greater control over data security and availability.
Overall, edge computing is a transformational approach
for advanced data analysis in digital forensics. By bringing
computer resources closer to data sources, edge computing
enables real-time analysis, reduces latency, improves security,
and improves overall efficiency. As the volume and
complexity of digital data continues to increase, edge
computing is ready to play an increasingly important role in
digital forensic investigation.
D. Collaborative Multistakeholder Engagement component.
By bringing together experts from various organizations
and disciplines, the collaboration of multi-stakeholders
facilitates the integration of knowledge and resources, thereby
solving complex digital legal challenges that may exceed any
organization's capabilities.
Collaboration engagement promotes data sharing between
organizations, provides investigators with a more
comprehensive view of the digital landscape and enables them
to identify patterns and correlations that are not apparent from
isolated data sets.
Cooperation between the stakeholders promotes the
development and adoption of standardized methods,
regulation, and governance procedures, ensures coherence in
digital criminal investigations, and improves the admissibility
of digital evidence in legal proceedings.
Collaborative cooperation enables organizations to share
threat information and coordinate response to cyberattacks
more effectively. This cooperation will allow the detection,
Proceedings of the 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT-2024)
IEEE Xplore Part Number: CFP24CV1-ART; ISBN: 979-8-3503-2753-3
979-8-3503-2753-3/24/$31.00 ©2024 IEEE 1689
Authorized licensed use limited to: CSIR Information Svcs. Downloaded on April 01,2024 at 10:19:26 UTC from IEEE Xplore. Restrictions apply.
control, and resolution of cyberattacks to be faster and reduce
the impact on businesses and individuals.
Cooperative multi-stakeholder engagement promotes a
culture of innovation and knowledge sharing, resulting in the
development of new tools, techniques, and best practices for
digital forensics.
By engaging with stakeholders of various backgrounds,
including law enforcement agencies, industry, universities and
civil society, cooperation with multiple stakeholders promotes
transparency and accountability and increases public trust and
confidence in the digital forensics process.
The challenges of digital forensics often cross-national
borders and require collaboration between stakeholders
around the world. The multistakeholder collaboration
facilitates international cooperation in addressing global
cybersecurity threats.
Collaboration between stakeholders can promote the
development and adoption of ethical and responsible digital
forensic practices and ensure investigations are carried out in
accordance with privacy, data integrity and the rule of law.
Overall, collaboration with multi-stakeholder engagement
plays an important role in improving the effectiveness,
efficiency and credibility of digital forensics investigations.
By bringing together experts from various fields and
organizations, the cooperation will promote knowledge
exchange, standardize practices, improve threat response, and
ultimately contribute to a safer and safer digital environment
for everyone.
Fig. 7. An overview of the AI Powered Digital Forensics
The proposed framework addresses not only the current
challenges in digital forensic investigations but also future
proof discipline for the impending transition to Industry 5.0.
By incorporating real-time evidence collection, advanced
analytics, and collaborative engagement, investigators are
equipped with a versatile toolkit to navigate the complexities
of evolving digital environments, making the proposed
framework more prominent over traditional digital forensic
methodologies.
IV. DISCUSSION AND ANALAYSIS
The analysis of the proposed framework has been
discussed in detail by using real-life case studies to ensure that
the framework can be implemented and deployed in real-life
scenarios. The discussions are based on the cyber incident that
occurred in Industry 4.0 environments so that it can be
determined if significant improvements in the efficiency and
accuracy of digital forensic investigations can be realized. The
main emphasis on the chosen case studies is based on dynamic
evidence collection and preservation strategies to ensure the
integrity of evidence, advanced analytics, and artificial
intelligence to enhance investigative capabilities, and
collaborative multistakeholder engagement that further
enriches the investigative process, bringing diverse expertise
to the table.
A. Analysis of Challenges
The evolving digital landscape in Industry 4.0 and
Industry 5.0 presents significant challenges for digital
forensics investigations, including:
• Vast and diverse data sources:
The sheer volume and diversity of data generated by
interconnected devices and industrial processes pose
challenges in data acquisition, processing, and analysis.
Traditional digital forensic tools may not be able to handle the
scale and variety of data generated in Industry 4.0 and Industry
5.0 environments.
• Real-time requirements:
In critical industrial environments, there is often a need for
real-time or near-real-time analysis of digital evidence to
enable timely incident response and decision-making.
Traditional digital forensic processes may be too slow for
these requirements, potentially delaying incident response and
increasing the risk of further damage or compromise.
• Distributed and heterogeneous systems:
Industrial systems often involve distributed and
heterogeneous networks, making it difficult to trace digital
evidence across multiple locations and platforms. Traditional
digital forensic frameworks may not be designed to handle
these complex network architectures, hindering the ability to
effectively reconstruct events and identify the root cause of
incidents.
• Evolving technologies and security threats:
The continuous introduction of new technologies and the
emergence of sophisticated cyberattacks demand adaptable
forensic methodologies to keep pace with evolving threats.
Traditional digital forensic frameworks may not be able to
adapt quickly enough to address these new challenges,
potentially leaving organizations vulnerable to emerging
attack vectors.
B. Analysis of Opportunities
The challenges posed by the evolving digital landscape in
Industry 4.0 and Industry 5.0 also present opportunities for
innovation and advancement in digital forensics including:
• Development of specialized data acquisition
techniques for handling the vast and diverse data
generated by industrial systems.
• Real-time analysis capabilities to enable timely
identification and investigation of security incidents.
• Integration with emerging technologies in industrial
environments to gain a comprehensive view of the
digital landscape.
This work is funded by the Department of Science and Innovation (DSI).
Proceedings of the 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT-2024)
IEEE Xplore Part Number: CFP24CV1-ART; ISBN: 979-8-3503-2753-3
979-8-3503-2753-3/24/$31.00 ©2024 IEEE 1690
Authorized licensed use limited to: CSIR Information Svcs. Downloaded on April 01,2024 at 10:19:26 UTC from IEEE Xplore. Restrictions apply.
• Collaborative research and development efforts to
address the challenges and opportunities of digital
forensics in Industry 4.0 and Industry 5.0.
V. REAL LIFE CASE STUDIES
A. Case 1: Stuxnet Attack on Iranian Nuclear Facilities
(2010)
In the year 2010, a Stuxnet, which has been described as a
sophisticated computer worm, targeted the supervisory
control and data acquisition (SCADA) systems at an Iranian
nuclear facility. The main objective of the cyber incident was
to disrupt the uranium enrichment processes.
To mitigate the incident, the cyber incident response team
implemented real-time evidence collection mechanisms to
analyze the behavior of the detected malware as it unfolded
from time to time. Cybersecurity experts around the world
also collaborated on this incident to perform a real-time
analysis of Stuxnet malware employing advanced analytics to
understand its code structure and functionality.
This cyber incident has triggered international
collaboration between cybersecurity professionals, private
cybersecurity companies, and government law enforcement
agencies to share their findings and develop robust
countermeasures.
The collection of real-time evidence, advanced analytics,
and collaborative engagement contributed to a deeper
understanding of the Stuxnet malware. Although the Stuxnet
cyberattack had severe consequences, the collaborative
response helped to improve global cybersecurity awareness,
leading to better cybersecurity defence mechanisms against
sophisticated cyberattacks.
B. Case 2: NotPetya Ransomware Attack (2017)
In 2017, there were reports that NotPetya ransomware
attacks had affected numerous organizations around the world
and disrupted many critical infrastructures, causing millions
of dollars in financial losses.
The cybersecurity incident response team from affected
organizations implemented a real-time network traffic
analysis to identify the spread of ransomware and its
communication patterns. They used advanced analytics tools
to analyze the behavior of the NotPetya to identify affected
systems and understand the attack vectors and the rate of
spread. Most of the organizations that were hit by the
NotPetya malware actively shared their threat intelligence
findings, allowing other similar organizations to better
understand and defend against the evolving nature of the
attack.
Real-time evidence collection and advanced analytics
helped affected organizations respond quickly to the NotPetya
cyber incident. Strong multistakeholder collaborative
engagement has also facilitated the sharing of information and
digital evidence, and this has contributed to the development
of effective remediation strategies and improved
cybersecurity practices.
C. Case 3: Triton/Trisis Malware Attack (2017)
In 2017, another malware attack named Triton / Trisis
malware had targeted industrial control systems (ICS) in the
critical infrastructure with the intention of causing physical
damage by manipulating safety systems within the critical
infrastructure.
The cybersecurity incident response team of the affected
critical infrastructure implemented real-time monitoring of
industrial control systems to identify anomalies and potential
safety breaches. The cybersecurity incident response team
also performed advanced analytics tools and technologies on
the behavior of Triton / Trisis malware so that they can
understand the specific impact and the rate of spread across
safety systems. The team shared any relevant and crucial
information about Triton/Trisis with other industrial
organizations to enable a strong multistakeholder
collaborative effort to develop cybersecurity countermeasures
and strengthen the digital forensic investigative team.
In this cyber incident, real-time evidence collection and
advanced analytics technologies had helped mitigate the
Triton/Trisis cyber incident. Collaborative efforts within
industry experts have led to improved awareness of
vulnerabilities in critical industrial infrastructure
vulnerabilities and the development of proactive security
measures.
D. Case 4: SolarWinds Supply Chain Attack (2020)
In 2020, another cyber incident was described as the
SolarWinds supply chain attack, which was used to
compromise supply chain software, and this has led to the
infiltration of numerous government and private
organizations.
The Supply Chain Monitoring and Cyber Incident
Response Team used real-time monitoring technology in
supply chain software to detect anomalies and unauthorized
modification of software packages. Advanced analytics
technologies were used to analyze the behavior of
compromised systems and identify unusual patterns that
indicate infection from the SolarWinds cyber attack. Multi-
stakeholder collaboration between affected organizations,
cybersecurity firms, and government agencies facilitated the
sharing of the threat intelligence report and the development
of effective cybersecurity incident response strategies and
strengthened digital forensic investigation processes.
Generally, in response to the incident, the real-time
evidence collection tools, advanced analytics technologies,
and multi-stakeholder collaborative engagement played a
crucial role in the mitigation of the SolarWinds incident. The
coordinated response helps affected entities identify and
quickly remove compromised software from their systems,
preventing further damage.
These case studies highlight the importance of using real-
time evidence collection, advanced analytics, and
collaborative engagement to effectively respond to and
mitigate cyber incidents in smart factories within the Industry
4.0 landscape. Integration of these strategies is essential to
safeguard critical industrial processes and maintain the
resilience of smart manufacturing environments.
VI. CONCLUSION AND FUTURE WORK
The evolution of digital forensics investigations is
inseparable from rapid advancements through Industry 4.0
and 5.0 technological processes. The proposed framework
provides a comprehensive and adaptive framework that not
only confronts the challenges of Industry 4.0 but also sets the
stage for a seamless transition to Industry 5.0, by leveraging
emerging technologies such as AI, blockchain, and edge
computing that have the potential to address these challenges
and enable more effective digital forensic investigations of
Proceedings of the 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT-2024)
IEEE Xplore Part Number: CFP24CV1-ART; ISBN: 979-8-3503-2753-3
979-8-3503-2753-3/24/$31.00 ©2024 IEEE 1691
Authorized licensed use limited to: CSIR Information Svcs. Downloaded on April 01,2024 at 10:19:26 UTC from IEEE Xplore. Restrictions apply.
cyberattacks, data breaches, and other incidents in Industry 4.0
environments. Through a framework that merges dynamic
evidence collection, advanced analytics technologies, and
collaborative multi-stakeholder engagement, digital forensic
investigators can confidently navigate the complexities of the
evolving digital landscape with emerging technology
environments.
In the future, the focus of this research will be on further
developing and refining the proposed framework, exploring
new applications of AI, blockchain and edge computing in
digital forensics, and investigating the implications of
Industry 5.0 and Industry 6.0 for digital forensic
investigations.
ACKNOWLEDGMENT
The authors extend their gratitude to the Department of
Science and Innovation (DSI) for their funding support.
REFERENCES
[1] Y. Lu, “Industry 4.0: A survey on technologies,
applications and open research issues,” Journal of
Industrial Information Integration, vol. 6. Elsevier B.V.,
pp. 1–10, Jun. 01, 2017. doi: 10.1016/j.jii.2017.04.005.
[2] M. Xu, J. M. David, and S. H. Kim, “The fourth industrial
revolution: Opportunities and challenges,” International
Journal of Financial Research, vol. 9, no. 2, 2018, doi:
10.5430/ijfr.v9n2p90.
[3] M. T. Okano, “IOT and Industry 4.0: The Industrial New
Revolution,” ICMIS-17 - International Conference on
Management and Information Systems, no. September,
2017.
[4] G. W. Manes and E. D. Avansic, “Digital Forensics,” IEEE
Security & Privacy, pp. 1–4, Mar. 2009. [Online].
Available: www.thekesslernotebook.com,
[5] M. Pollitt, M. Caloyannides, J. Novotny, and S. Shenoi,
“Digital Forensics: Operational, Legal and Research
Issues.,” in Springer, vol. XVII, Springer, 2004, pp. 1–11.
[6] R. I. Ferguson, K. Renaud, S. Wilford, and A. Irons,
“PRECEPT: a framework for ethical digital forensics
investigations,” Journal of Intellectual Capital, vol. 21, no.
2, pp. 257–290, May 2020, doi: 10.1108/JIC-05-2019-
0097.
[7] M. Pollitt, “IFIP AICT 337 - A History of Digital
Forensics,” in Sixth IFIP WG 11.9 International
Conference on Digital Forensics, Hong Kong: Springer,
Jan. 2010, pp. 1–13.
[8] A. AboBakr and M. Azer, “IoT Ethics Challenges and
Legal Issues,” in 2017 12th International Conference on
Computer Engineering and Systems (ICCES), Cairo: IEEE,
Dec. 2017, pp. 1–5.
[9] T. Wu, F. Breitinger, and I. Baggili, “IoT ignorance is
digital forensics research bliss: A survey to understand IoT
forensics definitions, challenges and future research
directions,” in ACM International Conference Proceeding
Series, Association for Computing Machinery, Aug. 2019.
doi: 10.1145/3339252.3340504.
[10] A. Karale, “The Challenges of IoT Addressing Security,
Ethics, Privacy, and Laws,” Internet of Things
(Netherlands), vol. 15. Elsevier B.V., Sep. 01, 2021. doi:
10.1016/j.iot.2021.100420.
[11] T. Janarthanan, M. Bagheri, and S. Zargari, “IoT Forensics:
An Overview of the Current Issues and Challenges,” in
Advanced Sciences and Technologies for Security
Applications, 2021. doi: 10.1007/978-3-030-60425-7_10.
[12] A. Alenezi, H. F. Atlam, R. Alsagri, M. O. Alassafi, and G.
B. Wills, “IoT forensics: A state-of-the-art review,
challenges and future directions,” in COMPLEXIS 2019 -
Proceedings of the 4th International Conference on
Complexity, Future Information Systems and Risk,
SciTePress, 2019, pp. 106–115. doi:
10.5220/0007905401060115.
[13] F. Dalipi and S. Y. Yayilgan, “Security and privacy
considerations for IoT application on smart grids: Survey
and research challenges,” in Proceedings - 2016 4th
International Conference on Future Internet of Things and
Cloud Workshops, W-FiCloud 2016, Institute of Electrical
and Electronics Engineers Inc., Oct. 2016, pp. 63–68. doi:
10.1109/W-FiCloud.2016.28.
[14] E. K. Mabuto and H. S. Venter, “State of the art of Digital
Forensic Techniques,” Information Security for South
Africa (ISSA) (2011), pp. 1–7, 2011.
[15] S. C. Schroeder, “How to be a digital forensic expert
witness,” in Proceedings - First International Workshop on
Systematic Approaches to Digital Forensic Engineering,
2005. doi: 10.1109/SADFE.2005.18.
[16] A. Pichan, M. Lazarescu, and S. T. Soh, “Cloud forensics:
Technical challenges, solutions and comparative analysis,”
Digit Investig, vol. 13, pp. 38–57, Jun. 2015, doi:
10.1016/j.diin.2015.03.002.
[17] P. Jain and A. Mahalkari, “Review of Cloud Forensics:
Challenges, Solutions and Comparative Analysis,” Int J
Comput Appl, vol. 178, no. 34, 2019, doi:
10.5120/ijca2019919220.
[18] S. Zawoad and R. Hasan, “Digital Forensics in the Age of
Big Data: Challenges, Approaches, and Opportunities,” in
2015 IEEE 17th International Conference on High
Performance Computing and Communications, 2015 IEEE
7th International Symposium on Cyberspace Safety and
Security, and 2015 IEEE 12th International Conference on
Embedded Software and Systems, IEEE, Aug. 2015, pp.
1320–1325. doi: 10.1109/HPCC-CSS-ICESS.2015.305.
[19] M. Cook, A. Marnerides, C. Johnson, and D. Pezaros, “A
Survey on Industrial Control System Digital Forensics:
Challenges, Advances and Future Directions,” IEEE
Communications Surveys and Tutorials, 2023, doi:
10.1109/COMST.2023.3264680.
[20] F. Casino et al., “Research Trends, Challenges, and
Emerging Topics in Digital Forensics: A Review of
Reviews,” IEEE Access, vol. 10. Institute of Electrical and
Electronics Engineers Inc., pp. 25464–25493, 2022. doi:
10.1109/ACCESS.2022.3154059.
[21] M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis,
and E. K. Markakis, “A Survey on the Internet of Things
(IoT) Forensics: Challenges, Approaches, and Open
Issues,” IEEE Communications Surveys and Tutorials, vol.
22, no. 2. Institute of Electrical and Electronics Engineers
Inc., pp. 1191–1221, Apr. 01, 2020. doi:
10.1109/COMST.2019.2962586.
[22] K. Marshall and A. Rea, “Legal challenges in cloud
forensics,” in 27th Annual Americas Conference on
Information Systems, AMCIS 2021, 2021.
[23] J. J. Shah and L. G. Malik, “Cloud forensics: Issues and
challenges,” in International Conference on Emerging
Trends in Engineering and Technology, ICETET, IEEE
Computer Society, 2013, pp. 138–139. doi:
10.1109/ICETET.2013.44.
[24] M. Herman et al., “NIST cloud computing forensic science
challenges,” Gaithersburg, MD, Aug. 2020. doi:
10.6028/NIST.IR.8006.
[25] S. Ahmed Ali, S. Memon, and F. Sahito, “Challenges and
solutions in cloud forensics,” in ACM International
Conference Proceeding Series, Association for Computing
Machinery, Aug. 2018, pp. 6–10. doi:
10.1145/3264560.3264565.
Proceedings of the 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT-2024)
IEEE Xplore Part Number: CFP24CV1-ART; ISBN: 979-8-3503-2753-3
979-8-3503-2753-3/24/$31.00 ©2024 IEEE 1692
Authorized licensed use limited to: CSIR Information Svcs. Downloaded on April 01,2024 at 10:19:26 UTC from IEEE Xplore. Restrictions apply.
[26] X. Xu, Y. Lu, B. Vogel-Heuser, and L. Wang, “Industry
4.0 and Industry 5.0—Inception, conception and
perception,” J Manuf Syst, vol. 61, pp. 530–535, Oct. 2021,
doi: 10.1016/j.jmsy.2021.10.006.
[27] A. Raja Santhi and P. Muthuswamy, “Industry 5.0 or
industry 4.0S? Introduction to industry 4.0 and a peek into
the prospective industry 5.0 technologies,” International
Journal on Interactive Design and Manufacturing, vol. 17,
no. 2, pp. 947–979, Apr. 2023, doi: 10.1007/s12008-023-
01217-8.
[28] M. Golovianko, V. Terziyan, V. Branytskyi, and D. Malyk,
“Industry 4.0 vs. Industry 5.0: Co-existence, Transition, or
a Hybrid,” in Procedia Computer Science, Elsevier B.V.,
2022, pp. 102–113. doi: 10.1016/j.procs.2022.12.206.
[29] A. Adel, “A Conceptual Framework to Improve Cyber
Forensic Administration in Industry 5.0: Qualitative Study
Approach,” Forensic Sciences, vol. 2, no. 1, pp. 111–129,
Feb. 2022, doi: 10.3390/forensicsci2010009.
[30] P. Thakur and V. Kumar Sehgal, “Emerging architecture
for heterogeneous smart cyber-physical systems for
industry 5.0,” Comput Ind Eng, vol. 162, Dec. 2021, doi:
10.1016/j.cie.2021.107750.
[31] A. Adel, “Future of industry 5.0 in society: human-centric
solutions, challenges and prospective research areas,”
Journal of Cloud Computing, vol. 11, no. 1. Springer
Science and Business Media Deutschland GmbH, Dec. 01,
2022. doi: 10.1186/s13677-022-00314-5.
[32] R. Kamal, E. E. D. Hemdan, and N. El-Fishway, “A review
study on blockchain-based IoT security and forensics,”
Multimed Tools Appl, vol. 80, no. 30, pp. 36183–36214,
Dec. 2021, doi: 10.1007/s11042-021-11350-9.
[33] S. Li, T. Qin, and G. Min, “Blockchain-Based Digital
Forensics Investigation Framework in the Internet of
Things and Social Systems,” IEEE Trans Comput Soc Syst,
vol. 6, no. 6, pp. 1433–1441, Dec. 2019, doi:
10.1109/TCSS.2019.2927431.
[34] O. Akter, A. Akther, M. A. Uddin, and M. Manowarul
Islam, “Cloud Forensics: Challenges and Blockchain
Based Solutions,” International Journal of Wireless and
Microwave Technologies, vol. 10, no. 5, pp. 1–12, Oct.
2020, doi: 10.5815/ijwmt.2020.05.01.
[35] S. Khanji, O. Alfandi, L. Ahmad, L. Kakkengal, and M. Al-
kfairy, “A systematic analysis on the readiness of
Blockchain integration in IoT forensics,” Forensic Science
International: Digital Investigation, vol. 42–43, Oct. 2022,
doi: 10.1016/j.fsidi.2022.301472.
[36] S. Brotsis et al., “Blockchain meets Internet of Things
(IoT) forensics: A unified framework for IoT ecosystems,”
Internet of Things (Netherlands), vol. 24, Dec. 2023, doi:
10.1016/j.iot.2023.100968.
[37] H. Choura, F. Chaabane, M. Baklouti, and T. Frikha,
“Blockchain for IoT-Based Healthcare using secure and
privacy-preserving watermark,” in Proceedings of the 2022
15th IEEE International Conference on Security of
Information and Networks, SIN 2022, Institute of Electrical
and Electronics Engineers Inc., 2022. doi:
10.1109/SIN56466.2022.9970492.
[38] Sakshi, A. Malik, and A. K. Sharma, “A survey on
blockchain based IoT forensic evidence preservation:
research trends and current challenges,” Multimed Tools
Appl, 2023, doi: 10.1007/s11042-023-17104-z.
[39] S. Rani, H. Babbar, G. Srivastava, T. R. Gadekallu, and G.
Dhiman, “Security Framework for Internet-of-Things-
Based Software-Defined Networks Using Blockchain,”
IEEE Internet Things J, vol. 10, no. 7, pp. 6074–6081, Apr.
2023, doi: 10.1109/JIOT.2022.3223576.
[40] D. Batista et al., “Exploring Blockchain Technology for
Chain of Custody Control in Physical Evidence: A
Systematic Literature Review,” Journal of Risk and
Financial Management, vol. 16, no. 8, p. 360, Aug. 2023,
doi: 10.3390/jrfm16080360.
[41] M. Pourvahab and G. Ekbatanifard, “Digital Forensics
Architecture for Evidence Collection and Provenance
Preservation in IaaS Cloud Environment Using SDN and
Blockchain Technology,” IEEE Access, vol. 7, pp.
153349–153364, 2019, doi:
10.1109/ACCESS.2019.2946978.
Proceedings of the 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT-2024)
IEEE Xplore Part Number: CFP24CV1-ART; ISBN: 979-8-3503-2753-3
979-8-3503-2753-3/24/$31.00 ©2024 IEEE 1693
Authorized licensed use limited to: CSIR Information Svcs. Downloaded on April 01,2024 at 10:19:26 UTC from IEEE Xplore. Restrictions apply.
