A Framework for Storage-Accuracy Optimization of IoT Forensic Analysis

The proliferation of Internet of Things (IoT) devices, coupled with the recent popularity of machine-learning and artificial intelligence has given birth to a new research field named IoT forensics. Such a new field considers network traffic from IoT devices as possible source of evidence for forensic investigations. However, the massive amount of IoT devices and traffic produced makes storage challenging, especially when this is performed on limited-resource edge devices such as e.g., WiFi access points. This paper proposes a framework to optimize the storage-accuracy trade-offs of IoT forensic analysis tasks. The goal of the framework is to find the optimal working point in terms of number of features to extract from network traffic and the number of bits used for quantizing each feature, in order to maximize the IoT forensic task accuracy under storage constraints. After presenting the framework, we validate it over two different IoT forensics tasks: IoT device identification and activity recognition from encrypted traffic of IoT cameras. Results show that with low effort it is possible to find the optimal settings to operate to maximize the analysis accuracy under given storage limitations.