Resource Optimization for Evidence Collection and Preservation in IoT Forensics-Ready Access Points

The rapid proliferation of Internet of Things (IoT) devices across diverse sectors has given rise to the field of IoT Forensics, which focuses on analyzing digital traces of IoT appliances for legally significant insights. This field extends traditional digital forensic methods to address the unique characteristics of IoT devices, with the goal of identifying security breaches and reconstructing human activities based on data retrieved from IoT systems. Due to the limited memory and processing capabilities of IoT devices, innovative methods for data collection and analysis are required. As an example, in the Smart Home or Smart Office scenarios intermediate network devices such as Wi-Fi access points may be leveraged for such goals, including monitoring and analysis of IoT network traffic. In this context, this paper proposes a resource optimization model for forensics tasks based on network traffic monitoring and analysis on consumer Wi-Fi access points. The model maximises the expected performance achieved for forensic tasks while balancing the storage and processing capabilities required for data collection in Wi-Fi access points. The proposed model can determine the optimal aggregation window used to group network packets for traffic analysis, the number of statistical features to extract from such packets and the bits per feature to use for data storage, in order to achieve optimal accuracy and maintain low impact on the computing device. Experimental results demonstrate the model’s efficacy in constrained environments, allowing us to decide on the resource allocation in network devices when a high number of tasks is involved.