Investigating IoT Systems Security Attacks using Network Forensics

The Internet of Things (IoT) is driving innovation in various industries by connecting multiple devices to enhance processes and increase efficiency. However, it has also created a massive attack surface, necessitating robust and novel IoT security and forensics solutions. Forensic techniques enable us to comprehend the impact of the security breach on the system and give the scientific evidence required for legal action. IoT systems constitute a network of devices connected wirelessly or through wired channels susceptible to cyber attacks. This paper introduces network forensics, that focuses on analyzing network traffic and monitoring intrusions to investigate and collect data following a security assault. We performed network forensics on a Wi-Fi network compromised by a denial of service (DoS) attack. The attack was developed on the Raspberry Pi, an IoT device configuring the Wi-Fi network. The IoT system under attack was investigated using the Wireshark tool to gather evidence. The generated evidence includes information about deauthentication packets and key re-initiation between the Raspberry Pi and the Wi-Fi network. This research aims to offer IoT system developers a road map for developing a forensics-aware IoT system.