Computing and Informatics

The number of cyber incidents in which the Internet of Things (IoT) device or system is present is increasing every day, requiring the opening of forensic investigations that can shed light on what has occurred. In order to be able to provide investigators with proper solutions for performing complete and efficient examinations in this new environment, IoT systems and devices are being studied from a forensic perspective so that tools and procedures can be designed accordingly. In this article, besides reviewing the proposals from the community on this matter, the multi-purpose IoT operating system Ubuntu Core is studied to determine in what way a forensic investigation of this system should be performed, detailing how to approach the acquisition and analysis phases. In addition, both the volatile and non-volatile artifacts that might hold useful information are listed and described, and a forensic tool is presented for their recovery as well as for the acquisition of the non-volatile memory.