Author Identifier

Andy Lu

Date of Award


Document Type

Thesis - ECU Access Only


Edith Cowan University

Degree Name

Master of Computing and Security by Research


School of Science

First Supervisor

Mike Johnstone

Second Supervisor

Patryk Szewczyk


The number of Internet of Things (IoT) devices is forecast to grow to over 25 billion by 2030, with the healthcare IoT market projected to grow to 25.9% of IoT devices by 2028 worldwide. However, with new and growing technologies come new types of risks. Current risk assessment and risk management methods haven’t been designed to anticipate or predict these risks. IoT risks relate to openness and lack of standardisation, linking and connectivity between the devices and the lack of skilled support for IoT devices and networks. These factors put medical IoT devices and, by extension, their users at risk from cyber threats. Additionally, the attack surface for the medical IoT has not been fully mapped, nor have the risks been fully assessed. The lack of coverage means increased risk for manufacturers, medical facilities, and potentially, patients. This project evaluates the effectiveness of how new and emerging wireless and connected medical devices can be managed and analysed through a digital forensic framework. An initial analysis of the currently available frameworks showed that they did not address the nuances of implementing a wireless or connected medical device into a healthcare organisation.

Digital forensic frameworks that were deemed relevant to wireless medical devices were selected and tested against several currently available wireless medical devices. Four frameworks were tested across four devices each. The outcome was that none of the frameworks was fully able to effectively manage wireless medical devices (at least in terms of the objectives of digital forensics), with each missing elements that would aid an investigator or a hospital organisation in the case of a cyber-related incident.

These results led to the synthesis and testing of a framework that addressed the missing elements. The framework emphasises forensic readiness planning and risk management. The synthesised framework was tested against a new device. The results of the test found that the synthesised framework was effective in both the proactive digital forensics approach and reactive approach. The testing found that the framework performed better than the other tested frameworks, containing additional phases and steps that were advantageous in preparing and reacting to incidents involving wireless medical devices.