Author Identifier

Vasanth Kumar

http://orcid.org/0000-0001-6285-2864

Date of Award

2024

Document Type

Thesis

Publisher

Edith Cowan University

Degree Name

Doctor of Philosophy

School

School of Science

First Supervisor

Dr Leslie F Sikos

Second Supervisor

Professor Paul Haskell-Dowland

Abstract

Digital forensic investigation involves data acquisition from storage and memory devices including embedded memory, such as flash memory. In the age of IoT-connected systems, in which a typical crime scene often has several interconnected smart devices, chip-off analysis, the physical removal of a microchip from the circuitry for digital forensic acquisition, is time-consuming and can potentially lead to loss of data, even damage to the original memory chip involved in the alleged crime (due to the heat the chip is exposed to during the process). This study introduces a novel system-on-a-chip approach designed for rapid and non-intrusive data acquisition from IoT devices, addressing the limitations of traditional chip-off forensic techniques that often result in data loss and potential damage to memory chips. Utilizing a purpose-designed smart device, this method enables direct data retrieval from the microchip level, integrating seamlessly into a forensic toolkit to improve the speed and integrity of evidence gathering while maintaining the operational state of the device. The method places particular emphasis on physical data acquisition, essential for thorough analysis, including the recovery of deleted files and investigation of file tampering. The research develops a remote acquisition technique that accesses memory modules of diverse smart devices with minimal footprint, offering a device-agnostic solution that preserves data in its last functional state, thus enhancing evidence recovery. By ensuring the forensic soundness of the data extraction process, this innovative approach significantly advances digital forensics, enhancing both the integrity and admissibility of evidence in legal scenarios.

DOI

10.25958/3rrf-j702

Access Note

Access to this thesis is embargoed until 6 August 2029

Download

Available for download on Monday, August 06, 2029

Share

 
COinS