{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T05:53:33Z","timestamp":1781243613544,"version":"3.54.1"},"reference-count":49,"publisher":"MDPI AG","issue":"16","license":[{"start":{"date-parts":[[2024,8,12]],"date-time":"2024-08-12T00:00:00Z","timestamp":1723420800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Cyber Technology Institute (CTI), School of Computer Science and Informatics, DMU, Leicester, United Kingdom"},{"name":"Natural Sciences and Engineering Research Council (NSERC) of Canada"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The Internet of Things forensics is a specialised field within digital forensics that focuses on the identification of security incidents, as well as the collection and analysis of evidence with the aim of preventing future attacks on IoT networks. IoT forensics differs from other digital forensic fields due to the unique characteristics of IoT devices, such as limited processing power and connectivity. Although numerous studies are available on IoT forensics, the field is rapidly evolving, and comprehensive surveys are needed to keep up with new developments, emerging threats, and evolving best practices. In this respect, this paper aims to review the state of the art in IoT forensics and discuss the challenges in current investigation techniques. A qualitative analysis of related reviews in the field of IoT forensics has been conducted, identifying key issues and assessing primary obstacles. Despite the variety of topics and approaches, common issues emerge. The majority of these issues are related to the collection and pre-processing of evidence because of the counter-analysis techniques and challenges associated with gathering data from devices and the cloud. Our analysis extends beyond technological problems; it further identifies the procedural problems with preparedness, reporting, and presentation as well as ethical issues. In particular, it provides insights into emerging threats and challenges in IoT forensics, increases awareness and understanding of the importance of IoT forensics in preventing cybercrimes, and ensures the security and privacy of IoT devices and networks. Our findings make a substantial contribution to the field of IoT forensics, as they not only involve a critical analysis of the challenges presented in existing works but also identify numerous problems. These insights will greatly assist researchers in identifying appropriate directions for their future research.<\/jats:p>","DOI":"10.3390\/s24165210","type":"journal-article","created":{"date-parts":[[2024,8,12]],"date-time":"2024-08-12T11:23:46Z","timestamp":1723461826000},"page":"5210","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["IoT Forensics: Current Perspectives and Future Directions"],"prefix":"10.3390","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9748-6067","authenticated-orcid":false,"given":"Abdulghani Ali","family":"Ahmed","sequence":"first","affiliation":[{"name":"School of Computer Science and Informatics, De Montfort University, The Gateway, Leicester LE1 9BH, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1618-3565","authenticated-orcid":false,"given":"Khalid","family":"Farhan","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of New South Wales, Sydney 2164, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5164-8403","authenticated-orcid":false,"given":"Waheb A.","family":"Jabbar","sequence":"additional","affiliation":[{"name":"College of Engineering, Faculty of Computing, Engineering and the Built Environment, Birmingham City University, Birmingham B4 7XG, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Abdulaleem","family":"Al-Othmani","sequence":"additional","affiliation":[{"name":"School of Computer Science and Informatics, De Montfort University, The Gateway, Leicester LE1 9BH, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6432-9218","authenticated-orcid":false,"given":"Abdullahi Gara","family":"Abdulrahman","sequence":"additional","affiliation":[{"name":"School of Computer Science and Informatics, De Montfort University, The Gateway, Leicester LE1 9BH, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2024,8,12]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"2787","DOI":"10.1016\/j.comnet.2010.05.010","article-title":"The internet of things: A survey","volume":"54","author":"Atzori","year":"2010","journal-title":"Comput. Netw."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"2320","DOI":"10.12928\/telkomnika.v18i5.15911","article-title":"An overview of internet of things","volume":"18","author":"Villamil","year":"2020","journal-title":"Telkomnika (Telecommun. Comput. Electron. Control.)"},{"key":"ref_3","first-page":"18","article-title":"Security and privacy issues in internet of things (IoT)","volume":"2","author":"Gupta","year":"2015","journal-title":"Int. J. Res. Comput. Sci."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"544","DOI":"10.1016\/j.future.2017.07.060","article-title":"Internet of Things security and forensics: Challenges and opportunities","volume":"78","author":"Conti","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Kouahla, Z., Benrazek, A.E., Ferrag, M.A., Farou, B., Seridi, H., Kurulay, M., Anjum, A., and Asheralieva, A. (2021). A survey on big IoT data indexing: Potential solutions, recent advancements, and open issues. Future Internet, 14.","DOI":"10.3390\/fi14010019"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1191","DOI":"10.1109\/COMST.2019.2962586","article-title":"A survey on the internet of things (IoT) forensics: Challenges, approaches, and open issues","volume":"22","author":"Stoyanova","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"100552","DOI":"10.1016\/j.ijcip.2022.100552","article-title":"A taxonomy of IoT firmware security and principal firmware analysis techniques","volume":"38","author":"Nadir","year":"2022","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Oriwoh, E., Jazani, D., Epiphaniou, G., and Sant, P. (2013, January 20\u201323). Internet of things forensics: Challenges and approaches. Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Austin, TX, USA.","DOI":"10.4108\/icst.collaboratecom.2013.254159"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/JIOT.2019.2940713","article-title":"A survey on digital forensics in Internet of Things","volume":"7","author":"Hou","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Alenezi, A., Atlam, H., Alsagri, R., Alassafi, M., and Wills, G. (2019, January 2\u20134). IoT forensics: A state-of-the-art review, challenges and future directions. Proceedings of the 4th International Conference on Complexity, Future Information Systems and Risk (COMPLEXIS 2019), Crete, Greece.","DOI":"10.5220\/0007905401060115"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"100220","DOI":"10.1016\/j.iot.2020.100220","article-title":"Internet of Things Forensics: A Review","volume":"11","author":"Atlam","year":"2020","journal-title":"Internet Things"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.diin.2019.02.005","article-title":"A survey on forensic investigation of operating system logs","volume":"29","author":"Studiawan","year":"2019","journal-title":"Digit. Investig."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MITP.2018.032501747","article-title":"Internet of things forensics: The need, process models, and open issues","volume":"20","author":"Chernyshev","year":"2018","journal-title":"IT Prof."},{"key":"ref_14","unstructured":"Kyei, K., Zavarsky, P., Lindskog, D., and Ruhl, R. (2012, January 25\u201326). A review and comparative study of digital forensic investigation models. Proceedings of the Digital Forensics and Cyber Crime: 4th International Conference, ICDF2C 2012, Lafayette, IN, USA."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Valjarevi\u0107, A., Venter, H., and Petrovi\u0107, R. (2016, January 22\u201323). ISO\/IEC 27043: 2015\u2014Role and application. Proceedings of the 2016 24th Telecommunications Forum (TELFOR), Belgrade, Serbia.","DOI":"10.1109\/TELFOR.2016.7818718"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"S40","DOI":"10.1016\/j.diin.2019.01.014","article-title":"Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns","volume":"28","author":"Pour","year":"2019","journal-title":"Digit. Investig."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"e4946","DOI":"10.1002\/cpe.4946","article-title":"An overview of Internet of Things (IoT): Architectural aspects, challenges, and protocols","volume":"32","author":"Gupta","year":"2020","journal-title":"Concurr. Comput. Pract. Exp."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"20386","DOI":"10.1109\/ACCESS.2020.2969015","article-title":"Traffic Fingerprinting Attacks on Internet of Things Using Machine Learning","volume":"8","author":"Skowron","year":"2020","journal-title":"IEEE Access"},{"key":"ref_19","unstructured":"Fruhlinger, J. (2021, September 27). The Mirai Botnet Explained: How IoT Devices Almost Brought Down the Internet, CSO Online. Available online: https:\/\/www.csoonline.com\/article\/3258748\/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"DeNardis, L. (2020). The Internet in Everything: Freedom and Security in a World with No off Switch, Yale University Press. Available online: http:\/\/ebookcentral.proquest.com\/lib\/dmu\/detail.action?docID=5993944.","DOI":"10.12987\/yale\/9780300233070.001.0001"},{"key":"ref_21","unstructured":"Alabdulsalam, S., Schaefer, K., and Kechadi, T. (2018, January 3\u20135). Internet of Things Forensics: Challenges and Case Study. Proceedings of the 14th IFIP WG 11.9 International Conference, New Delhi, India."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Choudhury, T., Khanna, A., Toe, T.T., Khurana, M., and Nhu, N.G. (2021). Blockchain Technology: Concept, Applications, Challenges, and Security Threats. Blockchain Applications in IoT Ecosystem, Springer International Publishing (EAI\/Springer Innovations in Communication and Computing).","DOI":"10.1007\/978-3-030-65691-1"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"e7142048","DOI":"10.1155\/2021\/7142048","article-title":"Blockchain-Based Internet of Things and Industrial IoT: A Comprehensive Survey","volume":"2021","author":"Dwivedi","year":"2021","journal-title":"Secur. Commun. Netw."},{"key":"ref_24","first-page":"319","article-title":"HoneyNetCloud Investigation Model, A Preventive Process Model for IoT Forensics","volume":"26","author":"Varadharajan","year":"2021","journal-title":"Ing. Syst. Inf."},{"key":"ref_25","first-page":"1","article-title":"IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices","volume":"1","author":"Luo","year":"2017","journal-title":"Black Hat"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Yadav, P., Feraudo, A., Arief, B., Shahandashti, S.F., and Vassilakis, V.G. (2020, January 16\u201319). Position paper: A systematic framework for categorising IoT device fingerprinting mechanisms. Proceedings of the 2nd International Workshop on Challenges in Artificial Intelligence and Machine Learning for Internet of Things, New York, NY, USA.","DOI":"10.1145\/3417313.3429384"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Yousefnezhad, N., Malhi, A., and Fr\u00e4mling, K. (2021). Automated IoT Device Identification Based on Full Packet Information Using Real-Time Network Traffic. Sensors, 21.","DOI":"10.3390\/s21082660"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Mohammad, R.M. (November, January 28). A Neural Network based Digital Forensics Classification. Proceedings of the 2018 IEEE\/ACS 15th International Conference on Computer Systems and Applications (AICCSA), Aqaba, Jordan.","DOI":"10.1109\/AICCSA.2018.8612868"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"23","DOI":"10.32754\/JMT.2020.1.04","article-title":"Digital Forensics of Internet of Things Smart Heating System Investigation","volume":"3","author":"Preda","year":"2020","journal-title":"J. Mil. Technol."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Harbawi, M., and Varol, A. (2017, January 26\u201328). An improved digital evidence acquisition model for the Internet of Things forensic I: A theoretical framework. Proceedings of the 2017 5th International Symposium on Digital Forensic and Security (ISDFS), Tirgu Mures, Romania.","DOI":"10.1109\/ISDFS.2017.7916508"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1186\/s13677-019-0133-z","article-title":"Experts reviews of a cloud forensic readiness framework for organizations","volume":"8","author":"Alenezi","year":"2019","journal-title":"J. Cloud Comput."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Zawoad, S., and Hasan, R. (July, January 27). FAIoT: Towards Building a Forensics Aware Eco System for the Internet of Things. Proceedings of the 2015 IEEE International Conference on Services Computing, New York, NY, USA.","DOI":"10.1109\/SCC.2015.46"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1109\/MTS.2018.2826079","article-title":"Smart IoT Devices in the Home: Security and Privacy Implications","volume":"37","author":"Sivaraman","year":"2018","journal-title":"IEEE Technol. Soc. Mag."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"1126","DOI":"10.1109\/TMM.2017.2764330","article-title":"Edge Computing Framework for Cooperative Video Processing in Multimedia IoT Systems","volume":"20","author":"Long","year":"2018","journal-title":"IEEE Trans. Multimed."},{"key":"ref_35","first-page":"40","article-title":"evaluating the complexity of implementing data processing on IoT-devices","volume":"10","author":"Anufrienko","year":"2021","journal-title":"Vestn. Kompiut. Inf. Tekhnol."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Daimi, K., Arabnia, H.R., Deligiannidis, L., Hwang, M.S., and Tinetti, F.G. (2021). Requirements for IoT Forensic Models: A Review. Advances in Security, Networks, and Internet of Things. Transactions on Computational Science and Computational Intelligence, Springer.","DOI":"10.1007\/978-3-030-71017-0"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Moussa, A.N., Ithnin, N.B., and Miaikil, O.A. (2014, January 12\u201314). Conceptual forensic readiness framework for infrastructure as a service consumers. Proceedings of the 2014 IEEE Conference on Systems, Process and Control (ICSPC 2014), Kuala Lumpur, Malaysia.","DOI":"10.1109\/SPC.2014.7086250"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1016\/j.cose.2013.05.001","article-title":"Integrated digital forensic process model","volume":"38","author":"Kohn","year":"2013","journal-title":"Comput. Secur."},{"key":"ref_39","unstructured":"Du, X., Le-Khac, N.-A., and Scanlon, M. (2017). Evaluation of digital forensic process models with respect to digital forensics as a service. arXiv."},{"key":"ref_40","unstructured":"Hegarty, R., Lamb, D.J., and Attwood, A. (2014, January 8\u201310). Digital evidence challenges in the internet of things. Proceedings of the 10th International Network Conference (INC), Plymouth, UK."},{"key":"ref_41","unstructured":"Zia, T., Liu, P., and Han, W. (September, January 29). Application-specific digital forensics investigative model in internet of things (IoT). Proceedings of the 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy."},{"key":"ref_42","unstructured":"Surange, G., and Khatri, P. (2021, January 17\u201319). IoT Forensics: A Review on Current Trends, Approaches and Foreseen Challenges. Proceedings of the 2021 8th International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Le, D.-P., Meng, H., Su, L., Yeo, S.L., and Thing, V. (2018, January 28\u201331). BIFF: A blockchain-based IoT forensics framework with identity privacy. Proceedings of the TENCON 2018\u20132018 IEEE Region 10 Conference, Jeju, Republic of Korea.","DOI":"10.1109\/TENCON.2018.8650434"},{"key":"ref_44","unstructured":"James, J. (2024, August 10). DFRWS Forensic Challenge 2017\u20132018. Available online: https:\/\/jijames.github.io\/DFRWS2018Challenge\/."},{"key":"ref_45","first-page":"301210","article-title":"The complexity of internet of things forensics: A state-of-the-art review","volume":"38","author":"Lutta","year":"2021","journal-title":"Forensic Sci. Int."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"346","DOI":"10.1016\/j.patrec.2020.07.009","article-title":"Security in Smart Cities: A Brief Review of Digital Forensic Schemes for Biometric Data","volume":"138","author":"Ross","year":"2020","journal-title":"Pattern Recognit. Lett."},{"key":"ref_47","first-page":"301470","article-title":"A systematic literature review of blockchain-based Internet of Things (IoT) forensic investigation process models","volume":"42","author":"Akinbi","year":"2022","journal-title":"Forensic Sci. Int."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"100129","DOI":"10.1016\/j.iot.2019.100129","article-title":"A Survey on Internet of Things Security: Requirements, Challenges, and Solutions","volume":"14","author":"HaddadPajouh","year":"2019","journal-title":"Internet Things"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1016\/j.diin.2019.03.002","article-title":"A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics","volume":"29","author":"Sayakkara","year":"2019","journal-title":"Digit. Investig."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/16\/5210\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T15:35:13Z","timestamp":1760110513000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/16\/5210"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,12]]},"references-count":49,"journal-issue":{"issue":"16","published-online":{"date-parts":[[2024,8]]}},"alternative-id":["s24165210"],"URL":"https:\/\/doi.org\/10.3390\/s24165210","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,8,12]]}}}