Tina, you're a DPhil student in Cyber Security at the University of Oxford. What was it that first sparked your interest in digital forensics and cyber security?
I first became interested in forensics when in college, I have always had an interest in science and law subjects and found forensic science a good combination of these.I found the CSI programs fascinating and this encouraged me to take my degree in Forensic Science.
Whilst at university my interest in computing developed when I built my own PC and setup a home network, this prompted me to undertake a master’s in Digital Forensics and computer security.
Your current project focuses on the Internet of Things – where did you get the idea for it?
I worked at Airbus cyber security and digital forensics research lab where I focussed on developing forensic tools and methods for SCADA/ICS forensics. Having already a knowledge in SCADA/ICS forensics meant that I took an interest in non-traditional forensics. The Internet of Things (IoTs) has been a hot topic not just in the specialist press but also in the general media.
My interest in the topic grew gradually as I read more about the various security threats to IoT devices. I found the digital forensic landscape has changed from just carrying out a forensic investigation on a single component to looking at a chain of interconnected devices and services.
Can you briefly outline for us what your project entails?
I previously looked at developing novel methods to extract records stored on smart blood pressure monitors (BPM). There are currently no forensic tools or methods to extract data from smart BPMs. BPMs are capable of storing records that can contain useful information in a criminal investigation. Investigators could use the method to acquire from a range of smart health care devices for example to debate the users’ movements, time of death, etc.
I am currently conducting an online survey to investigate the understandings and interpretations of IoT forensics and to identify the research challenges faced by current forensic specialists. We want to gain an insight into what investigators consider as an IoT device, what they believe the main issues are, and research areas IoT forensics should focus on.
What's the most outlandish IoT-related investigation story you've heard so far?
We have yet to see many actual IoT investigations, but with more lightbulbs, refrigerators, sex toys, pet feeders, etc. being connected to the internet we will expect to see more bizarre forensic investigations. Researchers have already discovered that the We-Vibe sex toys collect data, which could potentially be useful in a forensic investigation to create a timeline of events.
In your opinion, what are some of the challenges associated with IoT investigations, and what might we do to address them?
Research in this area is still at an early stage and is mostly theoretical. One challenge is understanding the complex interconnections between IoT devices and where they store data. We are not only looking at the IoT device itself but we also have to consider other components. In a smart home we now have devices that are able to be a “digital witness” to events. The challenge for investigator is to find ways to access this data in a forensic manner.
The IoT survey I am currently conducting will help establish better understanding of the issues in IoT forensics a forensic investigator faces, to help develop tools, legal procedures methods, etc.
What other areas of digital forensics are you interested in?
I mentioned before I am interested in non-traditional forensics and I have also taken an interest in drone forensics. It will be interesting to see how this research area is developing with the increasing use of consumer drones. Drones can be misused to carry out illegal activities; most recently in the media where a drone crashed into a nuclear power station, this obviously poses a threat to public and national security. So it is interesting what forensic artefacts are left on the intercepted drone and whether ownership can be established.
Finally, when you're not researching, what do you enjoy doing in your spare time?
In my spare time I enjoy hiking in South Wales, recently I have been following the vale trails which takes you to interesting historical points. I also enjoy archery: having taken this up at university I have now joined a local archery club.
Find Tina's survey about Internet of Things forensics here.
Tina Wu completed her MSc in Forensic Computing and Security at the University of Derby. She then joined Airbus Group as a Research Engineer focusing on research in cyber security and forensics in industrial control systems. Her research interests are in forensics and monitoring of industrial control systems with a focus on live memory forensics, novel attack detection methods, malware analysis, side channel attacks and the Internet of Things (IoT). Now she is a DPhil student at Oxford’s CDT in Cyber Security, her research focuses on developing and improving the digital forensic process in the IoT.