IoT forensics: Exploiting unexplored log records from the HIKVISION file system |
| |
| Authors: | Evangelos Dragonas MSc Costas Lambrinoudakis PhD Michael Kotsis MSc |
| |
| Institution: | 1. Department of Digital Systems, University of Piraeus, Attica, Greece;2. Department of Informatics and Computer Engineering, University of West Attica, Attica, Greece |
| |
| Abstract: | CCTV surveillance systems are IoT products that can be found almost everywhere. Their digital forensic analysis often plays a key role in solving crimes. However, it is common for these devices to use proprietary file systems, which frequently hinders a complete examination. HIKVISION is a well-known manufacturer of such devices that typically ships its products with its proprietary file system. The HIKVISION file system has been analyzed before but that research has focused on the recovery of video footage. In this paper, the HIKVISION file system is being revisited regarding the log records it stores. More specifically, these log records are thoroughly examined to uncover both their structure and meaning. These unexplored pieces of evidence remain unexploited by major commercial forensic software, yet they can contain critical information for an investigation. To further assist digital forensic examiners with their analysis, a Python utility, namely the Hikvision Log Analyzer, was developed as part of this study that can automate part of the process. |
| |
| Keywords: | CCTV DVR HIKVISION HIKVISION file system Hikvision log analyzer HIKVISION log records IoT forensics NVR |
|
|
