Digital forensic practitioners face two key challenges when investigating Internet of Things devices. One is the need to reverse engineer a plethora of different devices and the other is the volatility of device data, including deleted data. This chapter attempts to address these challenges by focusing on the extraction of Internet of Things device data from the cloud by leveraging private application programming interfaces, an area that is relatively understudied in digital forensics. Specifically, this chapter presents the results of a study of decrypted traffic between six Android mobile apps (not the Internet of Things devices) and their respective cloud systems. The study results point to the feasibility of the approach and highlight the challenge involved in discovering additional application programming interface endpoints in a non-intrusive manner.

It is generally agreed that logs are necessary for understanding cyberattacks post-incident. However, little is known about what specific information logs should contain to be forensically helpful. This uncertainty, combined with the fact that conventional logs are often not designed with security in mind, often results in logs with too much or too little information. Events in one log are also often challenging to correlate with events in other logs. Most previous research has focused on preserving, filtering, and interpreting logs, rather than addressing what should be logged in the first place. This paper explores logging sufficiency through the lens of Digital Forensic Readiness, and highlights the absence of causal information in conventional logs. To address this gap, we propose a novel logging system leveraging “gretel numbers” to track causal information—such as attacker movement—across multiple applications in a tamper-resistant manner. A prototype, implemented using the Extended Berkeley Packet Filter (EBPF) and an Nginx web server, shows that causality tracking imposes minimal resource overhead, though log size management remains critical for scalability.

Spatial landmarks are crucial in describing histological features between samples or sites, tracking regions of interest in microscopy, and registering tissue samples within a common coordinate framework. Although other studies have explored unsupervised landmark detection, existing methods are not well-suited for histological image data as they often require a large number of images to converge, are unable to handle nonlinear deformations between tissue sections and are ineffective for z-stack alignment, other modalities beyond image data or multimodal data. We address these challenges by introducing effortless landmark detection, a new unsupervised landmark detection and registration method using neural-network-guided thin-plate splines. Our proposed method is evaluated on a diverse range of datasets including histology and spatially resolved transcriptomics, demonstrating superior performance in both accuracy and stability compared to existing approaches. Effortless landmark detection is an unsupervised deep learning-based approach that addresses key challenges in landmark detection and image registration for accurate performance across diverse tissue imaging datasets.

Connected devices have become an integral part of modern homes and household devices, such as vacuum cleaners and refrigerators, are now often connected to networks. This connectivity introduces an entry point for cyber attackers. The plethora of successful cyber attacks against household IoT indicates that the security of these devices, or the security of applications related to these devices, is often lacking. Existing penetration testing studies usually focus on individual devices, and recent studies often mention the need for more extensive vulnerability assessments. Therefore, this study investigates the cyber security of devices commonly located in connected homes. Systematic penetration tests were conducted on 22 devices in five categories related to connected homes: smart door locks, smart cameras, smart car adapters/garages, smart appliances, and miscellaneous smart home devices. In total, 17 vulnerabilities were discovered and published as new CVEs. Some CVEs received critical severity rankings from the National Vulnerability Database (NVD), reaching 9.8/10. The devices are already being sold and used worldwide, and the discovered vulnerabilities could lead to severe consequences for residents, such as an attacker gaining physical access to the house. In addition to the published CVEs, 52 weaknesses were discovered that could potentially lead to new CVEs in the future. To our knowledge, this is the most comprehensive study on penetration testing of connected household products.