i. there could be hundreds of sensors and control devices which make it difficult and time consuming for investigators to identify all evidences 3, and in some cases evidences could be invisible like when sensors are embedded in human body, or when data is read by sensors belong to other parties (Mobility of IoT) , second scenario if the evidences are located in the cloud where evidences could be distributed over multiple location and multiple servers 4, which arise new challenges to the investigator of how to locate and aggregate these evidences.
ii. The generated data from IoT devices comes in many standards, non-standard and mix formats, the source of data would be single or multiple sensors, which force the investigator to deal with multiple formats of data that came from different sources 5, besides that, and during of the data journey from IoT devices to the cloud, data could be processed many times by multiple devices and in different formats some of them could be proprietary and could be duplicated.
iii. Typically, IoT devices have limited storage space, which means data would not be stored there for long time, instead of that data would be transmitted to the cloud service using protocol like (HTTPS, XMAPP, CoAP, MQTT, AMQP) 6 for more analysis and longtime storage this would arise the following challenges: –
1- Evidences could be overwritten in IoT devices if the connection between the IoT devices and cloud service lost for long time 3.
2- Evidences that are stored in cloud could be located in different countries which means different laws and procedures followed in DFI 7, even if there are agreements between the involved countries the time between issuing a traditional warrant and beginning the investigation could be long enough to damage, overwritten or change the consistency of evidences.
3- Evidences stored either in local IoT devices or in the Cloud could be encrypted 8.