The Internet of Things is in constant growth, with millions of devices used every day in our homes and workplaces to ease our lives. Such a strict coexistence between humans and smart devices makes the latter digital witnesses of our every-day lives through their sensor systems. This opens up to a new area of digital investigation named IoT Forensics, where digital traces produced by smart devices (network traffic, in primis) are leveraged as evidences for forensic purposes. It is therefore important to create tools able to capture, store and possibly analyse easily such digital traces to ease the job of forensic investigators. This work presents one of such tools, named Feature-Sniffer, which is thought explicitly for Wi-Fi enabled smart devices used in Smart Building/Smart Home scenarios. Feature-Sniffer is an add-on for OpenWrt-based access points and allows to easily perform online traffic feature extraction, avoiding to store large PCAP files. We present Feature-Sniffer with an accurate description of the implementation details, and we show its possible uses with practical examples for device identification and activity classification from encrypted traffic produced by IoT cameras. We release Feature-Sniffer publicly for reproducible research.

翻译：物联网正处于持续增长之中，每天有数百万设备在我们的家庭和工作场所中使用以方便我们的生活。人类与智能设备之间如此紧密的共存，使得后者通过其传感器系统成为我们日常生活的数字见证者。这开启了一个名为物联网取证的数字调查新领域，其中智能设备产生的数字痕迹（尤其是网络流量）被用作取证目的的证据。因此，创建能够轻松捕获、存储并可能分析此类数字痕迹的工具对于简化取证调查人员的工作至关重要。本文介绍了其中一种名为Feature-Sniffer的工具，该工具专门针对智能建筑/智能家居场景中支持Wi-Fi的智能设备而设计。Feature-Sniffer是基于OpenWrt的接入点的插件，能够轻松进行在线流量特征提取，避免存储大型PCAP文件。我们详细描述了Feature-Sniffer的实现细节，并通过实际示例展示了其在由物联网摄像头产生的加密流量中进行设备识别和活动分类方面的可能用途。我们公开发布Feature-Sniffer以促进可重复研究。