The widespread deployment of Consumer Internet of Things devices in proximity to human activities makes them digital observers of our daily actions. This has led to a new field of digital forensics, known as IoT Forensics, where digital traces generated by IoT devices can serve as key evidence for forensic investigations. Thus, there is a need to develop tools that can efficiently acquire and store network traces from IoT ecosystems. This paper presents IoTScent, an open-source IoT forensic tool that enables IoT gateways and Home Automation platforms to perform IoT traffic capture and analysis. Unlike other works focusing on IP-based protocols, IoTScent is specifically designed to operate over IEEE 802.15.4-based traffic, which is the basis for many IoT-specific protocols such as Zigbee, 6LoWPAN and Thread. IoTScent offers live traffic capture and feature extraction capabilities, providing a framework for forensic data collection that simplifies the task of setting up a data collection pipeline, automating the data collection process, and providing ready-made features that can be used for forensic evidence extraction. This work provides a comprehensive description of the IoTScent tool, including a practical use case that demonstrates the use of the tool to perform device identification from Zigbee traffic. The study presented here significantly contributes to the ongoing research in IoT Forensics by addressing the challenges faced in the field and publicly releasing the IoTScent tool.

翻译：消费类物联网设备在人类活动附近的大规模部署，使其成为我们日常行为的数字观察者。这催生了数字取证的一个新领域——物联网取证，其中物联网设备生成的数字痕迹可作为取证调查的关键证据。因此，需要开发能高效获取和存储物联网生态系统网络痕迹的工具。本文提出IoTScent——一款开源物联网取证工具，使物联网网关和家庭自动化平台能够执行物联网流量捕获与分析。不同于其他聚焦于基于IP协议的研究，IoTScent专为处理基于IEEE 802.15.4的流量而设计，该协议是Zigbee、6LoWPAN和Thread等众多物联网专用协议的基础。IoTScent提供实时流量捕获与特征提取能力，构建了取证数据采集框架，可简化数据采集管道的搭建流程、自动化数据收集过程，并提供可直接用于取证证据提取的预制特征。本文对IoTScent工具进行了全面描述，并通过实际用例展示了该工具在Zigbee流量中进行设备识别的应用。本研究通过解决该领域面临的挑战并公开发布IoTScent工具，为物联网取证的持续研究做出了重要贡献。