The Internet of Things (IoT) has boomed in recent years, with an ever-growing number of connected devices and a corresponding exponential increase in network traffic. As a result, IoT devices have become potential witnesses of the surrounding environment and people living in it, creating a vast new source of forensic evidence. To address this need, a new field called IoT Forensics has emerged. In this paper, we present \textit{CSI Sniffer}, a tool that integrates the collection and management of Channel State Information (CSI) in Wi-Fi Access Points. CSI is a physical layer indicator that enables human sensing, including occupancy monitoring and activity recognition. After a description of the tool architecture and implementation, we demonstrate its capabilities through two application scenarios that use binary classification techniques to classify user behavior based on CSI features extracted from IoT traffic. Our results show that the proposed tool can enhance the capabilities of forensic investigations by providing additional sources of evidence. Wi-Fi Access Points integrated with \textit{CSI Sniffer} can be used by ISP or network managers to facilitate the collection of information from IoT devices and the surrounding environment. We conclude the work by analyzing the storage requirements of CSI sample collection and discussing the impact of lossy compression techniques on classification performance.

翻译：物联网（IoT）近年来蓬勃发展，联网设备数量持续增长，网络流量也呈指数级增加。因此，物联网设备已成为周围环境和居住者的潜在见证者，产生了大量新的取证证据来源。为满足这一需求，新兴的“物联网取证”领域应运而生。本文介绍了一款名为\textit{CSI Sniffer}的工具，它集成在Wi-Fi接入点中，用于收集和管理信道状态信息（CSI）。CSI是一种物理层指标，可实现人体感知，包括占用监测和活动识别。在描述工具架构与实现后，我们通过两个应用场景展示其能力：基于从物联网流量中提取的CSI特征，采用二元分类技术对用户行为进行分类。结果表明，该工具通过提供额外的证据来源，可增强取证调查的能力。集成\textit{CSI Sniffer}的Wi-Fi接入点可供互联网服务提供商或网络管理员使用，以促进从物联网设备及周围环境中收集信息。最后，我们分析了CSI样本采集的存储需求，并讨论了有损压缩技术对分类性能的影响。