Internet of Things (IoT) is the utmost assuring framework to facilitate human life with quality and comfort. IoT has contributed significantly to numerous application areas. The stormy expansion of smart devices and their credence for data transfer using wireless mechanics boost their susceptibility to cyberattacks. Consequently, the cybercrime rate is increasing day by day. Hence, the study of IoT security threats and possible corrective measures can benefit researchers in identifying appropriate solutions to deal with various challenges in cybercrime investigation. IoT forensics plays a vital role in cybercrime investigations. This review paper presents an overview of the IoT framework consisting of IoT architecture, protocols, and technologies. Various security issues at each layer and corrective measures are also discussed in detail. This paper also presents the role of IoT forensics in cybercrime investigation in various domains like smart homes, smart cities, automated vehicles, and healthcare. The role of advanced technologies like artificial intelligence, machine learning, cloud computing, edge computing, fog computing, and blockchain technology in cybercrime investigation is also discussed. Lastly, various open research challenges in IoT to assist cybercrime investigation are explained to provide a new direction for further research.

1. Introduction

The term “Internet of Things” (IoT) characterizes the network of devices—“things”—which are equipped with different types of sensors, advanced technologies, and software. Although the concept of IoT was introduced by Kevin Aston in the year 1999, it developed very briskly only in the last few years and has become one of the most prominent technologies of this era [1, 2]. Smart devices and things have the features to gather, process, and communicate data to deliver several services and applications for the convenience of users [35]. Consequently, it is not a single technology but a strong merger of 5G and beyond, big data, artificial intelligence, edge computing, FinTech, and cloud computing [6] (as shown in Figure 1, which represents IoT as a conflux of technologies).

In a short period, IoT has been deployed in many domains. Their applications range from simple household devices to very complex and sophisticated industrial equipment and machines. Smart healthcare, supply chains, smart farming, unmanned vehicles, smart homes, underwater IoT sensors, smart cars, smart grids, and smart industries are some of the areas that have benefitted the most from IoT (as shown in Figure 2) [7, 8]. IoT has also transformed a wide range of objects into devices that provide more lifestyle-friendly digitized services [9].

As all the smart devices are connected through cyberspace, an increase in their number has also widened the attack surface for cybercrime. Although the domain of cybersecurity benefitted from its involvement with IoT devices, it also introduced different types of security issues [10]. A sharp hike is observed in the statistics of security attacks and cybercrimes across the world based on the reports published by the Internet Crime Complaint Centre (IC3) in the year 2019 (as shown in Table 1). From the year 2015 to 2020, a total of 3,919,014 complaints have been received, which caused a total loss of $23.5 billion. Based on the facts published by IC3, India is 3rd in the list of the top 20 countries that were victims of cybercrimes [11].

The era of IoT-enabled devices is blooming expeditiously. This rapid development is introducing both opportunities and obstacles for the identification of physical and cyber threats [12]. These attacks are malignant actions intended to damage significant data and information and to disturb important services [13, 14] in different types of IoT devices equipped with sensors [15]. IoT-enabled devices facilitate the process of cybercrime detection but are themselves prone to cyber threats. One workable security solution lies at the manufacturer’s end. At the time of design and development of smart devices and applications, it is necessary to practice secure technologies and protocols. However, IoT-enabled devices provide an increased attack surface for cyber threats due to indigent security measures. Security threats are severely tormenting versatile IoT systems. The level of the security threats in the IoT domain may be even life threatening.

Data from the main academic databases have been collected to study the scope of potential research in the domain of cybersecurity in IoT [16]. Figure 3 depicts the number of research papers referred to in the survey related to security issues in IoT from the year 1998 to 2020. As analyzed, this area of research has gained a lot of importance in the last decade.

Keeping in view the relevance of the domain and the need of the hour, in this paper, we discuss IoT architecture, security systems, and potential IoT security threats that may cause cybercrimes to occur. IoT forensics and its contribution to crime investigation are also discussed in detail. Table 2 presents the merits of this survey in comparison to the latest existing surveys. It visualizes the novelty of this survey as much emphasis is focused on cybercrimes, patents reported, and real-time applications developed to mitigate the problems occurring due to cybercrimes in IoT devices.

In the remainder of this paper, Section 2 is focused on the various types of risks associated with the IoT environment. Existing work on IoT security and cybercrime and the scope of this survey are presented in Section 3. Section 4 is focused on the IoT framework and applications. The role of digital forensics in cybercrime investigation is elaborated in Section 5. Section 6 presents the role of advanced technologies in IoT security. To provide a new direction to researchers, open research challenges in this domain are discussed in Section 7. The paper is then concluded in Section 8.

2. Risks in IoT

The IoT evolution is prone to cause a diversity of ethical problems in society like unauthorized access to confidential information, privacy breach, misuse of secret data, and identity theft. Although these problems were already existing in the era of the internet and Information and Communication Technology (ICT), they have become more dominant in IoT systems [17]. Figure 4 describes several potential risks associated with IoT.

2.1. Privacy Facet

The confidentiality of users and the secrecy of the data generated from numerous business processes are the major areas of concern linked to the IoT [18]. The dominant usage of versatile devices with poor security mechanisms leads to mismanagement of the IoT system [19]. To handle the security issues related to data generated by the IoT devices, there is a requirement for advanced cryptography techniques. However, these techniques should be energy optimized and have the potential to synchronize with the dynamism of smart devices [20]. With the advancement in IoT, many of the following privacy issues evolved [17] [21]: (i)Data captivity: a few moralistic questions related to user data remain unanswered, such as generating unlawful leverage and hard competition. These issues are essential to evade consumer captivity through data [22](ii)Data integrity: the consistency and accuracy of the data are the primary requirements for the integrity of the data in IoT devices. Maintaining data integrity is the main motive of enterprise security solutions as compromising data integrity can lead to the loss of sensitive data. Data integrity is necessary for reusability, searchability, recovery, and traceability of the data(iii)Data security: the data must be secured from illegitimate usage on the devices as well as during transmission in the IoT environment. The diversity of the IoT devices and the different communication modes cause a challenge for data security protocols, which is the root cause of security breaches [23]. Another major threat to data security are the various applications using this data which expose the personal information of the user to cyberattacks(iv)Data sensitivity: several applications collect a user’s personal information sometimes even without the user’s knowledge. Therefore, the sensitivity of the data is a major area of concern. The major risks associated with this data are the frame of reference of usage of this data. Consequently, there should be some security protocols for context-aware data collection and usage [24](v)Protocol security: because of the versatility of devices and collaborators convoluted in the stationing of IoT, the biggest challenge is the applicability of law and regulations for the formation of authentic protocols for communication in the IoT. As the IoT systems are evolving day by day and becoming global, there is also a clear possibility of the applicability of multiple legislations. Besides, this is an important area for awareness among users, IoT manufacturers, and law builders(vi)Network security: the network plays a vital role in the security of IoT devices. The IoT device is connected to the network for data and workload. This data can become an easy target for hackers or attackers who can compromise the whole system. It is necessary to adapt and devise effective methods to protect the network to which the IoT device is connected(vii)Device-level security: the security of an IoT device is considered at the beginning of its design. To ensure the secure implementation of an IoT device, a secure architecture is deployed. During the manufacturing of an IoT device, care is taken in terms of secure digital device IDs. The credentials used should be those that can be trusted to tackle various attacks like data and device cloning, data tampering, or any other misuse(viii)Boot strapping: bootstrapping refers to any process which occurs before any IoT device becomes operational. Bootstrapping is necessary for the IoT devices of the present generation. The time of bootstrapping in the initial configuration of an IoT device plays a vital role. Therefore, the bootstrapping process in IoT devices should be a highly secure process(ix)Availability: the blending of IoT in services related to health, security, etc. has made the continuous availability of these services a critical issue. Many people are heavily dependent on the IoT devices utilized to provide these services. Therefore, any loss to these services will severely impact human life(x)Data authenticity: ownership of the collected user data is a major unaddressed issue in IoT along with data management. Once the user stops using the service, the personal information remains with the service provider and can be sold to generate revenue(xi)Application security: the applications designed for various IoT devices are also vulnerable to different types of attacks. It is necessary that the application should be secure and defensive in nature to counterattack the attackers and malwares. There are different types of attacks which can intrude in the architecture of an IoT device like DDoS, spam attack, message interception through a spyware, a vulnerable 3pp library, and injection attacks(xii)Traceability: in an IoT environment, users must have the right to pass consent to provide personal information to numerous real-life services. The implemented security protocols and mechanisms should ensure user identification on the network, but restrict the user traceability to attackers from personal information [25, 26]

2.2. Security Facet

The security of a computer system encompasses various methods and techniques that safeguard all kinds of resources from illegitimate access. Resources may include hardware, software, and data, whereas illegitimate access may include unauthorized usage or damage to resources. In IoT systems, security aspects focus on architecture, the security model of every device, bootstrapping, network security, and application security [27]. Security architecture demonstrates the various system components involved in ensuring the security of an IoT device. The security model of each device focuses on the implementation of security methods and criteria along with the management of various applications. Network security deals with the reliable functioning of IoT. Online application security is all about the authentication of various things on the network for communication and exchange of data. Network security is highly dependent on the internet, which is an anxious media of data exchange and leads to a large possibility of data stealing. The deployment of IoT is dependent on the internet and computer networks. Consequently, it is affected by all security issues related to computer networks as well as the internet. Before using IoT devices, all stakeholders should analyze the associated risks related to the security and privacy of the user information. Accordingly, more sophisticated security policies must be designed by governing organizations.

2.3. Cybercrime

Like any other crime, cybercrime may have a variety of aspects and may be committed in different plots. Several definitions of cybercrime are available, given from different aspects, i.e., sufferers, protector, or viewer. According to the definition given by Marion [28], cybercrime is an action in which computers or computer networks are used as a means, purpose, or platform to execute some criminal act. It may consist of some information theft or usage of computers to do some other criminal activity. The Council of Europe’s Cybercrime Treaty defines cybercrime as any act of data content or copyright transgression. The “Manual on the Prevention and Control of Computer-Related Crime” by the United Nations defines cybercrime as illegitimate access, deceit, and falsification. According to Gordon and Ford, cybercrime is any criminal activity performed on a computer, hardware resource, or network. The Council of Europe’s Convention on Cybercrime classifies criminal acts into four classes: (1) breaches of data, secrecy, integrity, and hardware resources; (2) computer-centered crimes; (3) content-related crimes; and (4) copyright-related crimes. However, these classifications are over the line for some parameters. According to another classification given by Saini et al. [29], cybercrimes are categorized as data crimes, network crimes, access crimes, and content-related crimes. Data crimes consist of data stealing, data interception, and data modification. Network crimes include unwanted interference in the functioning of computer networks to breach data transmitted over the network. Content-related crimes include infringement of ownership and spontaneous cyber hazards. Another explanation of cybercrime is demonstrated by Zhang et al. [30]; according to them, all crimes in which machines or networks are used as aids, targets, or the place of crime and any conventional crime executed with computer resources are considered cybercrime. Generally, ICT boosts the rate as well as the domain of criminal actions. The location of crime acts as a catalyst for criminal activities [31]. Internet is also a large platform for criminal acts as it was not initially deployed with highly secure protocols. As IoT systems are implemented on the ceiling of the present internet framework, the associated cybercrime issues remain unresolved. Lastly, the large base of the cyber framework enhances the inclination not to reveal these criminal acts to the public as the criminal acts are executed using virtual methods.

3. Existing Work on IoT Security and Cybercrime

In the last few years, several surveys have been conducted to impress upon the improvements and research carried out in the IoT systems. In these survey papers, the focus is on the fundamental aspects of IoT. Along with IoT, security issues are also discussed in some of these surveys. There are few dedicated survey papers on IoT security and privacy contention. In the surveys published in the years 2010-2020, Atzori et al. [32] discussed the security and privacy aspects of IoT. In the field of security, the main attention is given to authentication and data integrity, and the scope of research is discussed. In the privacy aspect, the authors suggested limiting access to personal data. However, this survey highlights incomplete facts regarding security challenges in IoT. Miorandi et al. [33] assumed the implementation of IoT at three fundamental levels, i.e., communication, identification, and interaction. The authors highlighted the possibility of many security challenges in IoT but proposed research on three main issues: the privacy of users, data secrecy, and trust. Many burning issues related to IoT security like access control, data integrity, and authentication of the user are not discussed in detail [34]. Gubbi et al. [35] discussed security and privacy in the contexts of user identification and authentication, data integrity, and privacy in general. The authors introduced the cloud-based IoT paradigm. On the same grounds, few technologies are introduced along with the domains of application of each technology.

In [36], Aggarwal et al. discussed a security prospectus exclusively from a privacy perspective, whereas other security challenges in IoT platforms are not discussed. Said [37] discussed various IoT architectures along with research issues. In this survey, only challenges faced in physical security and privacy are explored. Moreover, security issues are discussed without giving any viable solutions. Perera et al. [38] elaborated that security and privacy challenges are handled at the middleware level in the IoT framework and at different layers. In this survey, security is expressed as a normal issue and the authors did not pay any special attention to the research in the field. Granjal et al. [39] presented an in-depth review of the different security mechanisms and protocols of the time for communication among smart devices. The authors also highlighted the available scope of research. However, on the negative side, the authors did not consider all security standards in their survey but focused on only a few. Sicari et al. [40] reviewed security from three different angles: security requirements, privacy, and trust. Under security requirements, the authors explored the issues related to access control, confidentiality, and authentication. The biggest drawback of this work is the inadequacy of the categorization of research activities in the IoT security paradigm. Abomhara and Køein [41] reviewed the security threats along with the security and privacy research challenges in their paper. They stressed research issues like interoperability of diverse IoT devices and authorization.

Mahmoud et al. [42] surveyed IoT security principles. The authors also presented various security issues along with corrective measures. The need for advanced technologies to tackle hardware, software, user identification, and wireless communication issues is also discussed. Pescatore and Shpantzer [43] presented the viewpoint of people actively involved in the research of IoT security issues along with the future prospects in the field. They also highlighted that IoT developers should focus more on security issues instead of other ICT systems. Gil et al. [44] reviewed various technologies and security models in the context of data-related challenges. The authors impressed upon the collaboration of social networks and IoT and introduced a new concept of the Social Internet of Things (SIoT). IoT security is discussed but the concept of cybersecurity in IoT is not touched. Muhammad et al. [45] discussed the various possible attacks in IoT systems. The authors also highlighted the security and privacy challenges faced in the IoT environment by the various sensor nodes. In this survey, the requirements of secure end-to-end communication among smart devices using efficient encryption and authentication methods are suggested. Vignesh and Samydurai [46] reviewed the three-layered architecture of IoT comprised of the application, network, and perception layers, along with the different types of security threats at these layers. They explained the effect of wireless signals, movement of IoT in the external environment, and the dynamism of the network model as the major challenges at the perception layer. At the network layer, the major highlighted challenges are DoS and Man-in-the-Middle attacks. The major issue that persists at the application layer is the variety of application policies.

Razzaq et al. [47] surveyed the different security requirements of an IoT system. The authors categorized the various IoT attacks into four classes: low level, medium level, high level, and extremely high level. They also suggested the possible ways out in handling these attacks. Maple [48] discussed the role of IoT devices in various domains like autonomous vehicles, health, industry 4.0, logistics, smart grid, agriculture, homes, offices, and entertainment. Along with the security, threats in all these application areas are also reviewed. They highlighted the security issues related to the physical limitations of the things, the versatility of the devices, authentication, authorization, and implementation. Various issues related to the privacy of the users are also discussed in this survey. Rughani [49] presented the various challenges faced by crime investigators to collect pieces of evidence from the smart IoT devices available at crime scenes. The author impressed upon the need for corrective measures for the issues to help in crime investigation and make the process easy. Corser et al. [50] discussed that to make the IoT systems more secure, the security of smart devices and networks needs to be improved. To improve device-level security, protection of data and dynamic testing play a major role. To make communication networks more reliable, there is a requirement for authentication, secure protocols, network division, and organization. Burhan et al. [51] presented a detailed survey on the different layers of the IoT architecture along with the potential attacks at each layer. The authors also reviewed various available mechanisms to handle these attacks and their limitations. Security issues in various IoT technologies like sensors, ZigBee, Bluetooth, RFID, Wi-Fi, and 5G networks are discussed in detail.

Noor and Hassan [52] presented the primary objectives of IoT system security. The authors highlighted that the privacy of the user and the security of the data and infrastructure are the main challenges in the IoT environment. The authors also reviewed various tools and simulators to implement IoT security mechanisms. MacDermott et al. [53] highlighted the sharp increase in the usage of digital forensics for crime investigation. The authors also highlighted that the reason for this rise is the increase in smart devices. To cope up with this change, there is a need for regular development in the techniques used for crime investigation. The authors also reviewed various forensic handling methodologies. Riahi Sfar et al. [54] presented three different aspects, i.e., privacy, trust and identification/authentication of IoT security. Under these three aspects, various open research issues like standardization of security mechanisms, reduction in the amount of data transmitted among smart devices, implementation of trust mechanisms to safeguard users and services, implementation of a global identification mechanism for things, and automatic discovery of devices in the IoT environment are highlighted.

Neshenko et al. [55] presented an exhaustive survey on IoT vulnerabilities. The need for the endorsement of different advanced technologies like blockchain, deep learning, and cloud paradigms is stressed in IoT security implementation. Various research aspects highlighted in the survey are the requirement of global device identification mechanisms, the need for more security-centric awareness among IoT users, the requirement of more mature security protocols, and the adoption of secure IoT application development processes. Zhou et al. [56] reviewed four main features of IoT: interdependence, diversity, constraint, and myriad. Consequently, the open research issues for these have also been discussed. It is spotlighted in the survey that in IoT systems, the devices are interdependent, so focusing on security mechanisms by considering each device as a standalone will not provide a secure IoT environment. Detection of viruses in IoT devices is also highlighted as an open research challenge in this survey. The issue of sensitivity of the user’s personal information is also an area of major concern for academicians and researchers. Lu and Xu [11] elaborated that the privacy and security of IoT systems is the biggest research challenge. The authors presented a detailed review of the state-of-art research going on in cybersecurity. IoT architecture for cybersecurity is discussed in detail. Lastly, the major research challenges of the domain are also presented. Aydos et al. [57] classified IoT vulnerabilities depending upon the types of attack in four different layers: physical layer, network layer, data processing layer, and application layer. Depending on these vulnerabilities, the authors proposed a risk-based security model to evaluate each discussed layer of the IoT architecture. Nasiri et al. [58] surveyed the security needs of an IoT-dependent health care system. They classified it into two categories: cybersecurity and cyber resilience. Under cybersecurity, the various features of confidentiality, integrity, availability, identification, authentication, authorization, privacy, accountability, nonrepudiation, auditing, and data freshness are elaborated. Under cyber resilience, safety, survival, performance, reliability, maintenance, and information security are discussed in detail. Tabassum et al. [59] reviewed various IoT security challenges. The authors also demonstrated the role of IoT in industry. This study presented how the security issues of individual devices/things used at each layer in the IoT architecture can affect the security of an IoT system.

Servida and Casey [12] presented a detailed study of the vulnerabilities of smart devices. The authors discussed how these vulnerabilities can cause these devices to become victims of attacks. On the positive side, it is featured that these vulnerabilities can help the investigators capture digital traces and investigate the crime. Therefore, device vulnerabilities are both challenges and opportunities in crime. Blythe et al. [60] highlighted that the IoT environment lacks security features as the devices are not manufactured with security challenges taken into consideration. It is also discussed that at some events, even users do not use the available security features of the devices due to a lack of knowledge about the customization of these features. In this work, the authors impressed on the need for the standardization of communication and security protocols in IoT systems and highlighted the need for government intervention to assure security at the device level. Adesola et al. [61] suggested a novel IoT and big data-based smart model to investigate and control criminal activities in Nigeria. The authors also developed a prototype for the model. This model is useful to keep records of criminals. Abdullah et al. [16] discussed the security aspects of IoT by focusing on cybersecurity. Open research issues related to cybersecurity are highlighted along with possible corrective measures. The authors also applied the usage of blockchain technology to strengthen the cybersecurity aspect of IoT. Butun et al. [1] presented an in-depth review of various types of security attacks in wireless sensor networks and IoT systems. Various mechanisms for the prevention and detection of these attacks are also discussed in detail. The authors categorized the IoT attacks as active and passive attacks. It is also spotlighted that passive attacks cannot be identified using any mechanism. On the other hand, active attacks violate the integrity and confidentiality of data. Active attacks also cause unauthorized access to user data.

Stoyanova et al. [62] surveyed the various available models for digital forensics. Special consideration is given to the methods which are used to extract digital data by maintaining the privacy of the users. The authors presented open research challenges in the field of digital forensics by paying special attention to the need for more advanced forensic analyzing techniques and universally acceptable protocols. Tawalbeh et al. [63] discussed the various security and privacy challenges of IoT. The authors also proposed and evaluated a cloud-based IoT security solution. Atlam et al. [64] reviewed IoT architecture and communication technologies. Various IoT security challenges and threats are also discussed. The authors also explained the role of digital forensics in crime investigation. The need for employing real-time techniques in IoT forensics is highlighted as the need of the hour. Al-Khater et al. [65] presented a detailed review of various categories of cybercrimes in detail. Various cybercrime detection techniques using statistical methods, neural networks, machine learning, deep learning, fuzzy logic, data mining, computer vision, biometrics, and forensics are also discussed. The authors proposed the requirement of cybercriminal profiling, which can be used as a data set by the investigators in the process of investigation. Table 3 presents the comparison of existing security parameters and approaches in IoT cybercrimes.

In this review, we examine the various aspects of IoT systems like architecture, protocols and technologies deployed at various layers and application domains. Potential risks and possible attacks on each layer of the IoT architecture are also discussed. We also present the various security mechanisms and their layers of implementation. Special attention is given to IoT forensics in cybercrime investigations [66, 67]. Various domains like smart homes, smart cities, automated transport, drones, and healthcare are examined to assist cybercrime investigation [68]. The role of various advanced technologies in the investigation of cybercrime is also presented. At the end of the paper, various open research challenges in an IoT environment that contribute towards the process of IoT forensic to aid the process of cybercrime investigation are presented.

4. IoT Framework and Applications

IoT is a broad network of devices connected over the internet. It has expanded very briskly in the last few years. Currently, IoT has evolved as a contemporary styled network that acts as an agent to link the real and virtual world. Application domains of IoT are expanding day by day growing from the need for smartphones to the need for different IoT devices like cameras, music players, smart watches, smart TVs, and smart VRs (as shown in Figure 5). So is the probability of cyberattacks. The fundamental characteristic of IoT applications is to gather data from smart devices and communicate over networks [69]. A gigantic volume of personalized data is gathered by various IoT applications including smart agriculture, healthcare, smart homes, and meetings [70]. This large amount of data is communicated in IoT systems and then interpreted and analyzed. In the research carried out by Cisco, it is estimated that 50 billion smart devices will be plugged into the internet in the current year. It is also predicted that because of their advanced features, smart devices will become an important part of day-to-day life in the current year [57]. It is being foreseen that the trend of using IoT systems will spike and will keep growing afterward. Due to the vast usage of IoT collected data, a new trend has started. Even data collected on smart devices in an IoT environment can be shared for usage in other real-life applications. However, the biggest challenge in the collected data is the versatility of smart devices supported in the IoT system architecture.

4.1. IoT Architecture

There is a need for an open architecture to deploy IoT systems to support diverse categories of smart devices and to administer interfacing among them. Many reviews and research articles are available demonstrating this IoT architecture [41]. Fundamentally, IoT systems are deployed on a four-layer architecture as shown in Figure 6. These four layers are the application layer, network layer, perception layer, and transport layer. This is the basic IoT architecture model which can be practiced with different IoT applications. For each layer of the IoT architecture, the possible attacks and the affected domain due to the attack are shown in Figure 6. These technologies help in the process of data collection, interpretation, analysis, and communication [71]. The different layers of the IoT architecture are characterized as follows: (i)Perception layer: in this layer, data are generated by various smart devices. Data is also gathered by these devices, which can be further communicated within the IoT environment or even to outside applications. This layer works with two types of things: IoT devices and IoT hub nodes [72]. IoT devices identify themselves in the IoT system, whereas IoT hub nodes work as gateways. The data collected through devices are transmitted through gateways [73](ii)Network layer: in this layer, communication among IoT devices and applications is managed. The mode of communication may be wired or wireless. Various network security protocols are deployed in the network layer. The IoT gateways are set up at this layer. This layer receives the data coming from the lower layer and maps to the format required by the applications running in the upper layer [74](iii)Application layer: the application layer is also interpreted as the service layer. Here, the data gathered by various devices are used, analyzed, interpreted, and presented. This layer can be customized under different policies depending upon the service administered [75](iv)Transport layer: the transport layer is responsible for end-to-end communication over the network. It also provides reliability multiplexing along with flow control. Congestion control is also performed in the transport layer [76]

4.2. Protocols

Functionalities provided by the various layers of the IoT architecture are administered by the different protocols deployed in the different layers [77]. The various protocols used at the different layers of the IoT architecture like the application layer, perception layer, network layer, and transport layer are shown in Figure 7. Various protocols deployed in the perception layer are the IEEE 802.11 series, the 802.15 series, Wireless HART (Highway Addressable Remote Transducer), etc. [75]. The IEEE 802.15.4 is used for data exchange in a long-range wireless personal area network (LR-WPAN). ZigBee and Wireless HARTs are also deployed in the IoT perception layer [78].

The protocols used in the network layer of the IoT architecture are IPv6/IPv4, 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks), and 6TiSCH (Time-Slotted Channel Hopping) developed by IETF which is an IPv6 standard for the 802.15.4 MAC layer protocols [79]. IPv6 G.9959 is an IPv6 addressing standard for the G.9959 MAC layer protocol which was designed for low-power devices in a personal area network (PAN). For real-time systems, the Data Distribution Service (DDS) is used. This protocol does not require any networking middleware and network programming, which allow the publisher to release specific information. The lightweight messaging protocol used in the application layer is MQTT (Message Queuing Telemetry Transport), and it uses machine-to-machine communication based on TCP-IP. The protocols specially designed for IoT environments, e.g., CoAP (Constrained Application Protocol) are used in the application layer for limited hardware. The hardware that does not support HTTP can use the CoAP protocol. The XML-based protocol used in the application layer is known as the Extensible Messaging and Presence Protocol (XMPP). XMPP is used for real-time instant messaging and multiparty chat. Simple or Streaming Text Oriented Messaging Protocol (STOMP) is a protocol for message-oriented middleware. It was designed to establish communication between clients and brokers [8085]. In the transport layer, Datagram Transport Layer Security (DTLS) is designed to prevent message forgery and tampering. The protocol similar to the time-division multiplexing in the transport layer is the Time Synchronized Mesh Protocol (TSMP). It was developed for intersensor communication in timeslots. The message-oriented transport layer protocol is the Stream Control Transmission Protocol (SCTP), which uses congestion control to transfer data over a network. For large packets and data, the Transmission Control Protocol (TCP) is used in the transport layer in IoT. The User Datagram Protocol (UDP) is a protocol for lesser data; it is used to send data to the server and is suitable for wireless sensor network communication. The extension of the IPv6 routing protocol is Cognitive RPL (CORPL), which was developed especially for cognitive networks. It consists of multiple forwarders with the best node selected to forward the data [8689].

4.3. IoT Application Domains

The incorporation of smart devices to gather data from our day-to-day life activities make many IoT applications feasible [41]. These applications can be categorized into different domains, summarized as follows: (i)Personal and social domain: the applications under this domain allow potential users to communicate with the environment or with other users to establish and maintain a social circle [32](ii)Mobility and transportation domain: applications falling under this domain include roads and vehicles equipped with sensors and other smart technologies which can gather traffic-related data. This data can help with traffic control and management [90]. Some of the IoT-based transport applications with outstanding performance are the Intelligent Traffic Information Service (ITIS) and the Traffic Information Grid (TIG) [91](iii)Enterprise and industrial domain: IoT applications falling under this category include smart banking, manufacturing, logistics, and industrial operations [2, 92](iv)Service and utility monitoring domain: this domain of IoT applications commonly deals with smart agriculture, environment, energy management, etc.

4.4. Supporting Technologies

For all applications falling in various IoT domains, different components of the IoT system need to stay connected at all times. This is possible only with IoT supporting technologies [41]. The progressive growth of various technologies like sensors, smartphones, and software will facilitate different things in the IoT systems to stay connected everywhere and at all times [93]. The fundamental approach to support IoT is to connect the objects in the physical world with the digital world [94]. Numerous technologies and devices for these approaches are discussed as follows: (i)Identification technologies: the fundamental identification technologies used in IoT are Radio-Frequency Identification (RFID) and Wireless Sensor Networks (WSN). These are used in the perception layer of the IoT architecture [19, 32, 92](ii)Network and communication technologies: both wired and wireless technologies (e.g., GSM, UMTS, Wi-Fi, Bluetooth, and ZigBee) permit a large number of smart devices and services to be connected [9597]. A flexible and secure IoT architecture is required for reliable communication among various wireless devices [90](iii)Hardware and software technologies: a lot of research is going on in the field of nanoelectronics to develop wide-function and economical wireless IoT systems [92]. Smart things with improved internode communication will help in the development of smart systems assisting fast application development to support various services in IoT

4.5. Security Challenges

Every layer of IoT is prone to security attacks and threats. These attacks may fall under any of the categories of active or passive and internal or external attacks [41, 42]. In passive IoT attacks, only the information transmitted on the network is observed, but the service is not affected. On the other hand, in active attacks, a service stops responding [98]. The various devices and services supported by each layer of IoT are prone to Denial of Service (DoS) attacks. Under DoS attacks, devices, services, and networks become unsalable to unauthorized users. In the same manner, Figure 8 describes the security threats faced by the perception layer, network layer, application layer, and transport layer and services supported at each layer which are discussed as follows: (i)Security threats in the perception layer: the very first issue faced by the various device nodes functioning in this layer is the intensity of the wireless signals as the signals become weaker due to environmental disturbances. The second issue is related to the physical attacks on the IoT devices as the various IoT nodes usually operate in the outdoor environment. The third issue is related to the dynamic to pology of the IoT systems which allows the frequent movement of the IoT nodes in and around the network. Different devices working in this layer use sensors and RFIDs. Because of their limited adequacy from the storage and computational point of view, these devices are prone to different kinds of security threats [41, 99]. Various kinds of devices operating in this layer are susceptible to replay attack, timing attacks, node capture attacks [45], and DoS attacks. All these security challenges can be dealt with by encryption, access control, and authentication [100](ii)Security threats in the network layer: along with the DoS attacks discussed previously, the network layer of an IoT system can also be targeted for silent monitoring, traffic analysis, and eavesdropping. The major reasons behind these attacks are the remote access and exchange of data. The vulnerability of this layer to a man-in-the-middle attack is terrific [41]. An unsecure communication channel is the root cause of eavesdropping. Communication technologies and protocols play a major role in stopping eavesdropping and further stopping identity theft. As the heterogeneity of devices is a major issue in the IoT systems, it is the biggest challenge to have more secure protocols in the network layer to deal with this diversity. Attackers also misuse the connectivity of the devices to steal user information for future attacks [101]. Along with ensuring the security of the network from the attackers, ensuring the security of the devices operating in the network is equally important. Consequently, the devices in the network must have the comprehension to safeguard themselves against network attacks. This can be obtained only with secure network protocols as well as smart applications [102](iii)Security threats in the application layer: lack of standard policies related to IoT systems causes many security challenges in the IoT applications and their development. As a variety of authentication mechanisms are used in different IoT applications, it is difficult to warrant data security and user authentication. The second major challenge is how to deal with the interaction of the user with applications, how to deal with the volume of data exchanged, and how to manage the different applications. The IoT users must be checked to confirm what they wish to share about themselves and how that information is to be used and by whom [42](iv)Security threats in the transport layer: common threats in the transport layer include cross-site scripting (XSS). In this type of attack, the malicious user injects client-side-based scripts like Java, HTML, or VBScript into a webpage that is frequently visited by the user. These scripts will be masked as valid requests between the browser (client-side) and the webserver. It can lead to data theft and manipulation. The other attacks include session hijacking, cross-site request forgery (CSRF), and Lightweight Directory Access Protocol (LDAP) injection [103]

Table 4 describes the taxonomy of various attacks and defence mechanisms at different layers of IoT devices.

4.6. IoT Security Mechanisms and Measures

Security is a demanding affair that persists in IoT systems. The benefits of the IoT system cannot be obtained without addressing different security issues [51, 104]. Various security mechanisms proposed by various researchers to safeguard different IoT applications are shown in Figure 8. Different security mechanisms used in the perception layer of the IoT systems are Encryption and Hash-based security [105, 106], Public Key Infrastructure- (PKI-) Like Protocol [107, 108], Secure Authorization Mechanism with OAuth (Open Authorization) [109, 110], Lightweight Cryptographic Algorithms [111], and Embedded Security Framework [112, 113]. The network layer of IoT is protected by the Identity Management Framework [114], Risk-Based Adaptive Framework [115], Association of SDN (Software-Defined Networking) with IoT [116], Cooperation of Node-Based Communication Protocol [117], Reputation System-Based Mechanism [118], and Cluster-Based Intrusion Detection and Prevention System [119]. Various security mechanisms implemented in the application layer of IoT are the Preference-Based Privacy Protection Method [120, 121], Access Control Mechanisms [122, 123], OpenHab Technology, IoTOne Technology [124], and Identity-Based Security [125, 126]. All these security mechanisms about the security provided by the different layers of IoT are compared in Table 5.

5. Role of Digital Forensics in Cybercrime Investigation

Although crime has always persisted in society, the aids used by criminals in committing crimes have evolved and grew more advanced with time. With the advent of technology, criminals have come up with new and technologically advanced methods to commit crimes called cybercrimes. In the past, criminal inquiries depended on the investigation of the physical evidence and crime locations along with witnesses. However, nowadays in the internet era, crime scenes may be comprised of smart IoT devices, computers, etc. [53]. Consequently, the process of criminal investigations may consist of the analysis of digital evidence [127].

5.1. Digital Forensics

Digital evidence may consist of a variety of elements. Primarily, the evidence would consist of smartphones, laptops, computers, hard drives, USB, etc. As everyone can have any of the above devices, a large volume of data will be available for analysis. However, a major hindering factor in the analysis is the variety of formats in which data is available on these different devices [53]. As there is a big change in the type of evidence with time, so there is a need for new techniques to handle this change efficiently. Just like traditional forensics, digital forensics is a domain that interprets digital data [62]. Digital forensics experts collect, preserve, and analyze digital evidence [128]. Rogers states, “The science of digital forensics has developed, or more correctly is developing; while this science is arguably in its infancy, care must be taken to ensure that we do not lose sight of the goal of the investigation process namely identifying the parties responsible” [53, 129]. During the design and development of new techniques to analyze digital evidence, it is mandatory to consider other aiding domains to develop and support in the process of the criminal investigation. A digital forensics approach deploys a framework for the techniques to be used in a digital forensics-dependent investigation [130].

5.2. IoT Forensics in Cybercrime Investigation

The IoT forensics can be observed as a subdomain of digital forensics. IoT forensics is a comparatively new and less scrutinized area. Its fundamental aim falls in line with digital forensics, i.e., to collect and analyze digital evidence legally and accurately [62]. In IoT forensics, data could be collected from sensors, IoT devices, networks, and clouds [131]. IoT forensics can be categorized as device-level forensics, network forensics, and cloud forensics, as shown in Figure 9.

The basic contrast between digital forensics and IoT forensics depends upon the devices examined in crime investigation. In digital forensics, the various devices under examination may be computers/laptops, servers, tablets, and smartphones [132]. Although IoT forensics has a wider area of applicability like smart homes, smart vehicles, drones, and general IoT systems, the published literature on the area of applicability of IoT forensics is less than that of digital forensics. (i)Smart homes: it has been observed that during criminal investigation, smart home devices can provide compromising information [133]. Usually, the main components of these devices are microphones and motion detectors. These devices play a major role in identifying the location of suspects. There are three main categories of devices to collect forensics: active, passive, and single-malicious active. In [133], two smart devices, i.e., light and bulb, have been experimented by the authors. It has been observed that a large amount of data can be collected even with these passive devices, which can help to identify the activity executed at a specific timestamp. The design of another smart home solution, i.e., the Forensics Edge Management System (FEMS), is discussed in [134]. The focus of the proposed system is to administer security in smart homes along with forensics assistance. Although it has a variety of features ranging from automatic detection to intelligence and flexibility, this system has two main limitations, i.e., complex implementation and testing. The authors in [135] presented security concerns in smart devices. It is impressive that the security threat in an IoT environment increases with an increase in the number of devices in the network. Consequently, the need for IoT forensics arises. In this case study, special attention is given to the IoT forensics in smart homes. The authors also highlighted the need for advanced IoT forensics because of the different IoT challenges. It is expected that in the coming future, smart homes will become widespread. Therefore, a seven-step methodology is proposed for easy investigation in smart home surroundings [136]. It is highlighted by the authors that the proposed framework assists in evidence collection and storage. However, it needs to be tested with a true home automation system(ii)Smart city and vehicle automation: smart cities are computerized environments, also termed cyberphysical ecosystems, that enhance the utility of traditional city infrastructure like parking spaces, power grids, and gas pipes [62, 137]. In this way, better services can be provided to the residents [138, 139]. One important example, i.e., smart parking, is an area of major concern for most city administrations and auto-tech companies [140]. The network of smart vehicles assists the exchange of information between the vehicles and the environment [132]. These smart vehicles have aided various important areas like road safety and traffic administration. However, they have also raised many issues concerning digital forensics. In a case study [141], a new framework named “Trust—Internet of Vehicles (IoV)” is proposed by the authors for dependable investigation. It assists in gathering and saving dependable evidence from a network of tremendously scattered smart vehicles [142]. This framework is also very useful in preserving evidence and assuring the integrity of the saved evidence. In [143], various threats to smart vehicles are reviewed by the authors. The authors also proposed and tested a new technique to investigate smart vehicles. However, this technique still needs to be validated with the data produced by a network of smart vehicles in an actual scenario(iii)Drone forensics: in [144], the authors proposed a new approach for the forensic analysis of data gathered through drones. The reference data used for forensic analysis were collected from the DJI Phantom III drone. Drone Open-Source Parser (DROP), a new tool to format the data and prepare for internal storage of the system, is also proposed. The authors elaborated that the drone is controlled with the help of mobile and various types of data files that are also found on the controlled mobile phone. The data collected in these files aid to identify the location, flight time, and other related information of the drone under observation. However, the main limitation of the work is that it focused only on one type of drone; so, work needs to be extended to other types too(iv)Cloud forensics: cloud forensics acts as a backbone to IoT forensics. In [145], the authors proposed a new technique to gather and analyze data from the newer BitTorrent Sync peer-to-peer cloud storage service [146]. The data is generated by experimenting with a variety of diverse smart systems. The authors observed that data stored in various log files, installation records, and metadata can be recovered. It is highlighted that the state of the data in memory should be conserved for accurate forensic analysis. However, the proposed method has not been legitimized by actual device manufacturers [147](v)Smartphone forensics: in the modern era, people are highly dependent on smartphones. Smartphones play a major role in the exchange of text and audio and video data. Criminals can commit different types of crimes using smartphones like transaction fraud, harassment, child trafficking, and pornography. It is very difficult to elicit data related to the above activities from smartphones for forensic analysis. To solve this issue, the authors conducted a study [148]. In their study, the Samsung Galaxy S3 phone was used as the device for the experiment used for data extraction. It has been observed that to transplant a mobile phone is a tedious activity as it is always associated with risk, i.e., damage to PoP components. The authors in [148] proposed a new methodology named PoP chip-off/TCA. This methodology aids in the transplantation of mobile phones. A new technique was designed and experimented for the successful forensic transplantation of a cryptographic Blackberry 9900 PGP mobile phone(vi)Healthcare forensics: the healthcare sector is one of the domains most prone to major security threats. The main reason for this is the diverse nature of medical applications and the heterogeneity of the types of equipment used; thus, it has a broader surface for attacks [62, 149]. Besides the evolution in the healthcare industry that plays a major role in the development of human life, various smart health monitoring systems also put the security of a patient’s medical data at risk. IoT-based fitness systems could be targeted by attackers to steal the data of the users, which can be further misused [150]. Numerous medical identity thefts have been identified in the past which express the importance of medical data. In the domain of medical health services and applications, a compound annual growth of 29-30% is expected from the year 2019 to 2025 [151]. Many fitness wearables can be used as a source of evidence in criminal investigations as these gadgets keep on storing the data related to routine activities of the users at the back end passively. Thus, although these gadgets were designed to maintain the health status of the users, it can also be used as digital evidence [14]. The number of users, smart watches, and fitness bands are increasing day by day; so, the study of these IoT devices has become the center of interest for forensics practice. According to the authors in [152], the data extracted from these gadgets may be personal to the users. Therefore, special attention should be given to the security of this data. As the number of security-related issues is increasing exponentially, there is a requirement of more advanced techniques to ensure the security of data [153](vii)General IoT system forensics: in [14], the authors came up with a new investigation platform for diverse IoT systems. A risk judgment scheme dependent on STRIDE and DREAD methods was designed and modeled. It was discussed with the help of these two exemplary models that cybercrime committed in the IoT environment can even cause serious risks like death. It was observed by the authors that most of the IoT systems are not deployed with default security measures; so, it possesses high risk. A study was carried out [154] to analyze the significance of the sync data in evidence analysis. Sync data contributes to the fair investigation of the digital witness. A survey was conducted [155] by the authors to study and analyze forensics investigation techniques for data stored in the system memory. Few meaningful alterations to the operating systems were also impressed upon in this study. In [156], data contraction and partially automated analysis techniques to handle a large volume of digital evidence were suggested. This technique assists in the analysis of a variety of IoT data gathered. In [157], the authors discussed the approaches of gathering, saving, and communicating digital evidence in a secure way to a genuine destination. Some technologies to bring it into practice were also highlighted by the authors, along with the basic components of the electronic evidence that were also described

In [158], a novel approach to club cloud-native and cloud-centric forensics for the Amazon Alexa ecosystem was proposed. A new framework named “Probe-IoT” is presented in [159], which aids in identifying criminal evidence in the IoT environment using electronic logs. These logs preserve the complete information regarding all data exchanges between things, users, and cloud services. This framework was not tested experimentally, but it conceptually safeguards the integrity of the evidence. In [160], the authors presented a novel model for IoT forensics named PRoFIT to ensure the implementation of standards during forensic analysis. This model was tested in a true IoT environment deployed in a coffee shop. The 1-2-3 zone approach is applied by the authors [161] for IoT forensic analysis. According to the authors, concerned persons and pieces of evidence fall into zone 1, things or devices near to the boundary of the network fall into zone 2, and devices exterior to the network are capped in zone 3. This approach was developed to support accurate IoT investigation. However, the practical implementation of this approach is comparatively challenging. The authors in [162] presented a new framework dependent on a three-layer architecture. The proposed framework has many advantages to ensure data security with only one disadvantage, that is, it is not much suitable in coping with the limited resources of IoT devices like processing power and battery life. The researchers in [163] proposed a design of a new model to help forensic experts in IoT evidence analysis. This model was proposed to preserve volatile data in IoT devices. This work was planned as an extension of previous research. Using this model, forensic experts can investigate a broader surface in the data domain. However, it has been observed that this model is laborious to implement in a true environment. In [164], the authors presented IoT forensics in a new way. In this work, the IoT domain was methodically explored to disclose the various challenges in the domain of digital forensics. A novel technique named Forensic Aware IoT (FAIoT) was introduced with a focus on uncovering new details in an IoT environment. However, the applicability of the approach is doubtful as it was not verified in the IoT environment. The authors [165] analyzed prominent technical issues in digital forensics which can hinder the identification of important facts for investigation. Various research issues, which can significantly improve the process of digital forensics, were also highlighted. Different types of attacks that are frequently planned on the devices in an IoT environment were discussed in [166] along with the complexity which they add to the digital investigation. The hackers use a large number of random UDP attacks at the same time by using UDP datagrams of varying sizes. Consequently, the attacks caused denial of service. The authors introduced a novel approach to handle these types of attacks by identifying their originators. A number of patents have been granted in the development of digital forensics in the past. Table 6 presents the patents granted in recent years. Many applications of digital forensics have been developed to prevent cybercrime. Table 7 presents the list of real-time digital forensics applications that support various operating systems and other platforms to prevent cybercrime in IoT devices.

6. Advanced IoT Security

Smart devices and applications in various areas of IoT make human life more comfortable, but they also make IoT systems more vulnerable to cyberattacks. These devices and applications are connected to the internet, which creates new opportunities for cybercriminals to enter the IoT environment. Cybercriminals can enter an IoT system through routers and can damage it in many ways. Although several security mechanisms are available in IoT, advanced technologies like artificial intelligence (AI), machine learning (ML), neural networks (NN), blockchain technology, fog computing, and edge computing are playing a major role to handle cyberattacks and helping to control cybercrime [167, 168]. Authors in [169] discussed in brief the various kinds of security threats in an IoT environment. The need for a dynamic and quick system to safeguard the IoT systems against cybercrime is impressed upon. The authors proposed a hybrid system to detect cyberattacks using AI and ML in a cloud computing environment. Both types of attacks, i.e., at the device level and the network level, can be detected with this model. According to the authors, it is considered by the security experts that AI and ML provide very powerful security mechanisms as even future attacks may be predicted based on past IoT attack data. Consequently, this system does not wait for the occurrence of attacks but it can predict them in advance. The main limitation of the system is that it can work only with standard data formats for prediction. ML provides solutions to DoS attacks, eavesdropping, spoofing, and privacy leakage in an IoT environment [170]. The authors in [171] presented a multilayer architecture to associate the various devices within IoT to make them accessible throughout the network at all times. To deal with the security issues of end nodes and to provide more credible services, a novel framework using NN was proposed. According to this framework, security issues need to be tackled in each layer of the IoT architecture. Each end node configured using this framework will have the potential to self-monitor and recover after any unwanted event/attack. In the proposed framework, a NN-based adaptive model was used for the automatic recovery of the nodes. In [172], the authors presented an artificial neural network (ANN) approach to control distributed denial of service (DDoS) attacks. The ANN was tested in a simulated IoT environment. The results obtained with the proposed technique were found to be 99.4% accurate, and this technique is capable of identifying numerous DDoS/DoS attacks. The authors in [170] highlighted that the incorporation of blockchain in IoT systems has numerous benefits. The distributed architecture of blockchain reduces the risk of failure of data storage nodes. Thus, it leads to more secure data storage in the IoT environment [173, 174]. The concept of data encryption is used by blockchain for data storage in the IoT environment; so, there are less chances of storing damaged data in things [175]. The augmentation of blockchain with IoT also helps to prevent unauthorized access, data loss, and spoofing attacks [176]. Various challenges in IoT along with the workable solutions administered by the blockchain technology are discussed below in Table 8.

In [170], the authors discussed that a large volume of data is generated by diverse devices in the IoT environment. It is very taxing to shift the entire data to the cloud for real-time analysis; thus, the concept of fog computing evolved. Under this concept, the cloud framework is extended to the edge of the network [177]. Fog computing can handle various IoT security attacks like the man-in-the-middle attack, data transit attacks, eavesdropping, and resource constraint issues very efficiently [178]. The various characteristics and possible solutions deployed by fog computing are shown in Figure 10. Authors in [170] noted that the edge computing framework is an expansion of cloud computing. The location of the computational power and analysis mechanisms differentiate edge computing from fog computing in an IoT environment [179]. In edge computing, both these potentials reside at the edge [180]. The various devices in the IoT system coordinate to establish a network and perform various computations required for data analysis within that network [181]. Therefore, the need to communicate the data outside the device is reduced which contributes to improved data security in the IoT applications. On the same grounds, this framework also aids in minimizing the communication cost of data [182]. The concept of edge computing helps to handle data breaches, data compliance issues, safety issues, and bandwidth challenges in an IoT environment [183].

7. Road Map of Problems in IoT Forensics

IoT forensics is a complicated and regularly emerging domain. It plays a very crucial role in cybercrime investigation. However, many challenges need to be addressed very carefully. These challenges open the doors for further research in the field of IoT forensics [62]. Thus, the main objective of this section is to show a path to the researchers in the domain of IoT forensics to aid in cybercrime investigation. These include the following: (i)Data locations: in IoT systems, the data are saved at various locations in dynamic devices that may be regulated by different administrations. Consequently, the investigators undergo serious problems trying to identify which regulations are to be followed when the device was used to commit a crime [184]. In this type of situation, crime investigation becomes a more complicated task. So, there is a need for standard processes and mechanisms to address this issue(ii)Forensic automation: there are numerous technical issues faced during automated IoT forensic analysis. The major problems which affect the process are the dynamic nature of the devices and the involvement of advanced methods in the process of forensic investigation. To obtain a real-time solution to the problem, there is a requirement for improved IoT automation. The authors in [134] presented a novel direction for IoT forensics by introducing an automated technique for forensics examination. It is also impressed upon by the authors that the diversity of IoT devices is the main hindrance in the real-time implementation of the proposed technique. Therefore, some standard mechanisms are required to deal with the heterogeneity of the devices and collected data(iii)IoT device management: in an IoT environment, sometimes a particular device malfunctions and starts generating malignant data. Although shutting that device down may be required, it may not be feasible for the forensic investigator to do so because of the owner’s decision. In a smart home, for example, even if a washing machine is initiating vengeful data packets, the owner may not pass his consent to stop it as it may disturb his daily routine. This may lead to a big challenge for the expert crime investigator. Therefore, due attention needs to be given to design the required mechanisms to provide the crime investigators freedom of forensic investigation without the cessation of the continued operation of things(iv)Forensic analysis of data in IoT: forensic investigators deal with a large volume of IoT data using various analysis techniques during the process of crime investigation [185]. In an IoT environment, the data are collected and analyzed from various devices and the results are used for various types of decision making [186]. As the process of data analysis and interpretation is complex, the accuracy of the results and further investigation is affected [156]. Therefore, the need for more standardized, simple, and accurate data analysis tools and techniques arises(v)Scope and life of digital forensic evidence: the limited storage of IoT devices deters the availability of evidence for a long time which results in the loss of crucial data related to cybercrimes [131]. To overcome this problem, forensic data should be transferred frequently to the cloud. However, the process of data transfer gives rise to another challenge of ensuring that evidence has not been manipulated during the process. Another major issue is related to the visibility of the evidence. The presence of a few malignant sensors at the crime scene may affect the work of forensic investigators to locate the witness equipment. Log files from various devices may assist the forensic experts; however, these may not necessarily provide the complete set of evidence for the investigation(vi)Privacy of the user: the entanglement of IoT devices in various domains has made human life very comfortable. However, it has put the privacy of the users of smart devices at stake. It has been observed that there is a lack of privacy-specific forensic mechanisms for the IoT environment [187]. The main loophole of most of the available forensic solutions is that the privacy aspect of the users is ignored during the process of investigation [188]. All investigation solutions proposed in [157, 160, 189] have serious privacy challenges. In very diverse and dynamic IoT systems, the practice of suitable privacy measures can enhance the involvement of digital evidence for cybercrime investigations(vii)Security in IoT devices: the diverse nature of devices in the IoT environment opens a new space for unauthorized users to attack the system which is very difficult to identify during the forensic investigation. Consequently, the process of collecting evidence becomes more tedious. Therefore, it is essential that during the design of various forensic investigation mechanisms, the diverse nature of IoT systems should be kept in mind [190]. The authors introduced the concept of security and privacy in [56, 191]. The proposed approaches and algorithms provide more liberty to forensic investigators by leaving aside security issues. By considering the diverse and dynamic nature of the IoT environment, more of such techniques are needed in cybercrime investigation [192, 193](viii)Other issues and future research: during the study of various challenges, it has been observed that there is a requirement for more standardized techniques and mechanisms in administering the data gathered from heterogeneous and dynamic devices to facilitate the process of cybercrime investigation. Due to the diversity of the formats of the data gathered from the various devices, there is also a requirement for more sophisticated data analysis tools and techniques. Advanced methods need to be proposed to facilitate the liberty of investigators to work without interrupting the operations of smart devices and equipment. As the storage capacity of most of the smart devices is limited, there is a requirement for accurate and efficient techniques to transfer the forensic data from IoT devices to the cloud without any loss of evidence. Suitable measures also need to be practiced ensuring the privacy of the user’s personal data during the process of investigation

8. Conclusions

IoT is a developing technology, which has bestowed human life with comfort. However, the growing practice of IoT devices in various domains related to business and personal life has put personal and data security at greater risk. A large volume of data is exchanged openly among the various smart devices in an IoT environment which attracts hackers to penetrate the security system. The dependence of IoT systems on wireless communication technologies makes them prone to cyberattacks which is the root cause of cybercrime. In this paper, we present the various elements of the IoT framework like architecture, protocols, technologies, and application domains. A detailed review of the security aspects of an IoT environment from the years 2010 to 2020 is presented. Various security aspects which may facilitate intruders to commit cybercrime are also discussed. Implementation of the security mechanisms at each layer of the IoT architecture is presented in this survey. The role of IoT forensics and advanced technologies in cybercrime investigation is impressed upon in this review. This survey also consists of patents reported and real-time applications developed to mitigate the problems occurring due to cybercrime in IoT devices. Lastly, the various open research challenges to be addressed are discussed to facilitate the process of cybercrime investigation in the IoT systems.

Data Availability

Any data or material used in the survey is referred to in the article.

Conflicts of Interest

There is no conflict of interests to declare.