Any device can now connect to the Internet, and Raspberry Pi is one of the more popular applications, enabling single-board computers to make robotics, devices, and appliances part of the Internet of Things (IoT). The low cost and customizability of Raspberry Pi makes it easily adopted and widespread. Unfortunately, the unprotected Raspberry Pi device—when connected to the Internet—also paves the way for cyber-attacks. Our ability to investigate, collect, and validate digital forensic evidence with confidence using Raspberry Pi has become important. This article discusses and presents techniques and methodologies for the investigation of timestamp variations between different Raspberry Pi ext4 filesystems (Raspbian vs. UbuntuMATE), comparing forensic evidence with that of other ext4 filesystems (i.e., Ubuntu), based on interactions within a private cloud, as well as a public cloud. Sixteen observational principles of file operations were documented to assist in our understanding of Raspberry Pi’s behavior in the cloud environments. This study contributes to IoT forensics for law enforcement in cybercrime investigations.

Timestamp Analysis; Cyber Forensic Techniques; File Systems; Internet of Things; Raspberry Pi; Human-Computer Interaction; Sociotechnical Cybersecurity

Casey, E. 2015. "Smart Home Forensics," Digital Investigation (13), pp. a1-a2. https://doi.org/10.1016/j.diin.2015.05.017

Chung, H., Park, J., and Lee, S. 2017. "Digital Forensic Approaches for Amazon Alexa Ecosystem," Digital Investigation (22:Supplement), pp. S15-S25. https://doi.org/10.1016/j.diin.2017.06.010

Chung, H., Park, J., Lee, S., and Kang, C. 2012. "Digital Forensic Investigation of Cloud Storage Services," Digital Investigation (9:2), pp. 81-95. https://doi.org/10.1016/j.diin.2012.05.015

Feng, X., Babatunde, O., and Liu, E. 2017. "Cyber Security Investigation for Raspberry Pi Devices," in International Refereed Journal of Engineering and Sciences. Bedfordshire, UK: University of Bedfordshire Repository, pp. 1-14.

Ho, S. M., Kao, D., and Wu, W.-Y. 2018. "Following the Breadcrumbs: Timestamp Pattern Identification for Cloud Forensics," Digital Investigation (24), pp. 79-94. https://doi.org/10.1016/j.diin.2017.12.001

Martini, B., and Choo, K.-K. R. 2012. "An Integrated Conceptual Digital Forensic Framework for Cloud Computing," Digital Investigation (9:2), pp. 71-80. https://doi.org/10.1016/j.diin.2012.07.001

Martini, B., and Choo, K.-K. R. 2013. "Cloud Storage Forensics: Owncloud as a Case Study," Digital Investigation (10:4), pp. 287-299. https://doi.org/10.1016/j.diin.2013.08.005

Murray, R. 2017. "A Raspberry Pi Attacking Guide," pp. 1-8.

Quick, D., and Choo, K.-K. R. 2013a. "Digital Droplets: Microsoft Skydrive Forensic Data Remnants," Future Generation Computer Systems (29:6), pp. 1378-1394. https://doi.org/10.1016/j.future.2013.02.001

Quick, D., and Choo, K.-K. R. 2013b. "Dropbox Analysis: Data Remnants on User Machines," Digital Investigation (10:1), pp. 3-18. https://doi.org/10.1016/j.diin.2013.02.003

Quick, D., and Choo, K.-K. R. 2014. "Google Drive: Forensic Analysis of Data Remnants," Journal of Network and Computer Applications (40), pp. 179-193. https://doi.org/10.1016/j.jnca.2013.09.016

Quick, D., and Choo, K.-K. R. 2017. "Pervasive Social Networking Forensics: Intelligence and Evidence from Mobile Device Extracts," Journal of Network and Computer Applications (86), pp. 24-33. https://doi.org/10.1016/j.jnca.2016.11.018

Quick, D., and Choo, K.-K. R. 2018. "Iot Device Forensics and Data Reduction," IEEE Access (6:Special section on Internet-of-Things (IoT) big data trust management), pp. 47566-47574. https://doi.org/10.1109/ACCESS.2018.2867466

Roussev, V., Barreto, A., and Ahmed, I. 2016. "Api-Based Forensic Acquisition of Cloud Drives," Proceedings of the IFIP International Conference on Digital Forensics: Advances in Digital Forensics XII (DigitalForensics 2016), New Delhi, India: Springer, pp. 213-235. https://doi.org/10.1007/978-3-319-46279-0_11

Roussev, V., and McCulley, S. 2016. "Forensic Analysis of Cloud-Native Artifacts," Digital Investigation (16:Supplement), pp. S104-S113. https://doi.org/10.1016/j.diin.2016.01.013

Zawoad, S., and Hasan, R. 2015. "Faiot: Towards Building a Forensics Aware Eco System for the Internet of Things," Proceedings of the 2015 IEEE International Conference on Services Computing (SCC'15), New York, NY: IEEE, pp. 279-284. https://doi.org/10.1109/SCC.2015.46