Chapter-2

Internet of Things
Content
1.1 Embedded Systems:
• Embedded system concepts,
• Purpose of embedded systems,
• Architecture of embedded systems,
• Embedded processors-PIC, ARM, AVR,ASIC
1.2 IoT: Definition and characteristics of IoT
• Physical design of IoT,
Things of IoT,IoT Protocols
• Logical design of IoT,
IoT functional blocks,IoT Communication models, IoT Communication APIs,
• IoT Enabling Technologies,
• IoT levels and deployment templates,
• IoT Issues and Challenges, Applications
• IoT Devices and its features: Arduino, Uno, Raspberry Pi, Nodeµ
• Case study on IoT Applications using various Sensors and actuators
Embedded Systems:

“An embedded system is a microcontroller-based system which

is designed to perform a specific task.”

OR

“An embedded system is a combination of computer

hardware and software, either fixed in capability or
programmable, designed for a specific function or functions
within a larger system.”
Embedded system concepts:
∙ An embedded system may be either an independent system
or a part of a large system.
∙ Embedded System consists of Input Device,
Microcontroller (The Brain) and Output Device.

∙ Embedded device contains few or all the peripherals inside

the module which is called as SOC (System On Chip).

∙ But the General purpose system like a microprocessor has

external peripherals i.e. Real- time Clock, USB, Ethernet,
WiFi, Bluetooth, ports etc.) connected to
Purpose of embedded systems:
Data collection/storage/Representation:
∙ Data (voice, text, image, graphics, video, electrical signals or
other measurable quantities) is collected using sensors.
∙ This data may be stored or transmitted to other device or
processed by the embedded system for meaningful
representation.

Data communication in embedded system:

∙ The data may be analog or digital, can be transmitted either
through wireless (Bluetooth, ZigBee, Wi-Fi, GPRS, Edge) or
wired (RS232C, USB, TCP/IP, PC2, Firewire etc) media.
Data processing:
∙ The data which may in the form of Voice, Image, Video,
electrical signal or any other measurable quantities is
collected by an embedded system and used for various kind
of processing depending on the application

Application specific user’s interface:

∙ Embedded system comes with Application specific user’s
interface such as switches, buttons, display, light, bell,
keypad etc.
∙ For example, mobile phone comes with user interface such as
Keyboard, LCD or LED display, Speaker, vibration alert etc.
Monitoring the performance/operation of embedded System:
∙ For example, ECG (Electro cardiogram) machine is used to
monitor the heartbeat of the patient

Control the embedded system:

∙ The embedded system having control functionalities executes
control over some variables as per the input variable.
∙ The embedded system having control functionalities contains
both sensor and actuator.
Sensors are connected as input to capture the change in
measuring variable.
actuator are connected to output port control the system as per
change in input variables within the specified range.
∙ For example, air conditioning system is used to control the
room temperature as per the specified limit.
Architecture of Embedded System:

Sensor: Sensor is used to measure the physical quantity and converts it to an

electrical signal which can be read by any electronic device like an A-D
converter.
A-D Converter: An analog-to-digital converter converts the analog signal
given by the sensor into a digital signal.
Processor & ASICs: Processors process the data to measure the output and
store it to the memory.
D-A Converter :A digital-to-analog converter converts the digital data given
by the processor to analog data.
Actuator :An actuator compares the output given by the D-A Converter to
generates the actual or expected output.
An embedded system has three main components:

1) Embedded system hardware:

∙ An embedded system uses a hardware platform to
execute the operation.
∙ Consist of Power Supply, Reset, Oscillator Circuit,
Memory i.e. Program and data, Processor
(Microcontroller, ARM, PIC, ASIC), Timers,
Input/Output circuits, SASC (System application
specific circuits) etc.
2) Embedded system software:
▪ The microprocessors or microcontrollers used in embedded
systems are programmed to perform specific tasks by
embedded system software mainly written using C or C++
or embedded C.

3) Embedded / Real-time operating systems (RTOS):

▪ Designed to perform a specific task for a device and run the
code that allows the device to perform its job.
▪ It allow the device’s hardware accessible to the software.
▪ Examples: Windows Mobile(handheld Personal Data
Assistants), Symbian (cell phones) etc.
Embedded processors:

PIC (Programmable/Peripheral Interface Controllers):

• Smallest microcontrollers used in phones, computer

control systems, alarm systems, embedded systems etc.
• It consists of RAM, ROM, CPU, timers, counters, A/D
converter, Ports, Flash memory, general purpose register
(GPR), special purpose register (SPR), etc.
PIC (Programmable/Peripheral Interface Controllers):
Features of PIC:
• RISC (Reduced Instruction Set Computer) architecture.
• On chip ROM,RAM,EEPROM
• Include Timers.
• Include ADC (Analog to Digital converter).
• Include USART (universal synchronous and asynchronous
receiver and transmitter) protocol for PC communication.
• Contains I/O.
• Include CAN, SPI and I2C PROTOCOL for serial
communication.
• Interrupts
Application of PIC:
1. Motor Control, Digital Power & Lighting
∙ Motor Control
∙ Digital Power
∙ Lighting
∙ Automotive
∙ Home Appliance
∙ High Temperature for 150C
2. Human Interface
∙ Graphics Solutions
∙ Segmented LCD
∙ Touch Sensing Solutions
∙ Audio and Speech
3. Connectivity
∙ Wireless
∙ USB
∙ Ethernet
∙ CAN
AVR RISC microcontroller or Advanced Virtual RISC:
• AVR was developed in the year 1996 by Atmel
Corporation.
• Architecture of AVR was designed by Alf-Egil Bogen and
Vegard Wollan.
• AVR microcontroller executes most of the instructions in
single execution cycle.
• AVRs are about four times faster than PICs and consumes
less power.
• AVRs can be operated in different power saving modes.
Features of AVR:
• Internal, self-programmable flash memory up to 256 KB
• Internal data EEPROM up to 4 KB and SRAM up to 16 KB
• 8-bit and 16-bit timers
• 10 or 12-bit A/D converters, with multiplex of up to 16 channels
• 12-bit D/A converters
• Synchronous/asynchronous serial peripherals
(UART/USART), Serial Peripheral Interface Bus (SPI),I2C
• Power-saving sleep modes
• Lighting and motor control (PWM) controller models
• CAN (Controller Area Network bus), USB, Ethernet,
DMA controller support
• Low-operating voltage devices i.e.1.8 V
ARM microcontroller:
• The ARM (Advanced RISC machine) is a 32-bit (RISC)
microcontroller.
• Introduced by Acron computers’ organization in 1987.
• The ARM architecture uses a ‘Harvard architecture’ which
support separate data and instruction buses for
communicating with the ROM and RAM memories.
• The ARM microcontrollers support for both low-level and
high-level programming languages.
Features of ARM microcontroller:
• Load/store RISC architecture.
• Efficient multi-core processing and easy coding.
• Support multi-processing and Enhanced power-saving design.
• 64 and 32-bit execution states for scalable high performance.
• Supports Memory Management Unit (MMU) and the
Memory Protection Unit (MPU).
• Support for Digital Signal Processing (DSP) algorithms.
• Smaller size, reduced complexity and lower power
consumption.
• Floating-point support
Applications of ARM microcontroller:
• Smartphones
• Multimedia players
• handheld game consoles
• Digital cameras
• Tablet computers
• Industrial instrument control systems
• Wireless networking and sensors
• Automotive body system
• Robotics
• Consumer electronics
• Set-top boxes
• Digital television
• Smart watches
• Wireless LAN, 802.11, Bluetooth
ASIC (Application-specific integrated circuit):
• An ASIC designed for application, such as transmission
protocol or a hand-held computer.
• ASICs are used in a wide-range of applications, including
auto emission control, environmental monitoring, and
personal digital assistants (PDAs).
• An ASIC can be pre-manufactured or custom
manufactured for a particular customer application.
The advantages of ASIC:
▪ The small size of ASIC makes it a high choice for
sophisticated larger systems.
▪ As a large number of circuits built over a single chip, this
causes high-speed applications.
▪ ASIC has low power consumption.
▪ As they are the system on the chip, circuits are present
side by side. So, very minimal routing is needed to
connect various circuits.

The disadvantages of ASIC:

▪ These are customized chips so provide low flexibility for
programming.
▪ Chips have to be designed from the root level they are of high
cost per unit.
Definition of IoT:

The internet of things (IoT) is a computing concept that

describes the idea of everyday physical objects being
connected to the internet and being able to identify
themselves to other devices.

Internet of Things (IoT) refers to physical and virtual objects

that have unique identities and are connected to the internet
to facilitate intelligent applications that make energy,
logistics, industrial control, retail, agriculture and many other
domains "smarter".
Characteristics of IoT:
Dynamic & Self-Adapting
IoT devices and systems may have the capability to dynamically adapt
with the changing contexts and take actions based on their operating
conditions or sensed environment.
• For example: surveillance System.

Self-Configuring
IoT devices may have self-configuring capability, allowing a large
number of devices to work together.
Interoperable Communication Protocols:
IoT devices may support a number of interoperable communication
protocols and can communicate with other devices and also with the
Unique Identity:
• Each loT device has a unique identity and a unique identifier
(such as an IP address or a URI).
• IoT systems may have intelligent interfaces which allows
communicating with users and the environmental contexts.

Integrated into Information Network:

• Allows IoT devices to communicate and exchange data with
other devices and systems.
• For example: a weather monitoring node communicate and
exchange data to another connected node.
• Thus, the data from a large number of connected weather
monitoring IoT nodes can be aggregated and analysed to
predict the weather.
Features of IoT:
• Connectivity: Establish a proper connection between all the
things of IoT to IoT platform it may be server or cloud.
• Analyzing: After connecting all the relevant things, the
collected data is analyzed and used to build effective business
intelligence.
• Integrating: IoT integrating the various models to improve the
user experience as well.
Features of IoT:
• Artificial Intelligence: IoT makes things smart and enhances
life through the use of data.
Sensing: The sensor devices used in IoT technologies detect
and measure any change in the environment and report on their
status.
• Active Engagement: IoT makes the connected technology,
product, or services to active engagement between each other.
• Endpoint Management: It is important to be the endpoint
management of all the IoT system otherwise; it makes the
complete failure of the system.
Advantages of IoT
• Efficient resource utilization: If we know the functionality
and the way that how each device work we definitely
increase the efficient resource utilization as well as monitor
natural resources.
• Minimize human effort: As the devices of IoT interact and
communicate with each other and do lot of task for us, then
they minimize the human effort.
• Save time: As it reduces the human effort then it definitely
saves out time. Time is the primary factor which can save
through IoT platform.
Advantages of IoT
• Improve security: Now, if we have a system that all these
things are interconnected then we can make the system more
secure and efficient.
• Reduced Waste: IoT makes areas of improvement clear.
Current analytics give us superficial insight, but IoT provides
real-world information leading to more effective
management of resources.
• Enhanced Data Collection: It allows an accurate picture of
everything.
Disadvantages of IoT
• Security: As the IoT systems are interconnected and
communicate over networks. The system offers little control
despite any security measures, and it can be lead the various
kinds of network attacks.
• Privacy: Even without the active participation on the user, the
IoT system provides substantial personal data in maximum
detail.
• Complexity: The designing, developing, and maintaining and
enabling the large technology to IoT system is quite
complicated.
Disadvantages of IoT
• Flexibility: Many are concerned about the flexibility of an IoT
system to integrate easily with another. They worry about
finding themselves with several conflicting or locked systems.
• Compliance: IoT, like any other technology in the realm of
business, must comply with regulations. Its complexity makes
the issue of compliance seem incredibly challenging when
many consider standard software compliance a battle.
Physical design of IoT:
Things of IoT:
❑ The "Things" in IoT usually refers to IoT devices which
have unique identities and can perform remote sensing,
actuating and monitoring capabilities.

❑ IoT devices can:

▪ exchange data with other connected devices.
▪ collect data from other devices
▪ process the data either locally or send the data to
centralized servers or cloud-based application for
processing the data,
▪ perform some tasks locally and other tasks within the
IoT infrastructure
∙ An IoT device may consist of several interfaces for
connections to other devices, both wired and wireless.
∙ These include :
• I/O interfaces for sensors,
• interfaces for Internet connectivity,
• memory and storage interfaces and
• audio/video interfaces.
∙ An IoT device can collect various types of data from
sensors, and can communicate same to other devices or
cloud-based servers/storage.
∙ IoT devices has actuators that allow them to interact with
other physical entities.
∙ IoT devices can be, wearable sensors, smart watches,
LED lights, automobiles and industrial machines.
∙ All IoT devices generate data, which when processed to
get useful information to guide further actions.
∙ For example, sensor data generated by a soil moisture
monitoring device in a garden, when processed can help
in determining the optimum watering schedules and
quantity.
IoT Protocols:

Link Layer
• Link layer protocols determine how the data is physically sent
over the network's physical layer or medium (e.g., copper wire,
coaxial cable, or a radio wave).
802.3- Ethernet:
• IEEE 802.3 is a collection of wired Ethernet standards for the
link layer.
• Example: Standards Ethernet Shared
Medium
802.3 10BASE5 coaxial cable
802.3.i 10BASE-T copper
twisted-pair
802.3.j 10BASE-F fiber optic
802.3ae 10 Gbit/s fiber optic

• These standards provide data rates from 10 Mb/s to 40 Gb/s

and higher.
802.11 – WiFi:
• IEEE 802.11 is a collection of wireless local area network
(WLAN) Communication standards
• Example:
Standards Frequency
802.11a 5 GHz
802.11b and 802.1lg 2.4 GHz
802.11n 2.4/5 GHz
802.11ac 5GHz
802.11ad 60 GHz

• These standards provide data rates from 1 Mb/s to upto 6.75

Gb/s.
802.16 / WiMax:
• IEEE 802.16 is a collection of wireless broadband standards.

• WiMax standards provide data rates from 1.5 Mb/s to 1 Gb/s.

• The recent update 802.161 provides data rates of 100 Mbit/s for mobile
stations and 1 Gbit/s for fixed stations
802.15.4 LR-WPAN:
• 802.15.4 is a collection of standards for low-rate wireless personal
area networks (LR-WPANs).
• These standards form the basis of specifications for high level
communication protocols such as ZigBee.
• LR-WPAN standards provide data rates from 40 Kb/s to 250 Kb/s.

• These standards provide low-cost and low-speed communication for

1G: 2G:
• USA ,1980 • Finland, 1991
• Analog signals • Digitas signals
• Only for voice communication • Used GSM technology
Charactristics: Charactristics:
• Speed:2.4 kbps • Speed:64 kbps, Better quality than 1G
• Poor voice quality • Text, multimedia possible along with voice
• Large phones with limited bayttery • When GPRS system introduced ( GSM+
• No data security GPRS) then browsing, emails uploads and
faster downloads was possible and was
called as 2.5 G
3G: 4G Charactristics:
Charactristics: • Speed:100 mbps to 1 Gbps
• Speed:144 kbps To 2 Mbps • Mobile web access.
• High speed web browsing • Cloud computing
• Possible to run web based • IP camera, IP telephony
applications like video conferencing, Can be described as MAGIC
video calls multimedia etc • M-mobile Multimedia
• 3D Gaming, Real time Gaming • A-Anytime Anywhere
• G-Global mobile support
• I-Integrated wireless solutions
Network/Internet Layer:
• Responsible for sending of IP datagrams from the source to
the destination network.
• This layer performs the host addressing and packet routing.
• The datagrams contain the source and destination addresses
which are used to route from the source to destination.
• Host identification is done using hierarchical IP addressing
schemes such as IPv4 or IPv6.
IPv4:
• Most deployed Internet protocol that is used to identify the
devices over network.
• IPv4 uses a 32-bit address scheme that allows total of 232 or
4,294,967,296 addresses.
• As more and more devices got connected to the Internet, these
addresses got exhausted in the year 2011.
IPv6:
• Internet Protocol version 6 (IPv6) is the newest version of Internet
protocol and successor to IPv4.
• IPv6 uses 128-bit address scheme that allows total 2128 addresses.
IPV4 IPV6

IPv4 has 32-bit address length IPv6 has 128-bit address length

It Supports Manual and DHCP It supports Auto and renumbering

address configuration address configuration

In IPv4 end to end connection In IPv6 end to end connection

integrity is Unachievable integrity is Achievable

Address space of IPv6 is quite large

It can generate 4.29×109 address
it can produce 3.4×1038 address
space
space

Inbuilt security feature in the IPv6

No inbuilt security.
protocol

Address representation of IPv4 in Address Representation of IPv6 is in

decimal hexadecimal
6LoWPAN ( IPv6 over Low power Wireless Personal Area
Networks):
• Uses IP protocol to the low power devices which have limited
processing capability.
• 6LoWPAN operates in the 2.4 GHz frequency range
• Provides data transfer rates of 250 Kb/s.
• 6LoWPAN works with the 802.15.4 link layer protocol
Transport Layer Protocols:
• The transport layer protocols provide end-to-end message
transfer capability independent of the underlying network.
• The message transfer capability can be set up on connection
either using handshakes (as in TCP) or without
handshakes/acknowledgements (as in UDP).
• The transport layer provides functions such as error control,
segmentation, flow control and Congestion control.
TCP:
• Transmission Control Protocol (TCP) is the most widely used
transport layer protocol, that is used by web browsers , email
programs and file transfer.
• TCP is a connection oriented and stateful protocol.
• TCP ensures reliable transmission of packets in-order and also
provides error detection capability so that duplicate packets can
be discarded and lost packets are retransmitted.
UDP:
• UDP is a connectionless protocol.
• UDP is useful for time-sensitive applications that have very small
data units to exchange and do not want the overhead of
connection setup.
• UDP is a transaction oriented and stateless protocol.
• UDP does not provide guaranteed delivery, ordering of messages
and duplicate elimination.
Application Layer Protocols:
• Application layer protocols define how the applications
interface with the lower layer protocols to send the data over
the network.
• The application data, typically in files, is encoded by the
application layer protocol and encapsulated in the transport
layer protocol which provides connection or transaction
oriented communication over the network.
• Port numbers are used for application addressing (for example
port 80 for HTTP, port 22 for SSH, etc.).
• Application layer protocols enable process-to-process
connections using ports.
HTTP (HyperText Transfer Protocol):
• Hypertext Transfer Protocol (HTTP) is the application layer
protocol used to transfer the data in the form of plain text,
hypertext, audio, video, etc over the World Wide Web (WWW).
• HTTP includes commands such as GET, PUT, POST, DELETE,
HEAD, TRACE, OPTIONS, etc.
• The protocol follows a request-response model.
• An HTTP client can be a browser or an application running on the
client(e.g., an application running on an IoT device, a mobile
application or other software).
• HTTP protocol uses Universal Resource Identifiers (URIs) to
identify HTTP resources.
HTTP (Hyper Text Transfer Protocol):
• HTTP is similar to the FTP as it also transfers the files from one
host to another host.
• But, HTTP is simpler than FTP as HTTP uses only one
connection, i.e., no control connection to transfer the files.
• HTTP is used to carry the data in the form of MIME
(Multipurpose Internet Mail Extensions) -like format.
• In HTTP data is transferred between client and server.
• The HTTP differs from the SMTP in the way the messages are
sent from the client to the server and from server to the client.
• SMTP messages are stored and forwarded while HTTP messages
are delivered immediately.
Features of HTTP:
Connectionless protocol:
• HTTP is a connectionless protocol.
• HTTP client initiates a request and waits for a response from
the server.
• When the server receives the request, the server processes the
request and sends back the response to the HTTP client after
which the client disconnects the connection.
• The connection between client and server exist only during the
current request and response time only.
Features of HTTP:
Media independent:
• HTTP protocol is a media independent as data can be sent as long
as both the client and server know how to handle the data content.
• It is required for both the client and server to specify the content
type in MIME (Multipurpose Internet Mail Extensions) -type
header.
Stateless:
• HTTP is a stateless protocol as both the client and server know
each other only during the current request.
• Here, both the client and server do not retain the previous
information.
HTTP Transactions:
• The client initiates a transaction by
sending a request to the server.
• The server replies to the request
message by sending a response
message.

Messages:
• HTTP messages are of two types:
1.Request
2.response.
• Both the message types follow the same
message format.
COAP: Constrained Application Protocol:
• CoAP is an application layer protocol for machine-to-machine
(M2M) applications.
• Like HTTP, COAP is a web transfer protocol and uses a request-
response model, however it runs on top of UDP instead of TCP.
• COAP uses a client-server architecture where clients
communicate with servers using connectionless datagrams.
• COAP is designed to easily interface with HTTP. Like HTTP,
COAP supports methods such as GET, PUT, POST, and
DELETE.
• CoAP, represented as two different
layers :
• Messages
• Request/Response.

• The Messages layer deals with UDP

messages.
• The Request/Response layer manages request/response
interaction based on request/response messages.

• CoAP supports four types of messages:

1. Confirmable
2. Non-confirmable
3. Acknowledgment
4. Reset
Terms used in CoAP protocol:
• Endpoint: An entity that participates in the CoAP protocol.

Usually, termed as host.

• Sender: The entity that sends a message.
• Recipient: The destination of a message.
• Client: The entity that sends a request.
• Server: The entity that receives a request from a client and

sends back a response to the client.

Uses two kinds of messages:
Confirmable message:
• A confirmable message is Reliable
message.
• A Confirmable message (CON) is sent
again and again until the other party
sends an acknowledge message (ACK).
The ACK message contains the same ID
of the confirmable message (CON).
• If the server has troubles managing the
incoming request, it can send back a Rest
message (RST) instead of the
Non-confirmable message:

• These are messages that don’t require an Acknowledge by the

server.
• They are unreliable messages or in other words messages that
do not contain critical information that must be delivered to the
server.
• Even if these messages are unreliable, they have a unique ID.
CoAP Request/Response Model
• The request is sent using a Confirmable
(CON) or Non-Confirmable (NON)
message.

• If server answer immediately to the

client request, then if the request is
carried using a Confirmable message
(CON), the server sends back to the
client an Acknowledge or the error
code.
• In the CoAP message, there is a • The client sends back an
Acknowledge message:
token which is used to match the
request and the response.
• If the server can’t answer to the
request, then it sends an
Acknowledge message with an
empty response.
• Once response is available, then
server sends a new Confirmable
message to the client containing
the response.
MQTT (Message Queuing Telemetry Transport ):
• Most commonly used protocols in IoT.
• It is lightweight messaging protocol
that uses publish/subscribe model to
exchange data between clients and
the server.

Why MQTT
• It’s a lightweight protocol. So, it’s
easy to implement in software and fast in data transmission.
• Minimized data packets. Hence, low network usage.
• Low power usage, so saves device’s battery.
• It’s real time! That’s is specifically what makes it perfect for IoT
applications.
MQTT Components:
• Broker, server that handles the data transmission between the
clients.
• Topic, data device want to put or retrieve a messages.
• Message, data that a device receives “when subscribing” from a
topic or send “when publishing” to a topic.
• Publish, is the process a device does to send its message to the
broker.
• Subscribe, where a device does to retrieve a message from the
broker.
How MQTT works:
• Clients-Server based protocol.
• MQTT server is called a broker and the clients are simply the
connected devices.
• When a device (a client) wants to send data to the broker, we
call this operation a “publish”.
• When a device (a client) wants to receive data from the broker,
we call this operation a “subscribe”.
Example:
• A temperature sensor wants to send his readings to the broker.
• A phone/desktop application wants to receive this temperature.
• The device defines the topic it wants to publish on, ex: “temp”.
• Then, it publishes the message “temperature value”.
• The phone/desktop application subscribes to the topic “temp”.
Then, it receives the message that the device has published.
Advanced Message Queuing Protocol (AMQP):
• AMQP is an application layer protocol for business messaging, supports
point-to-point and publisher/subscriber models, routing and queuing.
• AMQP brokers receive messages from publishers (e.g., devices or
applications that generate data) and route them over connections to
consumers (applications that process data).
• Publishers publish the messages, which then distribute message copies to
queues.
• Messages are either delivered by the broker to the consumers which have
subscribed to the queues or the consumers can pull the messages from the
queues.
XMPP: Extensible Messaging and Presence Protocol
• XMPP protocol for real-time communication and streaming
XML data between network entities.
• XMPP powers wide range of applications including
messaging, presence, gaming, multi- party chat and
voice/video calls.
• XMPP allows sending small chunks of XML data from one
network entity to another in real-time.
• XMPP is a decentralized protocol and uses a client-server
architecture.
• XMPP supports both client-to-server and server-to- server
communication paths.
• In the context of IoT, XMPP allows real-time communication
between IoT devices.
Data Distribution Service (DDS):
• DDS, standard for device-to-device
communication.
• It Enables scalable, real-time, reliable
performance.
• DDS uses a publish-subscribe model
where publishers (e.g. devices that
generate data) create topics to which
subscribers (e.g., devices that want to
consume data) can subscribe.

• Publisher is an object responsible for data distribution and the subscriber is

responsible for receiving published data.
• DDS makes use of broker less architecture and provides high-quality QoS to
applications.
• DDS can deploy in platforms ranging from low-footprint devices to the cloud
Logical Design Of IoT:
• It is abstract representation of entities without going into low
level specific implementation.
IoT Functional Blocks:
• An IoT system comprises of a number of functional blocks that
provide the system the capabilities for identification, sensing,
actuation, communication, and management.
IoT Functional Blocks:
• Device:

An IoT system comprises of devices that provide:

1. sensing
2. Actuation
3. Monitoring
4. control functions.
• Communication :

The communication block handles the communication for the

IoT system.
IoT Functional Blocks:
• Services:

▪ An IoT system uses various types of IoT services such as:

⮚ services for device monitoring
⮚ device control services
⮚ data publishing services
⮚ services for device discovery.
• Management :

▪ Management functional block provides various functions to

govern the IoT system.
IoT Functional Blocks:
• Security:

▪ It secures the IoT system and by providing functions:

⮚ authentication
⮚ authorization
⮚ message and content integrity
⮚ data security.
• Application: IoT applications provide an interface that the
users can use to control and monitor various aspects of the IoT
system. Applications also allow users to view the system status
and view or analyze the processed data.
IoT Communication Models:
Request Response Model:
• It is communication model in which client sends requests to the server and
the server responds to the requests.
• When the server receives a request, it decides how to respond, fetches the
data, retrieves resource representation, prepares the response, and then sends
the response to the client.
• Request-response is a stateless communication model and each request-
response pair is independent of others.

• Example: A browser sends

HTTP request to the server; then
the server returns a response to
the client, which contains status
information about the request and
may also contain the requested
content.
Publish-Subscribe Model
• Involves publishers, brokers and consumers.
• Publishers are the source of data. Publishers send the data to the
topics which are managed by the broker.
• Publishers are not aware of the consumers.
• Consumers subscribe to topics managed by the broker.
• When the broker receive data for a topic from the publisher, it
sends the data to all the subscribed consumers.
Push-Pull Model:
• Data producers push the data to queues and the consumers Pull the
data from the Queues.
• Producers do not need to be aware of the consumers. Queues help
in decoupling the messaging between the Producers and
Consumers.
• Queues also act as a buffer which helps in situations when there is a
mismatch between the rate at which the producers push data and
the rate at which the consumer pull data.
Exclusive Pair Model:
• It is a bidirectional, fully duplex communication model that
uses a persistent connection between the client and server.
• Connection is setup, it remains open until the client sends a
request to close the connection.
• Exclusive pair is stateful communication model and the server
is aware of all the open connections.
IoT Communication APIs:
REST-based communication APIs:
• REST (REpresentational State Transfer) is a set of architectural
principles to design web services and web APIs that focus on a
system's resources.
• REST APIs follow the request-response communication model.
• The REST architectural constraints are as follows:
Client-Server:
• The principle behind the client-server constraint is the
separation of concerns.
• For example, clients should not be concerned with the storage
of data which is a concern of the server.
• Similarly, the server should not be concerned about the user
interface, which is a concern of the client.
• Separation allows client and server to be independently
developed and updated.
Stateless:
• Request from client to server must contain all the information
necessary to understand the request.
• The session state is kept entirely on the client.

Cache-able:
• Cache constraint requires that the data within a response to a
request be implicitly or explicitly labeled as cache-able or
non-cache-able.
• If a response is cache-able, then a client cache is given the
right to reuse that response data for later, equivalent requests.
• Caching can partially or completely eliminate some
interactions and improve efficiency and scalability.
Layered System:
• This constrains the behavior of each component cannot see
beyond the immediate layer with which they interacting.
• For example, a client cannot tell whether it is connected
directly to end server, or to an intermediary along the way.
• System scalability can be improved by allowing intermediaries
to respond to requests instead of the end server, without the
client having to do anything different.
Uniform Interface:
• It requires that the method of communication between a client
and a server must be uniform.
• Resources are identified in the requests , when a client holds a
representation of a resource it has all the information required
to update or delete the resource (provided the client has
required permissions).
Code on demand:
• Servers can provide executable code or scripts for clients to
execute in their context.
• This is the only constraint that is optional.
• A RESTful web service is a "web API" implemented using HTTP
and REST principles.
• RESTful web API has a base URI (http://example.com/api/tasks/).
• The clients send requests to these URIS using the methods defined
by HTTP protocol (eg. GET, POST etc), A RESTful web service
can support various internet media types ( eg. JSON,XML),
Communication between client and server using
REST APIs.
Interactions in the request-response model used by REST.
WebSocket based communication
API:
• Websocket APIs follow the exclusive
pair communication model.
• WebSocket APIs allow bi-
directional, full duplex
communication and do not require
new connection to be setup for each
message to be sent.
• Websocket communication begins
with a connection setup request sent
by the client to the server.
WebSocket based communication API:
• The request (called websocket handshake) is sent over HTTP
and the server interprets it.
• Websocket protocol, the server responds to the websocket
handshake response.
• After the connection setup client and server can send
data/mesages to each other in full duplex mode.
• Websocket API reduce the network traffic as there is no
overhead for connection setup and termination requests for each
message.
• Websocket suitable for IoT applications that have latency or
high throughput requirements.
• So Web socket is most suitable IoT Communication APIs for
IoT System.
IoT Enabling Technologies:

• IoT supports several technologies including wireless sensor

networks, cloud computing, big data analytics, embedded
systems etc.
• Following are some technologies which play a key role in
IoT.
1. Wireless Sensor Networks:
2. Cloud Computing
1. Wireless Sensor Networks:
• A WSN comprises of devices with sensors, used to
monitor the environmental and physical conditions.
• A WSN consist of a number of end-nodes and routers and
a coordinator.
• End nodes have several sensors attached them.
• End nodes can also act as routers. Routers are responsible
for routing the data packets from end-nodes to the
coordinator.
• The coordinator collects the data from all the nodes.
Coordinator also acts as a gateway that connects the WSN
to the Internet.
1. Wireless Sensor Networks:
• Examples of WSNs used in IoT systems:
• Weather monitoring systems
• Indoor air quality monitoring systems.
• Soil moisture monitoring systems
• Surveillance systems
• Structural health monitoring systems
• ZigBee is one of the most popular wireless technologies
used by WSNs.
• ZigBee specifications are based on IEEE 802.15.4.
• ZigBee operates at 2.4 GHz frequency and offers data
rates up to 250 KB/s and range from 10 to 100 meters.
Cloud Computing:
• Cloud computing is service delivering applications and services
over the internet.
• Different forms of Cloud computing services:
1) Infrastructure-as-a-Service (IaaS):
• IaaS provides the users computing and storage resources
virtually.
• Users can start, stop, configure and manage the virtual
machine instances and virtual storage.
• Deploy operating systems and applications of their choice
on the virtual resources provisioned in the cloud.
• The cloud service provider manages the underlying
infrastructure.
• Virtual resources provisioned by the users are billed based
on a pay-per-use paradigm.
Cloud Computing:
1) Infrastructure-as-a-Service (IaaS):
• Examples: Backup, recovery, monitoring, clustering,
internal networking, website hosting, etc.
• The service provider is responsible for building the
servers and storage, networking firewalls/ security, and
the physical data center.
• Some key players offering IaaS are Amazon EC2,
Microsoft Azure, Google Cloud Platform, GoGrid,
Rackspace, DigitalOcean among others.
2) Platform-as-a-Service (PaaS):
• PaaS provides the users to develop and deploy
application in the cloud using the development tools,
APIs, software libraries and services provided by the
cloud service provider.
• The cloud service provider manages the underlying cloud
infrastructure including servers, network, operating
systems and storage.
• The users, are responsible for developing, deploying,
configuring and managing applications on the cloud
infrastructure.
2) Platform-as-a-Service (PaaS):
• It enables cloud users to install and host data sets,
development tools and business analytics applications,
apart from building and maintaining necessary hardware.

• Some key players offering PaaS are Bluemix, CloudBees,

Salesforce.com, Google App Engine, Heroku, AWS,
Microsoft Azure, OpenShift, Oracle Cloud, SAP and
OpenShift.
3) Software-as-a-Service (SaaS):
• SaaS provides the users a complete software application.
• SaaS manages the underlying cloud infrastructure including
servers, network, operating systems, storage and application
software, and the user is unaware of the underlying
architecture of the cloud.
• Applications are provided to the user through a thin client
interface (e.g., a browser).
• SaaS applications can be accessed from workstations, laptop,
tablets and smart-phones, running different operating
systems.
3) Software-as-a-Service (SaaS):
• Since the cloud service provider manages both the
application and data, the users are able to access the
applications from anywhere.
• SaaS lets users easily access software applications -- such
as emails -- over the internet.
• Most common examples of SaaS are Microsoft Office
360, AppDynamics, Adobe Creative Cloud, Google G
Suite, Zoho, Salesforce, Marketo, Oracle CRM, Pardot
Marketing Automation, and SAP Business By Design
Benefits of cloud computing services
• Faster implementation and time to value
• Anywhere access to applications and content
• Rapid scalability to meet demand
• Higher utilization of infrastructure investments
• Lower infrastructure, energy, and facility costs
• Greater IT staff productivity and across organization
• Enhanced security and protection of information assets
Big Data Analytics:
• Big Data analytics is the process of collecting, organizing
and analyzing large sets of data (called Big Data) to
discover patterns and other useful information.
• Big Data analytics can help organizations to better
understand the information contained within the data and
will also help identify the data that is most important to the
business and future business decisions.
• Big Data Analytics involved several steps starting from data
cleansing, data munging (or wrangling), data processing and
visualization.
IoT Issues and Challenges, Applications
Most of Issues and Challenges relevant to IoT are:
• Data Privacy: For example, Some manufacturers of smart TVs
collect data about their customers to analyze their viewing habits
so the data collected by the smart TVs may have a challenge for
data privacy during transmission.
• Data Security: Data security is also a great challenge. While
transmitting data seamlessly, it is important to hide from
observing devices on the internet.
IoT Issues and Challenges, Applications
• Lack of Common Standard: Since there are many standards for
IoT devices and IoT manufacturing industries. Therefore, it is a
big challenge to distinguish between permitted and non-permitted
devices connected to the internet.
• Technical Concerns: Due to the increased usage of IoT devices,
the traffic generated by these devices is also increasing. Hence
there is a need to increase network capacity, therefore, it is also a
challenge to store the huge amount of data for analysis and further
final storage.
Security Attacks and System Vulnerabilities:
IoT security can be divided into system security, application security, and
network security.

▪ System Security: Mainly focuses on overall IoT system to identify

different security challenges, to design different security frameworks
and to provide proper security guidelines in order to maintain the
security of a network.

▪ Application security: It works for IoT application to handle security

issues according to scenario requirements.

▪ Network security: Deals with securing the IoT communication

network for communication of different IoT devices.
Types of IoT Sensors
Temperature sensors:
• Measures the amount of heat energy generated from an object or
surrounding area.
• Use in air-conditioners, refrigerators and similar devices for
environmental control.
• They are also used in manufacturing processes, agriculture and
health industry.
• Temperature sensors include
thermocouples, thermistors,
resistor temperature detectors
(RTDs) and ICs.
Humidity sensors:
• The amount of water vapors in air, or humidity.
• Most commonly used units for humidity
measurement are relative humidity (RH), dew/frost
point (D/F PT) and parts per million (PPM).

Motion sensors:
• Used for security purposes, automatic door controls,
automatic parking systems, automated sinks,
automated toilet flushers, hand dryers, energy
management systems, etc.
• HC-SR501 passive infrared (PIR) sensor is a popular
motion sensor.
Gas sensors:
• Used to detect toxic gases.
• The sensing technologies most commonly used are
electrochemical, photo-ionisation etc.
Smoke sensors:
• Used in homes and industries.
• With the advent of the IoT, adding a wireless
connection to smoke detectors enables additional
features that increase safety and convenience.

Pressure sensors:
• Used in IoT systems to monitor systems and devices that are driven by
pressure signals.
• When pressure range is beyond the threshold level, the device alerts the
user about the problems that should be fixed.
• For example,BMP180 is a popular digital pressure sensor for use in
mobile phones, PDAs, GPS navigation devices and outdoor equipment.
Accelerometer sensors:
Used in smartphones, vehicles,
aircrafts and other applications to detect
orientation of an object, shake, tap, tilt,
motion, positioning, shock or vibration.

Image sensors:
• Used in digital cameras, medical imaging systems, night-vision
equipment, thermal imaging devices, radars, media house and biometric
systems.
• In the retail industry, these sensors are used to monitor customers
visiting the store through IoT network.
• In offices and corporate buildings, they are used to monitor employees
and various activities
IR sensors:
• Used to measure the heat emitted by objects.
• They are used in various IoT projects including
healthcare to monitor blood flow and blood pressure,
smartphones to use as remote control and other
functions, wearable devices to detect amount of light, thermometers to
monitor temperature and blind-spot
Proximity sensors:
• Detect the presence or absence of a nearby object without any physical
contact.
• Different types of proximity sensors are inductive, capacitive,
photoelectric, ultrasonic and magnetic.
• These are mostly used in object counters, process monitoring and
control.
Stepper Motor: Stepper motors are DC motors that
move in discrete steps. They have multiple coils that are
organized in groups called “phases”. By energizing
each phase in sequence, the motor will rotate, one step
at a time.

DC motors:
• Direct Current motor is the most common actuator
used in electronics projects.
• They are simple, cheap, and easy to use.
• DC motors convert electrical into mechanical
energy.
• They consist of permanent magnets and loops of
wire inside.
• When current is applied, the wire loops generate a
magnetic field, which reacts against the outside field
of the static magnets
Linear Actuator:
• It creates motion in a straight line, in contrast to
the circular motion of a conventional electric motor.
• Linear actuators are used in machine tools and
industrial machinery etc.

Relay:
• A relay is an electrically operated switch. Many relays use an
electromagnet to mechanically operate a switch.
• The advantage of relays is that it takes a relatively small amount of
power to operate the relay coil, but the relay itself can be used to
control motors, heaters, lamps or AC circuits which themselves can
draw a lot more electrical power.
Solenoid:
• A solenoid is simply a specially designed electromagnet.
• Solenoids are inexpensive, and their use is primarily limited to on-
off applications such as latching, locking, and triggering.
• They are frequently used in home appliances (e.g. washing machine
valves), office equipment (e.g. copy machines), automobiles (e.g.
door latches and the starter solenoid), and factory automation.
Applications-Domain Specific IoTs Home Automation:
• Smart Lighting: helps in saving energy by adapting the lighting to
the ambient conditions and switching on/off or diming the light when
needed.

• Smart Appliances: make the management easier and also provide

status information to the users remotely.

• Intrusion Detection: use security cameras and sensors (PIR sensors

and door sensors) to detect intrusion and raise alerts. Alerts can be in
the form of SMS or email sent to the user.

• Smoke/Gas Detectors: Detect smoke that is typically an early sign of

fire. Alerts raised by smoke detectors can be in the form of signals to a
fire alarm system. Gas detectors can detect the presence of harmful
gases such as CO2, LPG etc.,
Cities:
• Smart Parking: make the search for parking space easier and
convenient for drivers. Smart parking are powered by IoT systems that
detect the no. of empty parking slots and send information over
internet to smart application back ends.
• Smart Lighting: for roads, parks and buildings can help in saving
energy.
• Smart Roads: Equipped with sensors can provide information on
driving condition, travel time estimating and alert in case of poor
driving conditions, traffic condition and accidents.
• Structural Health Monitoring: uses a network of sensors to monitor
the vibration levels in the structures such as bridges and buildings.
• Surveillance: The video feeds from surveillance cameras can be
aggregated in cloud based scalable storage solution.
• Emergency Response: IoT systems for fire detection, gas and water
leakage detection can help in generating alerts and minimizing their
effects on the critical infrastructures.
Environment:
• Weather Monitoring: Systems collect data from a no. of sensors attached
and send the data to cloud, data collected in cloud can then be analyzed and
visualized by cloud based applications.

• Air Pollution Monitoring: System can monitor emission of harmful gases

(CO2, CO, NO, NO2 etc.,) by factories and automobiles using gaseous and
meteorological sensors. The collected data can be analyzed to make informed
decisions on pollutions control approaches.

• Noise Pollution Monitoring: IoT based noise pollution monitoring systems

use a no. of noise monitoring systems that are deployed at different places in
a city. The data on noise levels from the station is collected on servers or in
the cloud. The collected data is then aggregated to generate noise maps.

• Forest Fire Detection: Forest fire can cause damage to natural resources,
property and human life. Early detection of forest fire can help in minimizing
damage.

• River Flood Detection: IoT based river flood monitoring system uses a no.
of sensor nodes that monitor the water level and flow rate sensors.
Retail:
• Inventory Management: IoT systems enable remote monitoring of
inventory using data collected by RFID readers.
• Smart Payments: Solutions such as contact-less payments powered
by technologies such as Near Field Communication(NFC) and
Bluetooth.
• Smart Vending Machines: Sensors in a smart vending machines
monitors its operations and send the data to cloud which can be used
for predictive maintenance.
Logistics:
• Route generation & scheduling: IoT based system backed by
cloud can provide first response to the route generation queries and
can be scaled upto serve a large transportation network.
• Fleet Tracking: Use GPS to track locations of vehicles in real-time.
• Shipment Monitoring: IoT based shipment monitoring systems use
sensors such as temp, humidity, to monitor the conditions and send
data to cloud, where it can be analyzed to detect food spoilage.
• Remote Vehicle Diagnostics: Systems use on-board IoT devices for
collecting data on Vehicle operation’s (speed, RPMetc.,) and status
of various vehicle sub systems.
Agriculture:
• Smart Irrigation: to determine moisture amount in soil.
• Green House Control: to improve productivity.

Industry:
• Machine diagnosis and prognosis
• Indoor Air Quality Monitoring

Health and Life Style:

• Health & Fitness Monitoring
• Wearable Electronics
IoT Devices:

• Internet of Things Devices connect wirelessly to a network with

each other and able to transfer the data.
• IoT devices are enlarging the internet connectivity beyond
standard devices such as smartphones, laptops, tablets, and
desktops.
• IoT devices include computer devices, software, wireless sensors,
and actuators. These IoT devices are connected over the internet
and enabling the data transfer among objects or people
automatically without human intervention.
Common and popular IoT Devices and Technologies:
Properties of IoT Devices:
• Sense: The devices that sense its surrounding environment in the
form of temperature, movement, and appearance of things, etc.
• Send and receive data: IoT devices are able to send and receive
the data over the network connection.
• Analyze: The devices can able to analyze the data that received
from the other device over the internet networks.
• Controlled: IoT devices may control from some endpoint also.
Otherwise, the IoT devices are themselves communicate with
each other endlessly leads to the system failure.
Arduino Uno:
• Arduino devices are the microcontrollers and microcontroller
kit for building digital devices that can be sense and control
objects in the physical and digital world.
• Arduino boards are furnished with a set of digital and analog
input/output pins that may be interfaced to various other
circuits.
• Some Arduino boards include USB (Universal Serial Bus)
used for loading programs from the personal computer.
• Arduino is an open-source electronics platform based on easy-
to-use hardware and software.
Properties of Arduino:
• Inexpensive: Arduino boards are relatively inexpensive
compared to other microcontroller platforms. Pre-assembled
Arduino modules cost less than Rs.500/-.
• Cross-platform: The Arduino Software (IDE) runs on Windows,
Macintosh OSX, and Linux operating systems. Most
microcontroller systems are limited to Windows.
• Simple, clear programming environment: The Arduino
Software (IDE) is easy- to-use for beginners, yet flexible enough
for advanced users to take advantage of as well.
• Open source and extensible software: The Arduino software is
open source tools, available for extension by experienced
programmers. The language can be expanded through C++
libraries, and people wanting to understand the technical details
can make the leap from Arduino to the AVR C programming
language on which it's based.
• Open source and extensible hardware: The plans of the
Arduino boards are published under a Creative Commons license,
so experienced circuit designers can make their own version of
the module, extending it and improving it.
Raspberry Pi:
• It is a low cost, credit-card sized computer that plugs into a computer
monitor or TV, and uses a standard keyboard and mouse.
• The Raspberry Pi is a very cheap computer that runs Linux, but it also
provides a set of GPIO (general purpose input/output) pins that allow
you to control electronic components for physical computing and
explore the Internet of Things (IoT).
• Raspberry Pi has an ARMv6 700 MHz single-core processor, a
VideoCore IV GPU and 512MB of RAM. it uses an SD card for its
operating system and data storage.
• Back in 2006, while Eben Upton, his colleagues at University of
Cambridge, in conjunction with Pete Lomas and David Braben, formed
the Raspberry Pi Foundation.
Fig. Raspberry Pi :
Model Components of Raspberry Pi Board:
• ARM CPU/GPU :This is a Broadcom BCM2835 System on a Chip (SoC)
that's made up of an ARM central processing unit (CPU) and a Video core 4
graphics processing unit (GPU).
• The CPU handles all the computations that make a computer work (taking
input, doing calculations and producing output).
• GPU handles graphics output.
• GPIO -- These are exposed general-purpose input/output connection points.
• RCA -- An RCA jack allows connection of analog TVs and other similar
output devices.
Model Components of Raspberry Pi Board:

• Audio out -- This is a standard 3.55-millimeter jack for connection of audio

output devices such as headphones or speakers.

• LEDs -- Light-emitting diodes, for all of your indicator light needs.

• USB -- This is a common connection port for peripheral devices of all types

(including your mouse and keyboard). Model A has one, and Model B has

two.

• HDMI -- This connector allows you to hook up a high-definition television

or other compatible device using an HDMI cable.

Model Components of Raspberry Pi Board:

• Power -- This is a 5v Micro USB power connector into which you can plug

your compatible power supply.

• SD card slot -- This is a full-sized SD card slot. An SD card with an

operating system (OS) installed is required for booting the device. They are

available for purchase from the manufacturers, but you can also download

an OS and save it to the card yourself .

• Ethernet -- This connector allows for wired network access and is only

available on the Model B.

Advantages of Raspberry Pi Models:
• The size of the raspberry pi is in small of credit card
• The price of the raspberry pi is low

Applications of Raspberry pi:

• Media steamer
• Tablet computer
• Home automation
• Internet radio
• Controlling robots
• Raspberry pi based projects
Node MCU (Node MicroController Unit) :
• Node MCU is an open source IoT platform.
• The Node MCU is an open source software and hardware development
environment that is built around a very inexpensive System-on-a-Chip
(SoC) called the ESP8266.
• The ESP8266 can be controlled from your local Wi-Fi network or from
the internet.
• The module can be programmed using an Arduino/USB-to-TTL
converter through the serial pins (RX,TX).
• It uses the Lua scripting and C language with arduino software.
• NodeMCU Development board is featured with wifi capability, analog
pin, digital pins and serial communication protocols.
• NodeMCUDev Kit has Arduino like Analog (i.e. A0) and Digital (D0-
D8) pins on its board. It supports serial communication protocols i.e.
UART, SPI, I2C etc.
Fig. NodeMcuESP8266
Unit-3 Basics of Digital Forensic
Content:
– Digital forensics
• Introduction to digital forensic
• History of forensic
• Rules of digital forensic
• Definition of digital forensic
• Digital forensics investigation and its goal
– Models of Digital Forensic Investigation
• Digital Forensic Research Workshop Group (DFRWS) Investigative Model
• Abstract Digital Forensics Model (ADFM)
• Integrated Digital Investigation Process (IDIP)
• End to End digital investigation process (EEDIP)
• An extended model for cybercrime investigation
• UML modeling of digital forensic process model (UMDFPM)
– Ethical issues in digital forensic
• General ethical norms for investigators
• Unethical norms for investigation
Introduction to Digital Forensics
• Digital forensics is a branch of forensic science encompassing the
recovery and investigation of material found in digital devices, often in
relation to computer crime.
• Digital forensics includes the identification, recovery, investigation,
validation, and presentation of facts regarding digital evidence found on
computers or similar digital storage media devices.
Definition of Digital Forensics
• Digital forensics is a series of steps to uncover and analyses electronic
data through scientific method.
• Major goal of the process is to duplicate original data and preserve
original evidence and then performing the series of investigation by
collecting, identifying and validating digital information for the purpose
History of Forensic:

▪ Field of pc forensics began in 1980s when personal computers

became a viable possibility for the buyer.

▪ In 1984, an associate Federal Bureau of Investigation program

was created, which was referred to as magnet media program.

▪ It is currently referred to as Computer Analysis and Response

Team (CART).

▪ Michael Anderson, the Father of Computer Forensics, came

into limelight during this period.

▪ International Organization on Computer Evidence (IOCE) was

formed in 1995.
History of Forensic

▪ In 1998, INTERPOL Forensic Science symposium was

apprehended.

▪ In 1999, the FBI CART case load goes beyond 2000 case
examining, 17 terabytes of information.

▪ In 2000, the first FBI Regional Computer Forensic

Laboratory was recognized.

▪ In 2003, the FBI CART case load exceeds 6500 cases,

examining 782 terabytes of information.
Rule of Digital Forensics :
While performing digital forensics investigation, the investigator should
follow the given rules:
Rule 1. An examination should never be performed on the original
media.
Rule 2. A copy is made onto forensically sterile media. New media
should always be used if available.
Rule 3. The copy of the evidence must be an exact, bit-by-bit copy.
(Sometimes referred to as a bit-stream copy).
Rule 4. The computer and the data on it must be protected during the
acquisition of the media to ensure that the data is not modified.
Rule 5. The examination must be conducted in such a way as to
prevent any modification of the evidence.
Rule 6. The chain of the custody of all evidence must be clearly
maintained to provide an audit log of whom might have
accessed the evidence and at what time.
Digital Forensic Investigation
• Digital forensic investigation (DFI) is a special type of
investigation where the scientific procedures and techniques
used will be allowed to view the result- digital evidence- to be
admissible in a court of law.
Goal of Digital Forensic Investigation:
• The main objective of computer forensic investigation is to
examine digital evidences and to ensure that they have not
been tampered in any manner.
To achieve this goal, investigation must be done in following manner:
1. Handle and locate certain amount of valid data from large amount of
files stored in computer system.
2. It is viable that the information has been deleted, In such situation
searching inside the file is worthless.
3. If the files are secured by some passwords, investigators must find a
way to read the protected data in an unauthorized manner.
4. Data may be stored in damaged device but the investigator searches the
data in working devices.
5. Major obstacle is that, each and every case is different identifying the
techniques and tools will take long time.
6. The digital data found should be protected from being modified. It is
very tedious to prove that data under examination is unaltered.
7. Common procedure for investigation and standard techniques for
collecting and preserving digital evidences are desired.
Models of Digital Forensics:
Road map for Digital Forensic Research (RMDFR):
• Palmar designed a framework with the following indexed processes.
Six Phases of RMDFR are as follows:

▪ Identification:
• It recognizes an incident from indicators and determines its type.

▪ Preservation:
• Preservation stage corresponds to "freezing the crime scene".
• It consists in stopping or preventing any activities that can
damage digital information being collected.
• Preservation involves operations such as preventing people from
using computers during collection, stopping ongoing deletion
processes, and choosing the safest way to collect information.
Six Phases of RMDFR are as follows:
▪ Collection:
• Collection stage consists in finding and collecting digital information
that may be relevant to the investigation.
• Since digital information is stored in computers, collection of digital
information through equipment's containing the information, or
recording the information on some medium.
• Collection may involve copying or printing out contents of files from
a server, recording of network traffic, and so on.
▪ Examination:
• Examination stage consists in a " in-depth systematic search of
evidence" relating to the incident being investigated.
• The outputs of examination are data objects found in the collected
information.
• They may include logfiles, data files containing specific phrases,
times-stamps, and so on.
Six Phases of RMDFR are as follows:

▪ Analysis:
• The aim of analysis is to “draw conclusions based on evidence
found".

▪ Reporting:
▪ This entails writing a report outlining the examination process and
pertinent data recovered from the overall investigation.
Abstract Digital Forensic Model (ADFM):
• Reith, Carr, Gunsh proposed Abstract Digital Forensic model in
2002.
Phases of ADFM model are as follows:
• Identification –it recognizes an incident from indicators and
determines its type.
• Preparation –it involves the preparation of tools, techniques, search
warrants and monitoring authorization and management support
• Approach strategy –formulating procedures and approach to use in
order to maximize the collection of untainted evidence while
minimizing the impact to the victim
• Preservation–it involves the isolation, securing and preserving the
state of physical and digital evidence
Phases of ADFM model are as follows:
• Collection –This is to record the physical scene and duplicate digital
evidence using standardized and accepted procedures
• Examination –An in-depth systematic search of evidence relating to
the suspected crime. This focuses on identifying and locating
potential evidence.
• Analysis –This determines importance and probative value to the
case of the examined product
• Presentation -Summary and explanation of conclusion
• Returning Evidence –Physical and digital property returned to
proper owner
Integrated Digital Investigation Process (IDIP):
• Model has 5 groups and 17 phases are proposed by Carrier and
Safford.
The phases of IDIP are as follows:
▪ Readiness phase:
• The goal of this phase is to ensure that the operations and
infrastructure are able to fully support an investigation.
• It includes two phases:
1. Operations Readiness phase
2. Infrastructure Readiness phase
▪ Deployment phase:
• This phase provides mechanism for an incident to be detected and
confirmed.
• It includes two phases:
1. Detection and Notification phase: where the incident is detected
and then appropriate people notified.
2. Confirmation and Authorization phase: which confirms the
incident and obtains authorization for legal approval to carry out a
search warrant.
Physical Crime Investigation phase:
• In this phase, invesigator collect and analyze the physical evidence
and reconstruct the actions that took place during the incident.
• It includes six phases:

1.Preservation phase: which seeks to preserve the crime scene so

that evidence can be later identified and collected by personnel
trained in digital evidence identification.
2.Survey phase: Needs an investigator to walk through the
physical crime scene and identify pieces of physical evidence.
Physical Crime Investigation phase:
3. Documentation phase: which involves taking photographs, sketches,
and videos of the crime scene and the physical evidence. The goal is to
capture as much information as possible so that the layout and important
details of the crime scene are preserved and recorded.
4. Search and collection phase: that entails an in-depth search and
collection of the scene is performed so that additional physical evidence
is identified and hence paving way for a digital crime investigation to
begin
5. Reconstruction phase: which involves organizing the results from the
analysis done and using them to develop a theory for the incident.
6. Presentation phase: that presents the physical and digital evidence to a
court or corporate management.
Digital Crime Investigation phase:

▪ The goal is to collect and analyze the digital evidence that was
obtained from the physical investigation phase and through any other
future means. Here, primary focus is on the digital evidence.

▪ The six phases are:

1. Preservation phase: which preserves the digital crime scene so that
evidence can later be synchronized and analyzed for further
evidence.
2. Survey phase: whereby the investigator transfers the relevant data
from a venue out of physical or administrative control of the
investigator to a controlled location.
Digital Crime Investigation phase:
3. Documentation phase: which involves properly documenting
the digital evidence when it is found. This information is helpful
in the presentation phase.
4. Search and collection phase: whereby an in-depth analysis of
the digital evidence is performed. Software tools are used to
reveal hidden, deleted, swapped and corrupted files that were
used including the dates, duration, log file etc. Low-level time
analysis performed to trace a user’s activities and identity.
Digital Crime Investigation phase:
5. Reconstruction phase: which includes putting the pieces of a digital
puzzle together, and developing investigative hypotheses.
6. Presentation phase: that involves presenting the digital evidence
that was found to the physical investigative team.
• It is noteworthy that this DFPM facilitates concurrent execution of
physical and digital investigation.
Review phase:
• Review of the whole investigation and identifies areas of improvement.
• The IDIP model does well at illustrating the forensic process, and also
conforms to the cyber terrorism capabilities which require a digital
investigation to address issues of data protection, data acquisition,
imaging, extraction, interrogation, ingestion/normalization, analysis and
reporting.
• It also highlights the reconstruction of the events that led to the incident
and emphasizes reviewing the whole task.
End to End Digital Investigation Process (EEDIP):
• This model is proposed by Stephenson comprises of six major
mechanism within framework.
• EEDIP stands for End-to-End Digital Investigation Process which
ensures investigation operation from beginning to end.
The phases of EEDIP are as follows:
1.Identification phase involves identifying the nature of incident
from possible known indicators. Indicators are experience
investigator.
2.The preservation phase includes condensing the investigation and
finding till date.
3.The collection phase includes documentation of the physical scene
and replication of the digital evidence using approved standard
procedure.
4.Examination phase involves obtaining and studying the digital
evidence. Method of extraction is used for reconstructing data from
the media.
5.In the analysis phase the documented evidence is explored and
conclusions are drawn by integrating chunk of data.
6.The presentation phase involves summarizing the evidences found
in the process of investigation.
An Extended Model of Cybercrime Investigation (EMCI):
• Proposed by S. O. Ciardhuain- is more likely the most
comprehensive till date.
Phases of EMCI: The EMCI follows waterfall model as every activity
occurs in sequence.
• The sequence of examine, hypothesis, present, and prove/defend are
bound to be repeated as the evidence heap increases during the
investigation.
1. Awareness is the phase during which the investigator are informed
that a crime has taken place, the crime is reported to some authority.
An intrusion detection system may also triggered such awareness.
2. Authorization is the stage where the nature of investigation has been
identified and the unplanned authorization may be required to
proceed and the authorization is obtained internally or externally.
3. Planning is impacted by information from within and outside the
organization that will affect the investigation. Internal factors are the
organization policies, procedures, and former investigative
knowledge while outside factors consist of legal and other
requirements not known by the investigators.
UML modeling of digital forensic process model(UMDFPM):

• Kohn, Eloff, and Oliver proposed the UML Modeling of Digital

Forensic Process Model, for modeling forensic processes.

Fig. UML modeling of digital forensic process model

Phases of UMDFPM:
• Kohn and Oliver made use of UML and case diagram to demonstrate
all the phases and its interaction with all investigators.
• Two processes have been added to the activity diagram to club with
Kohn framework. These are “prepare” in the preparation phase and
“present” in presentation phase.
1. The whole process is trigged by criminal activity, which constitutes
of starting point. Prepare is the first step, and follows logically from
prepare to collect, authenticate, examination and the analyze
2. Authentication is introduce between examination and collection
phase to make sure that the data integrity of the data before the
examination is started is preserved.
Phases of UMDFPM:
3. Examination can alter the contents of data such as in the case of
compressed files, hidden files and other forms of data.
• The primary investigator will consider whether to analyze more data or
to extract more data from the original source.
• After reaching this decision points an evidence report is compiled as
part of the report procedure.
• Whole document is compiled during the investigation phase.
• The evidence document is the output of investigation phase.
Ethical issues in Digital Forensic:
• Ethics in digital forensic field can be defined as set of moral
principles that regulate the use of computers.
• Ethical decision making in digital forensic work comprises of one or
more of the following:
1. Honesty towards the investigation
2. Prudence means carefully handling the digital evidences
3. Compliance with the law and professional norms.
General ethical norms for investigator:
Investigator should satisfy the following points:
• Should contribute to the society and human being
• Should avoid harm to others
• Should be honest and trustworthy
• Should be fair and take action not to discriminate
• Should honor property rights, including copyrights and patents
• Should give proper credit to intellectual property
• Should respect the privacy of others
• Should honor confidentiality
Unethical norms for Digital Forensic Investigation
Investigator should not:
• Uphold any relevant evidence
• Declare any confidential matters or knowledge
• Express an opinion on the guilt or innocence belonging to any
party
• Engage or involve in any kind of unethical or illegal conduct
• Deliberately or knowingly undertake an assignment beyond him or
her capability
• Distort or falsify education, training, credentials
• Display bias or prejudice in findings or observation
• Exceed or outpace authorization in conducting examination
Sample Multiple Choice Questions: 3. Who proposed Road map model?
1. Digital forensics is all of them except: a) G. Gunsh
a) Extraction of computer data b) S. Ciardhuain
b) Preservation of computer data c)J. Korn
c) Interpretation of computer data d)G. Palmar
d) Manipulation of computer data 4. Investigator should satisfy the
2. IDIP stands for
following point:
a) Integrated Digital Investigation
Process a) Contribute to the society and human
b) Integrated Data Investigation Process being

c) Integrated Digital Investigator b) Avoid harm to others

Process c) Honest and trustworthy
d) Independent Digital Investigator d) All of the above
Process