© 2018 IEEE. For forensically analyzing incidents, it is important to gather as much data about the incident as possible. In the case of WSNs, this means that data has to be extracted from the sensor nodes, when a compromise or other security incident occurs. Among the data to be extracted are the program running on the node, so it can be analyzed for tampering, as well as the log and configuration flash memory usually stored on a separate chip on the sensor node. In this paper we will present how to perform an extraction of RAM, program memory, and flash memory with their necessary tools, and steps. Finally, information about the compromise can be gathered from the node’s RAM, program, and flash memory especially if for example a vulnerability in the software running on the node was exploited, the (commonly small) RAM, program, and flash memory can be examined for anomalies.
- Data mining,
- Flash memory,
- Information systems,
- Information use,
- Random access storage,
- Digital investigation,
- Program memory,
- Security incident,
- Sensor nodes
Available at: http://works.bepress.com/omar-alfandi/61/