IoT forensics: Analysis of a HIKVISION’s mobile app

CCTV surveillance systems are ubiquitous IoT products. These CCTV systems can be remotely operated using either a mobile or a desktop application. HIKVISION is a well-known manufacturer of such devices that offers a variety of applications that allow remote usage of their products. Research regarding digital forensics of HIKVISION’s CCTV systems is scarce and currently only limited to recovering video footage from the devices themselves, skipping all valuable artifacts that could reside within the applications’ data that were utilized to access them. This unexplored piece of evidence is currently not parsed by either commercial or open source software yet it can hide vital information for a number of investigative questions. In this paper, a HIKVISION’s mobile application is thoroughly analyzed, in both Android and iOS operating systems, in pursuit of evidentiary data that could reside within. Exploiting the findings of this study authors contributed to FOSS with the aim of assisting investigators with their examinations. In particular, they used their findings to develop relevant parsers for ALEAPP and iLEAPP.