CCTV surveillance systems are IoT products that can be found almost everywhere. Their digital forensic analysis often plays a key role in solving crimes. However, it is common for these devices to use proprietary file systems, which frequently hinders a complete examination. HIKVISION is a well-known manufacturer of such devices that typically ships its products with its proprietary file system. The HIKVISION file system has been analyzed before but that research has focused on the recovery of video footage. In this paper, the HIKVISION file system is being revisited regarding the log records it stores. More specifically, these log records are thoroughly examined to uncover both their structure and meaning. These unexplored pieces of evidence remain unexploited by major commercial forensic software, yet they can contain critical information for an investigation. To further assist digital forensic examiners with their analysis, a Python utility, namely the Hikvision Log Analyzer, was developed as part of this study that can automate part of the process.
Keywords: CCTV; DVR; HIKVISION; HIKVISION file system; HIKVISION log records; Hikvision log analyzer; IoT forensics; NVR.
© 2023 The Authors. Journal of Forensic Sciences published by Wiley Periodicals LLC on behalf of American Academy of Forensic Sciences.