BOHR International Journal of Internet of things, Artificial Intelligence and Machine Learning

With the exponential expansion of the Internet of Things (IoT) networks, the threat of cyberattacks has become particularly high across vulnerable sectors such as healthcare, smart infrastructure, and industrial control systems. Conventional centralized forensics has disadvantages in scalability, data privacy, and the ability to identify synchronized attacks quickly. This paper addresses the above shortcomings by proposing a new Federated Graph Convolutional Network (Fed-GCN) architecture for real-time forensic examination in distributed IoT settings. Its principal goal is to build a privacy-preserving graph-based solution that supports readiness in the forensic environment and defense against the transmission of raw data. The innovations in the work are the conjoint use of graph neural networks to detect contextual attacks, federated learning to ensure data confidentiality, and integration with blockchain-based logging to bind the evidence chain and produce immutable evidence. Among other outcomes, the proposed Fed-GCN architecture was coded in Python and tested on a multi-class intrusion dataset including 18,428 data samples and 79 features. The experimental performance is better than that of traditional methods, with 97.3% accuracy, a 94.2% F1-score, and a low false-positive rate of 6.7%. 100% forensic integrity check and evidence verification were achieved, with 96.4% evidence completeness in the logs and low communication overhead, demonstrating that it can be deployed in edge-based environments. Therefore, the proposed Fed-GCN can play a significant role in implementing forensic intelligence in IoT ecosystems by providing scalable, secure, and regulation-compliant solutions.