SALUS addresses the growing security and forensic challenges posed by modern IoT and Cyber–Physical Systems operating across critical and highly heterogeneous environments. As IoT infrastructures rapidly expand into domains such as healthcare, energy, and public infrastructure, they become increasingly exposed to sophisticated physical, cyber, and cyber-physical attacks. SALUS responds to this challenge by equipping law enforcement authorities with advanced, lawful, and interoperable forensic capabilities tailored to complex IoT ecosystems. The project introduces new forensic investigation schemes that enable real-time threat detection, evidence collection, and cross-agency collaboration while fully respecting EU legal, ethical, and fundamental rights frameworks. At its core, SALUS leverages a novel Digital Twin infrastructure that mirrors real IoT environments, allowing proactive threat simulation, attack anticipation, and forensic preparedness. This is supported by a secure SDN-enabled IoT architecture that enables dynamic policy enforcement and controlled evidence interception. AI-powered forensic tools enhance IoT device discovery, behavioural analysis, and anomaly detection, while blockchain-based mechanisms ensure a trusted, auditable chain of custody. Operational requirements from police authorities are embedded throughout the design, supported by targeted training activities, joint exercises, and hackathons to ensure real-world applicability. SALUS also contributes to the development of investigation, technological, and security standards and fosters a strong ecosystem among EU-funded projects and law enforcement stakeholders. The solution is validated through five pilot use cases in collaboration with police authorities and critical infrastructure providers, including hospitals and a nuclear power plant.

Within SALUS, ITML is responsible for the technical coordination of project activities, acts as the provider of the Digital Twin infrastructure, and leads the development of Explainable AI models focused on analysing and interpreting IoT device behaviour.