Forensic Analysis of Wearable Technology

Previously, the Leahy Center for Digital Investigations Wearables Team posted a third blog about their research, specifically pertaining to the Samsung Galaxy Watch and the Fitbit Versa. For the remainder of the semester, the team will be investigating the Garmin Fenix 5 and the Apple Watch Series 4. This week, the team began the first half of data generation for the two devices. We specifically tested fitness tracking, GPS and location tracking, and heart rate monitoring. While the data generation timeline is similar to the Fitbit and Samsung timeline, due to their higher sophistication and varied functionality, the Apple Watch and Garmin Fenix 5 needed more extensive testing.

Apple Watch

The Apple Watch is probably the most robust in functionalities and largest in international market share, according to IDC. The Apple Watch Series 4 includes every single functionality we looked into testing for the other devices, including NFC Payment, which wasn’t available for some others. From the first use, the Apple Watch seems to hold very accurate and detailed information; the team is excited to try to see how this data is stored on the phone.

The team also hopes to test the fall detection feature of the device. This functionality displays an alert on the watch using the accelerator and gryoscope to detect a hard fall. The user has a minute to respond to the screen prompt to call emergency services or confirm they are okay. If more than a minute passes, the watch will automatically send the user’s information and location to EMS. The team hopes to use this to illustrate the timeline that can be built from Apple Watch information in investigations.

Garmin

While Garmin only has a quarter of the market share that Apple does, the company is known for its impressively accurate fitness tracking devices. The team performed the first set of tests on the Garmin Fenix 5 this past week. The watch differs from the other three watches in that it doesn’t have a touch screen; however, the fitness tracking seems to be the most accurate of them all. The Garmin is one of the most interesting devices to investigate because the charging port is also a data transfer port. This means the team is able to directly see the data on the watch by plugging it into the computer.

Final Weeks

The team has a month left to research, run tests, and finalize their report on the four devices. Make sure to check back in to see their final report. This update will include all tests, notable results, and how to compile data from the devices and paired phones!

The post Wearable Forensics Blog 4 appeared first on The Leahy Center for Digital Investigation.

Forensic Analysis of Wearable Technology

Previously, the Leahy Center for Digital Investigations Wearables Team posted in their second blog about their progress this semester with the Samsung Galaxy Watch, the Fitbit Versa, the Garmin Fenix 5, and the Apple Watch Series 4.

A Second Datagen

The team decided it would be a good call to redo their data generation from the previous weeks to prove that the data they collected would be in the same files. The team performed a second round of data gen with the same actions as the first one. Thankfully, this round of data gen went exactly the same as the last one.

When they returned the next day, the team began the exciting process of analyzing the data. The results they got were very similar to the first round of data gen. Previous artifacts were confirmed and no new information was found within the phones. After they confirmed their findings, they decided to move on to test one new capability of the watches: mobile payments.

NFC Payment & Google Fi

The team looked into mobile payments with the Samsung Galaxy Watch using a Visa gift card. Unfortunately, the Galaxy Watch was paired up with a Google Pixel 3, and the Samsung Pay is incompatible with any phone besides another Samsung phone. As a result, the team was unable to test NFC payment on the Samsung Watch. The team was also unable to test this capability with the Fitbit versa. It is only available on the special edition, which the team did not have.

Caption: The team tested notifications with the Google Fi account by sending and receiving text messages. The team responded to some of these from the watches, but it was all available in the exported application data.

To test notifications on each of the watches, the team created a Google Fi account for the Google Pixel phones. The team used other phones to message the Google Pixel 3 phones and noted the notifications on the watches. They also performed a phone application acquisition pull for each of the paired devices to find what information was located on the phone itself.

Wrapping Up…

As the team wraps up their work on the Samsung Galaxy Watch and Fitbit Versa, they look forward to working with the last two devices: the Apple Watch Series 4 and the Garmin Fenix. They plan on following a similar methodology to the Fitbit and Galaxy watches, create data, and pull the applications from their respective devices in order to examine and analyze the watches. They’ll be posting another blog post with another status update soon, so be sure to check us out on Twitter @ChampForensics, Instagram@ChampForensics, and Facebook@ChamplainLCDI to keep up to date with our progress!

The post Wearable Forensics Team Blog 3 appeared first on The Leahy Center for Digital Investigation.

Forensic Analysis of Wearable Technology

If you haven’t already read the Wearables Team’s first blog, read it here. The team is researching the capabilities and evidence left from wearable technology, in particular four devices: the Samsung Galaxy Watch, the Fitbit Versa, the Garmin Fenix 5, and the Apple Watch Series 4.

Datagen

When the team finished their research, they moved on to data generation. The wearables team began by testing what they could at the lab here at the LCDI. They tested a wide range of capabilities such as: attempting to download applications to the watches, performing a stress test, taking a screenshot, and completing breathing tests. After their in house data generation, one team member took the Samsung Galaxy Watch and the Fitbit Versa home for a full day of datagen. The test subject recorded walking around Burlington, doing a swim workout, doing yoga, and sleeping. This gave the team plenty of data to use for their project.

…and Databases.

After the data generation, the team got to work on acquiring and imaging the phones. They specifically targeted the associated data with the health and watch applications for each device. The data the team found was mostly stored in SQL databases, a common format for mobile devices to keep data in. Within these databases, the team discovered many interesting artifacts that could be applied in forensic investigations. For instance, one of the artifacts the Wearables team found was device data for the Galaxy Watch. The database shows some key device information such as the name, model, and what appears to be a unique MAC (Media Access Control) address for the bluetooth adapter. Investigators could use this to prove the connection between a user’s phone and their Galaxy Watch.

The rest of the team’s artifact findings will be featured in our report at the end of our project.

Where to Next?

The Wearables Team is proud to share a small piece of their research! In the coming weeks, the team plans to perform another round of data generation on the Galaxy Watch and Fitbit Versa. This time, they plan on utilizing the NFC (Near-field communication) payment and messaging capabilities of these devices. Though the Galaxy Watch and Fitbit Versa portion of their research is concluding, the team is excited to continue their research with the Garmin Fenix 5 and Apple Watch Series 4. Be sure to check back in for more blog posts on their progress!

The post Wearable Forensics Update appeared first on The Leahy Center for Digital Investigation.