Google glass forensics
glass artifacts
Since our initial blog post, we have begun to generate user data on the Glass device, but have been having difficulties with the smartphone counterpart. Originally, we generated data on Glass using a Nexus 5 device and we were able to retrieve artifacts off of Glass, but the Nexus 5 was not able to be imaged. This left us in search of a new Android smartphone. Using Cellebrite to pull data off of the Glass and then using EnCase to view the results, we have been able to retrieve these artifacts:
photos/videos
(File path: <root>\data\media\DCIM\Camera)
Contacts
(File path: <root>\data\data\com.google.glass.home\databases\entity.db)
The screenshot below shows the database file we recovered, containing data related to the contacts we added through the MyGlass app on the Nexus 5.
browser history
(File path: <root>\data\data\com.google.glass.browser\cache\webviewCacheChromium\data_1)
During data generation, we searched the internet on Glass for “Synergy Ski,” and we were able to find the Amazon webpage viewed previously, which you can see in the screenshot below.
voice recordings
(File path: <root>\data\data\com.google.glass.voice\recorded_audio)
We found an audio file recorded by Glass, leading us to believe that Glass randomly records the voice of the user at certain times. It is possible that Glass records the user’s voice when he or she asks a question, but there was only one recording found, so we can’t be certain. This file was a .pcm extension, which we loaded into Audacity as a raw data file to listen to.
WI-FI
(File path: <root>\data\misc\wifi\wpa_supplicant.conf)
We were also able to come across Wi-Fi connections that Glass had stored. This file shows the password of the connected Wi-Fi in plaintext.
NEW ANDROID DEVICE
We were fortunate to get this data off of the Glass, but we were not able to image the Nexus 5 using Cellebrite. After we were not able to see any artifacts left behind on the smartphone, we looked into purchasing another Android device that is compatible with Cellebrite and have decided on the Samsung Galaxy SIII mini. We have made some great discoveries so far, and having the SIII to generate data on will increase our knowledge of how Google Glass operates.