Wearable Forensics Update

Forensic Analysis of Wearable Technology

If you haven’t already read the Wearables Team’s first blog, read it here. The team is researching the capabilities and evidence left from wearable technology, in particular four devices: the Samsung Galaxy Watch, the Fitbit Versa, the Garmin Fenix 5, and the Apple Watch Series 4.

Datagen

When the team finished their research, they moved on to data generation. The wearables team began by testing what they could at the lab here at the LCDI. They tested a wide range of capabilities such as: attempting to download applications to the watches, performing a stress test, taking a screenshot, and completing breathing tests. After their in house data generation, one team member took the Samsung Galaxy Watch and the Fitbit Versa home for a full day of datagen. The test subject recorded walking around Burlington, doing a swim workout, doing yoga, and sleeping. This gave the team plenty of data to use for their project.

…and Databases.

After the data generation, the team got to work on acquiring and imaging the phones. They specifically targeted the associated data with the health and watch applications for each device. The data the team found was mostly stored in SQL databases, a common format for mobile devices to keep data in. Within these databases, the team discovered many interesting artifacts that could be applied in forensic investigations. For instance, one of the artifacts the Wearables team found was device data for the Galaxy Watch. The database shows some key device information such as the name, model, and what appears to be a unique MAC (Media Access Control) address for the bluetooth adapter. Investigators could use this to prove the connection between a user’s phone and their Galaxy Watch.

The rest of the team’s artifact findings will be featured in our report at the end of our project.

Where to Next?

The Wearables Team is proud to share a small piece of their research! In the coming weeks, the team plans to perform another round of data generation on the Galaxy Watch and Fitbit Versa. This time, they plan on utilizing the NFC (Near-field communication) payment and messaging capabilities of these devices. Though the Galaxy Watch and Fitbit Versa portion of their research is concluding, the team is excited to continue their research with the Garmin Fenix 5 and Apple Watch Series 4. Be sure to check back in for more blog posts on their progress!

More Research Projects
CyberRange Team: Creating The Perfect Sandbox Environment
The Internet of Things Team: An Inside Look
CyberTech: Creating a Safer Internet Through Education