每周報告‎ > ‎

2015-12-08-CW-Watch what you wear preliminary forensic analysis of smart watches

張貼者:2016年1月11日 上午7:45莊志偉   [ 已更新 2016年1月13日 上午9:18 ]
This work presents preliminary forensic analysis
of two popular smart watches, the Samsung Gear 2 Neo and
LG G. These wearable computing devices have the form
factor of watches and sync with smart phones to display
notifications, track footsteps and record voice messages. We
posit that as smart watches are adopted by more users, the
potential for them becoming a haven for digital evidence will
increase thus providing utility for this preliminary work. In
our work, we examined the forensic artifacts that are left on
a Samsung Galaxy S4 Active phone that was used to sync
with the Samsung Gear 2 Neo watch and the LG G watch.
We further outline a methodology for physically acquiring
data from the watches after gaining root access to them. Our
results show that we can recover a swath of digital evidence
directly form the watches when compared to the data on
the phone that is synced with the watches. Furthermore,
to root the LG G watch, the watch has to be reset to its
factory settings which is alarming because the process may
delete data of forensic relevance. Although this method is
forensically intrusive, it may be used for acquiring data from
already rooted LG watches. It is our observation that the
data at the core of the functionality of at least the two tested
smart watches, messages, health and fitness data, e-mails,
contacts, events and notifications are accessible directly from
the acquired images of the watches, which affirms our claim
that the forensic value of evidence from smart watches is
worthy of further study and should be investigated both at
a high level and with greater specificity and granularity.
Comments