Forensic Analysis of Fitbit Versa: Android vs iOS

Fitbit Versa is the most popular of its predecessors and successors in the Fitbit faction. Increasingly data stored on these smart fitness devices, their linked applications and cloud datacenters are being used for criminal convictions there is limited research for investigators on wearable devices and specifically exploring evidence identification and methods of extraction. In this paper we present our analysis of Fitbit Versa using Cellebrite UFED and MSAB XRY. We present a clear scope for investigation and data significance based on the findings from our experiments the data recovery will include logical and physical extractions using devices running Android 9 and iOS 12, comparing between Cellebrite and XRY capabilities. This paper discusses databases and datatypes that can be recovered using different extraction and analysis techniques, providing a robust outlook of data availability. We also discuss the accuracy of recorded data compared to planned test instances, verifying the accuracy of individual data types the verifiable accuracy of some datatypes could prove useful if such data was required during the evidentiary processes of a forensic investigation

Forensic analysis of wearable devices: Fitbit, Garmin and HETP Watches

© 2019 IEEE. Wearable technology has been on an exponential rise and shows no signs of slowing down. One category of wearable technology is Fitness bands, which have the potential to show a user\u27s activity levels and location data. Such information stored in fitness bands is just the beginning of a long trail of evidence fitness bands can store, which represents a huge opportunity to digital forensic practitioners. On the surface of recent work and research in this area, there does not appear to be any similar work that has already taken place on fitness bands and particularly, the devices in this study, a Garmin Forerunner 110, a Fitbit Charge HR and a Generic low-cost HETP fitness tracker. In this paper, we present our analysis of these devices for any possible digital evidence in a forensically sound manner, identifying files of interest and location data on the device. Data accuracy and validity of the evidence is shown, as a test run scenario wearing all of the devices allowed for data comparison analysis

Digital Forensic Acquisition and Analysis of Discord Applications

© 2020 IEEE. Digital forensic analyses are being applied to a variety of domains as the scope and potential of digital evidence available is vast. The importance of forensic analyses of web-based devices and tools is increasing, coinciding with the rise in online criminal activity. Discord - an application that allows text, image, video, and audio communication using VoIP - has become increasingly popular and is consequently subject to increased use by cybercriminals. While researching Discord servers and forensic artefacts, it is apparent that there is limited literature and experimentation in this domain. This paper presents our research into digital forensic analyses of Discord client-side artefacts and presents DiscFor, a novel tool designed for the extraction, analysis, and presentation of Discord data in a forensically sound manner. DiscFor creates a safe copy of said data, presenting the current cache state and converting data files into a readable format

Forensic Analysis of Microsoft Teams: Investigating Memory, Disk and Network

Videoconferencing applications have seen a jump in their userbase owing to the COVID-19 pandemic. The security of these applications has certainly been a hot topic since millions of VoIP users’ data is involved. However, research pertaining to VoIP forensics is still limited to Skype and Zoom. This paper presents a detailed forensic analysis of Microsoft Teams, one of the top 3 videoconferencing applications, in the areas of memory, disk-space and network forensics. Extracted artifacts include critical user data, such as emails, user account information, profile photos, exchanged (including deleted) messages, exchanged text/media files, timestamps and Advanced Encryption Standard encryption keys. The encrypted network traffic is investigated to reconstruct client-server connections involved in a Microsoft Teams meeting with IP addresses, timestamps and digital certificates. The conducted analysis demonstrates that, with strong security mechanisms in place, user data can still be extracted from a client’s desktop. The artifacts also serve as digital evidence in the court of Law, in addition to providing forensic analysts a reference for cases involving Microsoft Teams

Drone forensics: A case study on DJI phantom 4

© 2019 IEEE. Unmanned Aerial Vehicles (UAVs) (a.k.a drones) have grown in popularity mainly due to its\u27 ease of use, wide variety of uses, availability and inexpensiveness nature of the devices. This rapid proliferation of UAVs has also augmented with several security issues and societal crimes pertaining to the illicit activities, making them rich sources of evidence. Therefore, it is crucial for digital forensics examiners to have the capability to recover, analyze, and authenticate the source of content stored on these devices. In this research, we perform a forensic investigation on an Unmanned Aircraft System, specifically the DJI Phantom 4 Vision, using several smartphone devices such as iPhone 6, iPhone 7 Plus, iPhone 10, Samsung Note 3, Samsung S7, Microsoft Lumia, CKTEL G5 Plus and G-Tide_s4 with different operating systems (iOS, Windows Phone and Android). In addition, we investigate and examine the logical backup acquisition of the iPhone 6, iPhone 7 Plus and iPhone 10 mobile devices using Apple iTunes backup utility. It was found that the DJI Phantom 4 App contains a significant amount of forensics data. Moreover, we acquired useful data from the SD card of mobile devices including controller and the drone

Forensic investigation of small-scale digital devices: a futuristic view

Small-scale digital devices like smartphones, smart toys, drones, gaming consoles, tablets, and other personal data assistants have now become ingrained constituents in our daily lives. These devices store massive amounts of data related to individual traits of users, their routine operations, medical histories, and financial information. At the same time, with continuously evolving technology, the diversity in operating systems, client storage localities, remote/cloud storages and backups, and encryption practices renders the forensic analysis task multi-faceted. This makes forensic investigators having to deal with an array of novel challenges. This study reviews the forensic frameworks and procedures used in investigating small-scale digital devices. While highlighting the challenges faced by digital forensics, we explore how cutting-edge technologies like Blockchain, Artificial Intelligence, Machine Learning, and Data Science may play a role in remedying concerns. The review aims to accumulate state-of-the-art and identify a futuristic approach for investigating SSDDs

Deep COLA: A deep COmpetitive Learning Algorithm for future home energy management systems

A smart grid ecosystem requires intelligent Home Energy Management Systems (HEMSs) that allow the adequate monitoring and control of appliance-level energy consumption in a given household. They should be able to: i) profile highly non-stationary and non-linear measurements and ii) conduct correlations of such measurements with diverse inputs (e.g. environmental factors) in order to improve the end-user experience, as well as to aid the overall demand-response optimisation process. However, traditional approaches in HEMS lack the ability to capture diverse variations in appliance-level energy consumption due to unpredictable human behavior and also require high computation to process large datasets. In this article, we go beyond current profiling schemes by proposing Deep COLA; a novel Deep COmpetitive Learning Algorithm that addresses the limitations of existing work in terms of high dimensional data and enables more efficient and accurate clustering of appliance-level energy consumption. The proposed approach reduces human intervention by automatically selecting load profiles and models variations and uncertainty in human behavior during appliance usage. We demonstrate that our proposed scheme is far more computationally efficient and scalable data-wise than three popular conventional clustering approaches namely, K-Means, DBSCAN and SOM, using real household datasets. Moreover, we exhibit that Deep COLA identifies per-household behavioral associations that could aid future HEMSs