0% found this document useful (0 votes)
39 views11 pages

Chapter 9

Smart wearable Forensics

Uploaded by

noorbasirah05
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
39 views11 pages

Chapter 9

Smart wearable Forensics

Uploaded by

noorbasirah05
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Chapter 9: Smart Wearables Forensics

Smart Wearables are devices that can be worn and work as an end device in an IoT
environment. Usually when ever the world smart wearables come in mind, the first
gadget that gets focus is smart watches. But smart wearables are not confined to smart
watches only. There are many other smart wearables also that are available in the market.
As these devices are connected in some smart environment, so they need to maintain
digital security requirements. Digital Forensics can be used to document any crime that is
arrived in any smart environment. As an end device, smart wearables also can help to
provide evidence for the forensics process.
The future of wearable technology is predicted to go far beyond exercise trackers.
However, advances in material fabrication for flexible electronics coupled with the
availability of smaller power sources that power to the top in an instant are already
reducing the size of wearables. Wearable technology could provide us with the ability to
monitor our fitness levels, track our location with GPS, and view text messages more
quickly.
Examples of Smart Wearable Devices:
A wrist-based wearables like health-oriented devices that go a step (or two) beyond what
fitness trackers offer these days. Another such device is akin to the device Amazon has
reportedly patented: a voice-activated wearable device that can recognize human
emotions or Empatica’s Embrace, a medically approved advanced seizure monitoring
device.
Healthcare is undergoing huge changes driven by rising adoption and integration of voice
technology, which makes it particularly appealing to tech firms. There will be an increase
in number of such devices in the future. Technology is already there for the development
of such smart wearables. For instance, there is a company called audEERING with
a 92% classification accuracy of identifying early symptoms of Parkinson’s disease
through voice analysis. By detecting tiny changes in a person’ voice, voice technology is
able to not only detect person’s emotional state from the sound of his or her voice, but
also mental abilities and critical diseases. This is a commendable development that will
have the most impact with early detection and estimation of disease progression in order
to deliver prompt and effective treatment.
The focus of voice Artificial Intelligence in a healthcare environment will be facilitating
real-time data to improve patient care and make it more personal. There can be a
streamlined medical experience with the added convenience of online check-ups and a
faster response (certainly beats going multiple times to a doctor).
In fact, the same company is collaborating on medical smart glasses that should be
available in 2020, where real time emotion detection should help in early diagnostics of
serious diseases like depression, Parkinson’s, and Alzheimer's, as well as common burn-
out. The category of smart glasses is already developing, with products like Vuzix Blades
which are powered by augmented reality (AR) and come with Alexa, Amazon's virtual
assistant.
There are also smart earbuds or hearables that effectively combine wireless listening
with the capabilities of voice assistants and a wide range of smart devices. For instance,
Bragi Dash Pro has real-time translation, automatic activity training, Alexa support, and
more cool and arguably smart features.
As a more far-fetched predictions, some type of advanced lenses could also have the
prefix smart in the foreseeable future and play a major role in the further shift to an
interconnected user experience.

Figure 9.1: Smart Wearable Devices


Factors fueling the growth of the Wearable Device Market:
There are many factors that are fueling this smart wearable device market. Following is
some of the factors.
1. Massive demand for on-the-go monitoring equipment
2. Increasing demand for IoT based Connected health monitoring devices with higher
accessibility
3. Preference for sleek and compact healthcare devices for easy handling
4. The popularity of biosensor-based devices
5. Rising demand for smart Watches and small pocket-sized devices for continual
health monitoring

1.1. Introduction to Smart Wearables Forensics


As discussed previously, the smart wearable devices are increasing and even new
concepts and ideas are evolving in this field. These devices are connected in an IoT
environment and can provide strong evidence to the forensics investigators.
Smart Wearables forensics is a branch of digital forensics which deals with the retrieval
of the digital evidence from Smart wearables. The data acquisition process is critical.
Examiner can adopt different acquisition methods according to their requirement.
There is no single tool available for the complete Smart wearable Forensics process.
Forensics tools are the backbone of the forensics process. These tools help us acquire the
data as well as analyze the data. There are many tools available in the market. But for
smart wearable Forensics one can use tools for device forensics, network forensics and
cloud forensics. The first step of the forensics process is the acquisition process. The
most famous tool for data acquisition is Access Data FTK Imager, Dumpit and Magnet
Axiom etc. they can capture the RAM or the permanent Memory for further analysis.
There are a lot of tools for the Analysis step. Computer Aided Investigative Environment
(CAINE) is an open-source forensic toll that can help in many forensic phases. Sleuth kit
Autopsy is a tool for the investigation of devices. it is available in a standalone version
and also pre-installed in Kali Linux. EnCase is a useful tool for the forensic analysis of
the image files. Bulk Extractor is a useful tool to extract information from the disk
images and then scans it for the analysis purpose. Magnet Internet Evidence Finder (IEF)
is also a scan tool that scans the forensic images and data from the internet history.
Then we have Wireshark, a very famous tool for network analysis. As the network log
data for the smart wearables is not large enough so this tool is best for the network
analysis of smart wearables. This tool too is available as standalone or pre-installed in
Kali Linux.
Cloud forensics is still a new branch so little tools are available for it. FORST is an open
stack cloud computing platform that gathers API calls etc from virtual users. UFED cloud
analyzer is another tool that collects the metadata data information from the acquired user
data. There is another Docker forensics Toolkit, that extracts and analyse the data from
the host system.
From a scientific standpoint, a study of the activities and methodology of hackers and
cyber-criminals, together with a digital forensic analysis of the tools and techniques that
they employ, may yield insights into prevailing or future attack trends, the workings of
cyber-criminal networks, and emerging strains of malware. These can add considerable
input to knowledge and best practice resources, and threat intelligence databases.
In terms of enterprise security, the evidence gleaned from digital forensic analysis aids in
incident response and remediation activities, once a successful cyber-attack or data
breach has been detected. Information may be obtained on attack vectors, new or
specialized forms of malware, and Advanced Persistent Threats (APTs). These are the
kind of sustained and subtle cyber-attacks that can take place undetected over a period of
months, or even years, with the assailants deploying a number of different techniques to
gain network access, spread through a system, then hone in on their desired objectives.

1.2. Need of Digital Forensics of smart watch


Just as in the physical world, we leave traces of ourselves – fingerprints, hairs, clothing
fibers, DNA, etc. – when we move and interact with people, places, and objects, so too do
activities in the digital realm leave pieces or echoes of themselves. These virtual or
digital traces – think file fragments, activity logs, timestamps, metadata, and so on – may
be deemed to be of value, for any number of reasons.
They may be useful as evidence in establishing the origins of a document or piece of
software, for legal purposes in determining the activities of the parties involved in a
criminal case, or even as a resource for cyber-criminals looking to reconstruct
information or identifying credentials on their victims.
Whatever the motivation, the examination, interpretation, or reconstruction of trace
evidence in the computing environment falls within the realm of digital forensics. Smart
Wearables are new technology and have been flourished after the growth of IoT. These
devices are function based and perform particular functions. There demand is increasing
as they provide many facilities. Smart wearables are not confined to just wrist based
smart watches but have other designs and usage too. These devices collect data about an
individual which is critical.
Given the huge numbers of IoT (Internet of Things) devices in the world, it should come
as no surprise that there’s a whole sub-section of the digital forensic discipline, dedicated
to this sort of hardware. Being one of an end device in an IoT environment, Smart
wearables can provide a great source of evidence for the digital forensics process.
This field embraces a number of areas including the recovery of lost data and user
information, the analysis and extraction of detail from collected details like heart beat etc,
and the detection and removal of malwares (including spyware, adware, and
ransomware).
Activities conducted on smart wearables and connected networks routinely leave some
kind of “digital fingerprint”. These may range from caches and cookies, through to
deleted file fragments, headers, document metadata, process logs, and backup files.
For the security professionals protecting an enterprise – or the investigators working to
trace the origins of a breach – any or all of these aspects of forensic digital evidence
might be key in documenting an incident, formulating a response, or building a strategy
for future operations.

1.3. Forensics Analysis Procedure


A general forensic framework for Smart Wearables has mainly four phases:
Identification, data acquisition, Examination and reporting as shown in figure 9.2.
Figure 9.2: Digital Forensics steps for the Smart Wearables Devices

1. Identification Phase:
In this step the investigators identify the device i.e the smart wearable and identify
the IoT environment in which they are connected. The second thing is to
confiscate the smart wearables. These devices are connected mostly using the
Bluetooth connection, Wi-Fi access point or Telecommunication Network.
Disconnect the Smarrt wearable device for all the telecommunication services,
Bluetooth, Wi-Fi connection, infrared etc. by placing in a bag that can guard
against any radio or electromagnetic waves, for example, faraday’s bag.

2. Data Acquisition Phase:


In this step the investigators collect data from the confiscated Smart wearable
device. The Forensic investigators then do evaluations to check if the data is
enough for the analysis or more data collection is required. If the data is not
enough then the investigator team will again collect data from other connected
devices.
There are mostly two type of data acquisition process that are used in case of the
smart wearable devices.
a. Logical Acquisition
As the name suggests, logical acquisition is the data acquisition from the
logical storage. It includes files and directories that reside on the
filesystem. It is quick way to acquire data. The drawback is that this cannot
capture the deleted files. There are many forensic tools available for the
logical acquisition.
b. Physical Acquisition
Physical acquisition of the data is the best data acquisition technique but it
takes lots of time. It creates a bit-by-bit clone of the hard drive. The
physical acquisition, even acquire the deleted data files. There two types of
physical acquisition. Sometimes hardware components are removed from
the device for example, in chip off method memory chip is removed to
acquire data. This method does not require root access. Unlike the
hardware-based acquisition, the software acquisition does not cause any
harm to the memory but require root privilege.

3. Examination Phase:
The most important step of the of any digital Forensics process is to examine and
analyse the collected evidence. Many forensic tools can be used for the purpose.
As Smart wearable Forensics do not have any single tool that is particularly
available for the DF process. Tool for other Forensics branches can help. Along
with memory and Device Forensics, Network and cloud Forensics tools and
process are also used to examine the data collected from the wearables and the
network in which they are connected.

Table 9.1: Open-Source Tools for Smart Wearable Forensics


Memory/ Device Network Forensics Cloud Forensics
Forensics

Bulk Extractor, FORST, UFED


EnCase, Sleuth Kit Cloud Analyzer,
Nmap, Wireshark
Autopsy, Docker Forensics
CAINE Toolkit

4. Reporting and Documentation:


The final investigation report is created by the investigators after the required
analysis of the evidence data. Final decision is taken then that if the report is
worthy enough to be presented in the court or not.

1.4. Evidence Sources


Forensics process require collection of data through devices, nodes and network. Sources
of Evidences can be many as the smart wearables are connected in an IoT environment,
because IoT is giant network of many smart devices.
1. Smart wearable Device:
The source of evidence can be Smart wearable itself. It has some sort of memory
that can be obtained to acquire the data. The data can acquire using either of two
methods as discussed above, i.e logical acquisition and physical acquisition.

2. Data from Network:


The second important source of evidence in case of the smart wearables Forensics
is the network. The network analysis can also tell a lot of things about the crime
scene.

3. Data From Cloud:


Thirdly the cloud can be a source of evidence. Cloud is an on demand scalable
computing virtualization system. The data from the smart wearables is mostly
transferred to some cloud so that’s why we also need to acquire data from the
cloud.

As with the gathering of evidence in physical investigations, care must be exercised in


digital forensic collection to ensure that the data being collected for analysis is as pure
and undisturbed as possible.
Bearing in mind that data on smart wearables are altered in some way even if you just
open them in their related application without saving them, a system that’s suspected to
hold forensic evidence which might be relevant to a case should remain untouched until
that information can be extracted in a non-disruptive manner. This also holds true for
incidents where the authentication of certain files, the ways in which they’ve been
accessed or used, and the timelines of critical events have to be established.
Digital forensic collection of smart wearable data (the process of gathering data before it
can can be analyzed forensically) typically begins with the taking of a “bit-level” image
of the hard drive or storage media of the system involved. As the name suggests, this is
an exact duplicate or clone of the storage drive at the time the image is taken. It’s
achieved by using a device known as a write-blocker, which is capable of making a copy
of information from a device that’s turned off.
On occasions where it’s necessary to examine a device and read information from it
while it’s still in operation (if for example turning off the device would cause valuable
evidence to disappear from memory, or cause damages or losses to the owner), what’s
known as a “live acquisition” may be performed. This involves running a small
diagnostic program on the target system, which copies information over to the forensic
examiner’s hard drive.
For legal purposes, such a live acquisition may still produce digital forensic evidence
that’s admissible in court – so long as the examiner can adequately prove that their
intrusive intervention was absolutely necessary.
Challenges faced during Evidence Collection:
Smart Wearable Devices are not similar to complex computers or mobile phone where
there is proper circuitry and the memory etc. These devices can be as simple as an
embedded chip. They a small memory attached to them [3]. Their memory is so small
that they cannot store much data, and they try to transfer this data to the cloud as soon as
possible. Sometimes these devices also overwrite the memory. Subsequently, when a
forensic investigator tries to capture data from these devices, he cannot collect the
complete data. Sometimes they do not store the metadata [2] such as any temporal
information like the time of creation, accessed time etc. which is very important for the
investigator to give some verdict.

1.5. Challenges to Smart wearables Forensics


Smart wearable forensics seems easier but is a complex process due to data acquisition
from various areas and multiple level of forensic methods involved in it. Each step faces
a lot of challenges. Following are some challenges that examiner face during the Smart
wearable forensic process.
1. Hardware Differences:
The fact that the Smart wearables have different types of the hardware due to
different functions and sensors is the most common challenge to any examiner
who is performing the digital forensics on a smart wearable. The hardware of the
smart wearable is important to be considered especially when it comes to preserve
the memory chip.

2. Dynamic nature of evidence


Smart wearables have dynamic nature. The user data can be altered or moved
intentionally or unintentionally.

3. Lack of resources
As discussed above that there are a lot of different manufacturers and variants of
Smart wearables. Each have different hardware, OS, filesystem formats and other
features. A single tool might not be enough to perform forensic analysis on all of
them. However, choosing the right tool is a very challenging task.

4. Legal issues
There is no doubt that the telecommunication system has made this world a small
village. The criminal activities are also spread across the borders due to the
extended communication system. Forensic examiners might face many
multijurisdictional issues related to the Smart wearbles seizure, data acquisition
etc. as these devices are connected in some IoT environment.

5. Complicated Network Topologies


Network topologies greatly affect not only the IoT ecosystem and the connected
end devices like smart wearables but also the Smart wearable forensics. The
topology used between the smart wearable and the cloud is very important. It has
been seen that with LAN the forensic analysis becomes easier. Whereas with
complex topologies like MAN and WAN the forensic analysis become more
complicated. Even many tools do not work properly when the network log data is
large.

6. Imaging of IoT Devices:


One way of data acquisition of Smart wearables is by taking the memory image.
Most of such devices have a very small storages and there is a high chance that
they have overwritten the required data. Therefore, the images taken are not the
ones that can be fruitful for the forensic procedure.

7. Securing the Chain of Custody


The validation of the evidence in the court is linked to the chain of custody. The
integrity of the evidence must be maintained.

8. Forensic Framework
Till date there is not a single framework for which the forensic researchers have a
complete consensus. Many researchers have given their own frameworks that are
useful for the process. But there is a dire need of a general framework that can be
followed by everyone.

9. Data acquisition issues due to proprietary concerns


Data acquisition can be a challenge when the investigator needs to collect data
from the cloud server. As the smart wearable devices transfer data to the cloud
server, so there is a need to acquire data from cloud too. Here the proprietary
concerns can be a challenge.

References
[1]. Dawson, L., & Akinbi, A. (2021). Challenges and opportunities for wearable IoT forensics:
TomTom Spark 3 as a case study. Forensic Science International: Reports, 3, 100198.
[2]. F. Servida and E. Casey, “IoT forensic challenges and opportunities for digital traces,” Digital
Investigation, vol. 28, pp. S22–S29, Apr. 2019, doi: 10.1016/j.diin.2019.01.012.
[3]. MacDermott, T. Baker and Q. Shi, "Iot Forensics: Challenges for the Ioa Era," 2018 9th IFIP
International Conference on New Technologies, Mobility and Security (NTMS), 2018, pp. 1-5,
doi: 10.1109/NTMS.2018.8328748.
[4]. Kim, M., Shin, Y., Jo, W. et al. Digital forensic analysis of intelligent and smart IoT devices. J
Supercomput (2022). https://doi.org/10.1007/s11227-022-04639-5
[5]. Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E., & Markakis, E. K. (2020). A survey
on the internet of things (IoT) forensics: challenges, approaches, and open issues. IEEE
Communications Surveys & Tutorials, 22(2), 1191-1221.
[6]. Baggili, I., Oduro, J., Anthony, K., Breitinger, F., & McGee, G. (2015, August). Watch what you
wear: preliminary forensic analysis of smart watches. In 2015 10th International Conference on
Availability, Reliability and Security (pp. 303-311). IEEE.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy