WristSense framework: Exploring the forensic potential of wrist-wear devices through case studies

Abstract

Wrist devices have revolutionized our interaction with technology, monitoring various aspects of our activities and making them valuable in digital forensic investigations. Previous research has explored specific wrist device operating systems, often concentrating on devices from particular manufacturers. However, the broader market of wrist-worn devices, which includes a wide range of manufacturers, remains less explored. This oversight presents challenges in retrieving and analyzing data from wrist devices with different operating systems. Additionally, there has been limited exploration of utilizing health data from wrist devices in digital investigations. To address these gaps, this study presents a framework called “WristSense,” which systematically extracts health-related data from heterogeneous sources of wrist devices. The framework has been evaluated through case studies involving Huawei, Amazfit, Xiaomi, and Samsung wrist devices. The WristSense ensures compatibility with devices from different vendors and analyzes health data such as sleep patterns, heart rate, blood oxygen saturation, activities, and stress levels. The research uncovers potential circumstantial evidence applicable to law enforcement and introduces a wrist-wear device artifact catalog, which also serves as a taxonomy, enabling practitioners to codify and leverage their forensic collective knowledge. The findings demonstrate the effectiveness of the WristSense framework in extracting and analyzing data from various vendors, providing valuable insights for forensic investigations. However, challenges such as encryption mechanisms on certain devices present areas that require further investigation. This research provides a comprehensive overview of suspect or victim health data, empowering digital forensic investigators to reconstruct detailed timelines and gather crucial evidence in criminal investigations involving wrist devices.