Post-mortem digital forensic analysis of the Garmin Connect application for Android

IF 2 4区医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Forensic Science International-Digital Investigation Pub Date : 2023-09-18 DOI:10.1016/j.fsidi.2023.301624

Fabian Nunes , Patrício Domingues , Miguel Frade

{"title":"Post-mortem digital forensic analysis of the Garmin Connect application for Android","authors":"Fabian Nunes , Patrício Domingues , Miguel Frade","doi":"10.1016/j.fsidi.2023.301624","DOIUrl":null,"url":null,"abstract":"<div>The Garmin Vivosmart 4 smartband can monitor various health metrics, including heart rate, oxygen saturation, body composition, and stress levels. It is a quite popular fitness tracking device, as its Android companion application – Garmin Connect – has been downloaded more than 10 million times and can provide critical forensic artifacts such as timestamped GPS-based locations. In this work, we analyze the Garmin Connect application to identify i) relevant digital forensic artifacts, and <math><mi>i</mi><mi>i</mi><mo>)</mo></math> assess methods to retrieve cloud-based data relevant to a digital forensic examination. For this purpose, we first establish a test scenario where the paired device/application collects data in regular real-world situations using a rooted smartphone running Android 11. The smartphone is then examined to gain insights into the data stored by the application and identify meaningful digital artifacts.To ease and automate the task of digital forensic practitioners, we have developed the Garmin Connect for Android Analyzer (GC4AA) set of Python 3 modules tailored for the digital forensic framework Android Logs Events And Protobuf Parser (ALEAPP). These open-source modules parse dumps of a Vivosmart 4 data directory and create reports displaying several digital artifacts, such as health metrics, GPS data and routes, and phone notifications. They automate the information-gathering process and produce a report specially tailored for Garmin Connect data, highlighting the most relevant artifacts. Our results show that the analysis of paired Garmin Collect/Vivosmart 4 with GC4AA can yield more digital forensic artifacts than existing open-source tools, including the following new artifacts: i) Daily Summary data; <math><mi>i</mi><mi>i</mi><mo>)</mo></math> GPS data; <math><mi>i</mi><mi>i</mi><mi>i</mi><mo>)</mo></math> Response Cache data; <math><mi>i</mi><mi>v</mi><mo>)</mo></math> Network Logs; v) Facebook API tokens; <math><mi>v</mi><mi>i</mi><mo>)</mo></math> Device Synchronization cache; <math><mi>v</mi><mi>i</mi><mi>i</mi><mo>)</mo></math> SpO2 reading charts. Our contributions include a graphical presentation of the collected data, greatly improving its readability and analysis.</div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2023-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281723001361","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Garmin Vivosmart 4 smartband can monitor various health metrics, including heart rate, oxygen saturation, body composition, and stress levels. It is a quite popular fitness tracking device, as its Android companion application – Garmin Connect – has been downloaded more than 10 million times and can provide critical forensic artifacts such as timestamped GPS-based locations. In this work, we analyze the Garmin Connect application to identify i) relevant digital forensic artifacts, and $i i)$ assess methods to retrieve cloud-based data relevant to a digital forensic examination. For this purpose, we first establish a test scenario where the paired device/application collects data in regular real-world situations using a rooted smartphone running Android 11. The smartphone is then examined to gain insights into the data stored by the application and identify meaningful digital artifacts.

To ease and automate the task of digital forensic practitioners, we have developed the Garmin Connect for Android Analyzer (GC4AA) set of Python 3 modules tailored for the digital forensic framework Android Logs Events And Protobuf Parser (ALEAPP). These open-source modules parse dumps of a Vivosmart 4 data directory and create reports displaying several digital artifacts, such as health metrics, GPS data and routes, and phone notifications. They automate the information-gathering process and produce a report specially tailored for Garmin Connect data, highlighting the most relevant artifacts. Our results show that the analysis of paired Garmin Collect/Vivosmart 4 with GC4AA can yield more digital forensic artifacts than existing open-source tools, including the following new artifacts: i) Daily Summary data; $i i)$ GPS data; $i i i)$ Response Cache data; $i v)$ Network Logs; v) Facebook API tokens; $v i)$ Device Synchronization cache; $v i i)$ SpO₂ reading charts. Our contributions include a graphical presentation of the collected data, greatly improving its readability and analysis.

查看原文本刊更多论文

Garmin Connect Android应用程序的事后数字取证分析

Garmin Vivosmart 4智能手环可以监测各种健康指标，包括心率、氧饱和度、身体成分和压力水平。这是一款非常受欢迎的健身追踪设备，因为它的安卓配套应用Garmin Connect已经被下载了1000多万次，它可以提供关键的取证文物，比如基于gps的时间戳位置。在这项工作中，我们分析了Garmin Connect应用程序，以识别i)相关的数字法医工件，以及ii)评估检索与数字法医检查相关的基于云的数据的方法。为此，我们首先建立一个测试场景，其中配对的设备/应用程序使用运行Android 11的根智能手机在常规的真实情况下收集数据。然后检查智能手机以深入了解应用程序存储的数据并识别有意义的数字工件。为了简化和自动化数字取证从业者的任务，我们开发了Garmin Connect for Android Analyzer (GC4AA)一组为数字取证框架Android Logs Events and Protobuf Parser (ALEAPP)量身定制的Python 3模块。这些开源模块解析Vivosmart 4数据目录的转储，并创建显示几个数字工件的报告，例如健康指标、GPS数据和路由以及电话通知。他们将信息收集过程自动化，并生成专门为Garmin Connect数据量身定制的报告，突出显示最相关的工件。我们的研究结果表明，与现有的开源工具相比，使用GC4AA对配对的Garmin Collect/Vivosmart 4进行分析可以产生更多的数字取证伪像，包括以下新伪像:i)每日汇总数据;ii) GPS数据;iii) Response Cache数据;iv)网络日志;v) Facebook API令牌;vi)设备同步缓存;vii) SpO2读数表。我们的贡献包括收集数据的图形表示，大大提高了其可读性和分析能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Forensic Science International-Digital Investigation Multiple-

CiteScore

5.90

自引率

15.00%

发文量

审稿时长

76 days