{"title":"Garmin Connect Android应用程序的事后数字取证分析","authors":"Fabian Nunes , Patrício Domingues , Miguel Frade","doi":"10.1016/j.fsidi.2023.301624","DOIUrl":null,"url":null,"abstract":"<div><p><span>The Garmin Vivosmart 4 smartband can monitor various health metrics, including heart rate, oxygen saturation, body composition, and stress levels. It is a quite popular fitness tracking device, as its Android<span> companion application – Garmin Connect – has been downloaded more than 10 million times and can provide critical forensic artifacts such as timestamped GPS-based locations. In this work, we analyze the Garmin Connect application to identify </span></span><em>i</em><span>) relevant digital forensic artifacts, and </span><span><math><mi>i</mi><mi>i</mi><mo>)</mo></math></span> assess methods to retrieve cloud-based data relevant to a digital forensic examination. For this purpose, we first establish a test scenario where the paired device/application collects data in regular real-world situations using a rooted smartphone running Android 11. The smartphone is then examined to gain insights into the data stored by the application and identify meaningful digital artifacts.</p><p><span>To ease and automate the task of digital forensic practitioners, we have developed the Garmin Connect for Android Analyzer (GC4AA) set of Python 3 modules tailored for the digital forensic framework Android Logs Events And Protobuf Parser (ALEAPP). These open-source modules parse dumps of a Vivosmart 4 data directory and create reports displaying several digital artifacts, such as health metrics, GPS data and routes, and phone notifications. They automate the information-gathering process and produce a report specially tailored for Garmin Connect data, highlighting the most relevant artifacts. Our results show that the analysis of paired Garmin Collect/Vivosmart 4 with GC4AA can yield more digital forensic artifacts than existing open-source tools, including the following new artifacts: </span><em>i</em>) Daily Summary data; <span><math><mi>i</mi><mi>i</mi><mo>)</mo></math></span> GPS data; <span><math><mi>i</mi><mi>i</mi><mi>i</mi><mo>)</mo></math></span> Response Cache data; <span><math><mi>i</mi><mi>v</mi><mo>)</mo></math></span> Network Logs; <em>v</em>) Facebook API tokens; <span><math><mi>v</mi><mi>i</mi><mo>)</mo></math></span> Device Synchronization cache; <span><math><mi>v</mi><mi>i</mi><mi>i</mi><mo>)</mo></math></span> SpO<sub>2</sub> reading charts. Our contributions include a graphical presentation of the collected data, greatly improving its readability and analysis.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2023-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Post-mortem digital forensic analysis of the Garmin Connect application for Android\",\"authors\":\"Fabian Nunes , Patrício Domingues , Miguel Frade\",\"doi\":\"10.1016/j.fsidi.2023.301624\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p><span>The Garmin Vivosmart 4 smartband can monitor various health metrics, including heart rate, oxygen saturation, body composition, and stress levels. It is a quite popular fitness tracking device, as its Android<span> companion application – Garmin Connect – has been downloaded more than 10 million times and can provide critical forensic artifacts such as timestamped GPS-based locations. In this work, we analyze the Garmin Connect application to identify </span></span><em>i</em><span>) relevant digital forensic artifacts, and </span><span><math><mi>i</mi><mi>i</mi><mo>)</mo></math></span> assess methods to retrieve cloud-based data relevant to a digital forensic examination. For this purpose, we first establish a test scenario where the paired device/application collects data in regular real-world situations using a rooted smartphone running Android 11. The smartphone is then examined to gain insights into the data stored by the application and identify meaningful digital artifacts.</p><p><span>To ease and automate the task of digital forensic practitioners, we have developed the Garmin Connect for Android Analyzer (GC4AA) set of Python 3 modules tailored for the digital forensic framework Android Logs Events And Protobuf Parser (ALEAPP). These open-source modules parse dumps of a Vivosmart 4 data directory and create reports displaying several digital artifacts, such as health metrics, GPS data and routes, and phone notifications. They automate the information-gathering process and produce a report specially tailored for Garmin Connect data, highlighting the most relevant artifacts. Our results show that the analysis of paired Garmin Collect/Vivosmart 4 with GC4AA can yield more digital forensic artifacts than existing open-source tools, including the following new artifacts: </span><em>i</em>) Daily Summary data; <span><math><mi>i</mi><mi>i</mi><mo>)</mo></math></span> GPS data; <span><math><mi>i</mi><mi>i</mi><mi>i</mi><mo>)</mo></math></span> Response Cache data; <span><math><mi>i</mi><mi>v</mi><mo>)</mo></math></span> Network Logs; <em>v</em>) Facebook API tokens; <span><math><mi>v</mi><mi>i</mi><mo>)</mo></math></span> Device Synchronization cache; <span><math><mi>v</mi><mi>i</mi><mi>i</mi><mo>)</mo></math></span> SpO<sub>2</sub> reading charts. Our contributions include a graphical presentation of the collected data, greatly improving its readability and analysis.</p></div>\",\"PeriodicalId\":48481,\"journal\":{\"name\":\"Forensic Science International-Digital Investigation\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2023-09-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Forensic Science International-Digital Investigation\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2666281723001361\",\"RegionNum\":4,\"RegionCategory\":\"医学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281723001361","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Post-mortem digital forensic analysis of the Garmin Connect application for Android
The Garmin Vivosmart 4 smartband can monitor various health metrics, including heart rate, oxygen saturation, body composition, and stress levels. It is a quite popular fitness tracking device, as its Android companion application – Garmin Connect – has been downloaded more than 10 million times and can provide critical forensic artifacts such as timestamped GPS-based locations. In this work, we analyze the Garmin Connect application to identify i) relevant digital forensic artifacts, and assess methods to retrieve cloud-based data relevant to a digital forensic examination. For this purpose, we first establish a test scenario where the paired device/application collects data in regular real-world situations using a rooted smartphone running Android 11. The smartphone is then examined to gain insights into the data stored by the application and identify meaningful digital artifacts.
To ease and automate the task of digital forensic practitioners, we have developed the Garmin Connect for Android Analyzer (GC4AA) set of Python 3 modules tailored for the digital forensic framework Android Logs Events And Protobuf Parser (ALEAPP). These open-source modules parse dumps of a Vivosmart 4 data directory and create reports displaying several digital artifacts, such as health metrics, GPS data and routes, and phone notifications. They automate the information-gathering process and produce a report specially tailored for Garmin Connect data, highlighting the most relevant artifacts. Our results show that the analysis of paired Garmin Collect/Vivosmart 4 with GC4AA can yield more digital forensic artifacts than existing open-source tools, including the following new artifacts: i) Daily Summary data; GPS data; Response Cache data; Network Logs; v) Facebook API tokens; Device Synchronization cache; SpO2 reading charts. Our contributions include a graphical presentation of the collected data, greatly improving its readability and analysis.