Abstract
Wearable IoT devices like fitness trackers and smartwatches continue to create opportunities and challenges for forensic investigators in the acquisition and analysis of evidential artefacts in scenarios where such devices are a witness to a crime. However, current commercial and traditional forensic tools available to forensic investigators fall short of conducting device extraction and analysis of forensic artefacts from many IoT devices due to their heterogeneous nature. In this paper, we conduct a comprehensive forensic analysis and show artefacts of forensic value from the physical TomTom Spark 3 GPS fitness smartwatch, its companion app installed on an Android smartphone, and Bluetooth event logs located in the app’s metadata. Our forensic methodology and analysis involved the combination and use of a non-forensic tool, a commercial forensic tool, and a non-forensic manufacturer-independent analysis platform tool specifically designed for endurance athletes to identify, extract, analyse, and reconstruct user activity data in an investigative scenario. We show forensic metadata associated with the device information, past user activities, and audio files from the physical smartwatch. We recovered data associated with past user activities stored in proprietary activity files and databases maintained by the app on an Android smartphone. From the event logs, we show when user activity was synced with the app and uploaded to the device cloud storage. The results from our work provide vital references for forensic investigators to aid criminal investigations, highlight limitations of current forensic tools, and for developers of forensic tools an incentive into developing forensic software applications and tools that can decode all relevant data generated by wearable IoT devices.
Highlights
Wearable Internet of Things (IoT) devices which are mostly fitness trackers and activity tracking smartwatches are gadgets that can be worn by individuals throughout the day to keep track of various body parameters
The results from our work provide vital references for forensic investigators to aid criminal investigations, highlight limitations of current forensic tools, and for developers of forensic tools an incentive into developing forensic software applications and tools that can decode all relevant data generated by wearable IoT devices
We focus on the extraction and analysis of forensic artefacts of interest from the physical TomTom Spark 3 Global Positioning System (GPS) fitness smartwatch and the TomTom Sports app installed and running on an Android smartphone synced with the smartwatch
Summary
Wearable Internet of Things (IoT) devices which are mostly fitness trackers and activity tracking smartwatches are gadgets that can be worn by individuals throughout the day to keep track of various body parameters. Apple held the largest share of the global shipment (55.5%) in the first quarter of 2020, followed by Samsung (13.9%), Garmin (13.9%), and other brands (22.6%) respectively [3] This astronomical growth in demand and the potential of these devices to generate data that are stored on the devices and smartphones they are synced with has created significant interest amongst many digital forensic researchers and an increased shift towards wearable IoT device forensics [4,5,6,7,8,9]. The goal of this paper is to present the data acquisition and forensic analysis carried out on the TomTom Spark 3 GPS smartwatch to demonstrate the limitations of commercial and traditional forensic tools and show the results obtained from the study of the forensic artefacts acquired and analysed using non-forensic tools.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
