Abstract
As the geolocation capabilities of smartphones continue to improve, developers have continued to create more innovative applications that rely on this location information for their primary function. This can be seen with Niantic’s release of Pokémon GO, which is a massively multiplayer online role playing and augmented reality game. This game became immensely popular within just a few days of its release. However, it also had the propensity to be a distraction to drivers, resulting in numerous accidents, and was used as a tool by armed robbers to lure unsuspecting users into secluded areas. This facilitates the need for forensic investigators to be able to analyze the data within the application in order to determine if it may have been involved in these incidents. Because this application is new, limited research has been conducted regarding the artifacts that can be recovered from the application. In this paper, we aim to fill the gaps within the current research by assessing what forensically-relevant information may be recovered from the application and understanding the circumstances behind the creation of this information. Our research focuses primarily on the artifacts generated by the Upsight analytics platform, those contained within the bundles directory and the Pokémon Go Plus accessory. Moreover, we present our new application-specific analysis tool that is capable of extracting forensic artifacts from a backup of the Android application and presenting them to an investigator in an easily-readable format. This analysis tool exceeds the capabilities of the well known mobile forensic tool Cellebrite’s UFED (Universal Forensic Extraction Device) Physical Analyzer in processing Pokémon GO application data.
Highlights
On 6 July 2016, Niantic, a subsidiary of Google, in conjunction with Nintendo and The PokémonCompany released Pokémon GO [1], a massively multiplayer online role playing and augmented reality game for mobile devices that is based on the late 1990s Pokémon cartoon series and the NintendoGameboy game series
Our research focuses primarily on the artifacts generated by the Upsight analytics platform, those contained within the bundles directory and the Pokémon Go Plus accessory
Maus et al noted that many smartphone applications make use of geolocation information, and this information can be valuable to forensic investigators
Summary
On 6 July 2016, Niantic, a subsidiary of Google, in conjunction with Nintendo and The Pokémon. This paper seeks to expand upon the current research in order to discover any forensically-relevant information that may be contained in the Pokémon GO application and develop an understanding of how this information was created by the application This information may include corroborative evidence that may place a user at the location of a crime or may support the idea that a user was distracted by the application while walking or driving. The contributions made by this paper can be used by forensic investigators to establish a timeline of user activity within the Pokémon GO application, establish the relative location of the user and to determine if the user was utilizing a Pokémon GO Plus accessory This information can be useful during investigations involving pedestrians or drivers that may have been involved in an accident that resulted in death or serious injury to themselves or others as a result of their failure to pay attention to their surroundings while playing the game.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have