SlideShare a Scribd company logo

(140716) #fitalk digital evidence from android-based smartwatch

INSIGHT FORENSIC
INSIGHT FORENSIC

2014 F-INSIGHT TALK

Technology
1 of 25
Download to read offline
FORENSIC INSIGHT; DIGITAL FORENSICS COMMUNITY IN KOREA Digital Evidence from Android-based Smartwatch Jae-ki Kim Jack2 jack2@korea.ac.kr jack2yo@gmail.com http://jack2.codebreaking.org
forensicinsight.org Page 2 Overview 1. Target Device 2. Method & Process 3. Digital Evidence 4. Conclusion
forensicinsight.org Page 3 Target Device
forensicinsight.org Page 4 Target Device  Smart Watch – Galaxy Gear (SAMSUNG)
forensicinsight.org Page 5 Target Device  Smart Watch – Galaxy Gear (SAMSUNG) 속성 정보 프로세서 삼성 엑시노스 4212 SoC. ARM Cortex-A9 MP2 800 MHz CPU, ARM Mali-400 MP4 440 MHz GPU 메모리 512 MB LPDDR1 SDRAM, 4 GB 내장 메모리 디스플레이 1.63인치 320 x 320 S-Stripe RGB 서브픽셀 방식의 삼성D Super AMOLED 정전식 터치스크린 네트워크 블루투스 4.0+BLE 카메라 190만 화소 AF 배터리 Li-Ion 315 mAh, 사용 시간 25시간, 대기 시간 150시간 운영체제 안드로이드 기반 웨어러블 커스텀 OS
forensicinsight.org Page 6 Method & Process For Collecting Digital Evidence from Android-based Smartwatch
forensicinsight.org Page 7 Method & Process  Access to a Galaxy Gear 0. Warming-Up
forensicinsight.org Page 8 Method & Process  Access to a Galaxy Gear  Need to approved device (ex. Galaxy S III or later) 0. Warming-Up
forensicinsight.org Page 9 Method & Process  Access to a Galaxy Gear  Need to approved device (ex. Galaxy S III or later)  Install ’Gear Manger’ Application (only SAMSUNG Apps) 0. Warming-Up
forensicinsight.org Page 10 Method & Process  Access to a Galaxy Gear  Need to approved device (ex. Galaxy S III or later)  Install ‘Gear Manger’ Application (only SAMSUNG Apps)  Synchronization (For the 1st time)  NFC  Bluetooth 0. Warming-Up
forensicinsight.org Page 11 Method & Process  Access to a Galaxy Gear  Need to approved device (ex. Galaxy S III or later)  Install ‘Gear Manger’ Application (only SAMSUNG Apps)  Synchronization (For the 1st time)  NFC  Bluetooth  Hold the Galaxy Gear Charging Dock  Connect with USB 0. Warming-Up
forensicinsight.org Page 12 Method & Process  Previous work  Install Samsung USB Drivers  Settings > Gear Info > Tap Software Version 10 times  Enable USB Debugging on the Galaxy Gear  Plug in the Galaxy Gear via USB 1. Rooting
forensicinsight.org Page 13 Method & Process  Previous work  Install Samsung USB Drivers  Settings > Gear Info > Tap Software Version 10 times  Enable USB Debugging on the Galaxy Gear  Plug in the Galaxy Gear via USB  Root the Galaxy Gear  Download Cydia impactor  Start  Install Busybox 1. Rooting
forensicinsight.org Page 15 Method & Process  Limitations  Only 4GB Built-In Memory  No Network Interface (Wi-Fi, 3G/4G)  Remote Dump with nc 2. Imaging
forensicinsight.org Page 16 Method & Process  Limitations  Only 4GB Built-In Memory  No Network Interface (Wi-Fi, 3G/4G)  Remote Dump with nc  C:UsersJack2> adb forward tcp:8787 tcp:8787  root@android:/ # ./busybox nc -l -p 8787 -e dd if=/dev/block/mmcblk0p21  C:UsersJack2> nc 127.0.0.1 8787 > jack2.img 2. Imaging /dev/block/mmcblk0p21 /data ext4 rw,nosuid,nodev,noatime,barrier=1 ….
forensicinsight.org Page 17 Digital Evidence
forensicinsight.org Page 18 Digital Evidence Use FTK Imager Very large amounts of data -_- ;; Select useful 4 digital evidences ^^
forensicinsight.org Page 19 Digital Evidence  Path  /data/misc/bluedroid/  Info  Specific information synchronized smartphone (Device name , Bluetooth address … ) bt_config.xml If you fail to obtain a smartphone, Identify the synchronized device
forensicinsight.org Page 20 Digital Evidence  Path  /data/data/com.samsung.appcessory.NotiConsumerService/databases/  Info  SMS/MMS, Hangout Message, Gmail information synchronized smartphone NotificationSync.db Though deleted messages from your smartphone, Check original message used by Synchronized information
forensicinsight.org Page 21 Digital Evidence  Path  /data/data/com.samsung.accessory.FindMyPhone/ConsumerService/shared_prefs/  Info  Find a synchronized smartphone watch.xml Guessing Activity Time Ex) Put smartphone in the car and Visit Crime scene
forensicinsight.org Page 22 Digital Evidence  Path  /data/data/com.sec.android.widgetapp.ap.hero.accuweather.consumer.widget/databases/  Info  Check the local weather used Synchronized smartphone WeatherClock Although Galaxy Gear is no GPS, Check recently visited local information
forensicinsight.org Page 23 Conclusion Next Target Issue
forensicinsight.org Page 24 Conclusion  Smart Watch – Galaxy Gear2 (SAMSUNG) 속성 정보 프로세서 1.0 GHz 듀얼 코어 프로세서 메모리 512 MB LPDDR1 SDRAM, 4 GB 내장 메모리 디스플레이 1.63인치 320 x 320 S-Stripe RGB 서브픽셀 방식의 삼성D 슈퍼 아몰레드 정전식 터치스크린 네트워크 블루투스 v4.0 LE 센서 가속 센서, 자이로스코프, 심박 센서, 방수/방진 카메라 200만 화소 AF 배터리 Li-Ion 300 mAh, 사용 시간 2~3일, 대기 시간 6 일 운영체제 타이젠 기반 웨어러블 플랫폼
forensicinsight.org Page 25 Reference  http://theunlockr.com/2013/11/20/root-samsung-galaxy-gear-video/  https://www.facebook.com/groups/212473532271572/permalink/247282375457354/
forensicinsight.org Page 26 Question and Answer

Recommended

(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)INSIGHT FORENSIC
 
Malware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareMalware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareCyphort
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-macCyphort
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threatINSIGHT FORENSIC
 
Malware's Most Wanted (MMW): Backoff POS Malware
Malware's Most Wanted (MMW): Backoff POS Malware Malware's Most Wanted (MMW): Backoff POS Malware
Malware's Most Wanted (MMW): Backoff POS Malware Cyphort
 
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareMalware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareCyphort
 
Windows Live Forensics 101
Windows Live Forensics 101Windows Live Forensics 101
Windows Live Forensics 101Arpan Raval
 
Catching fileless attacks
Catching fileless attacksCatching fileless attacks
Catching fileless attacksBalaji Rajasekaran
 

Recommended

(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)INSIGHT FORENSIC
 
Malware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareMalware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareCyphort
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-macCyphort
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threatINSIGHT FORENSIC
 
Malware's Most Wanted (MMW): Backoff POS Malware
Malware's Most Wanted (MMW): Backoff POS Malware Malware's Most Wanted (MMW): Backoff POS Malware
Malware's Most Wanted (MMW): Backoff POS Malware Cyphort
 
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareMalware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareCyphort
 
Windows Live Forensics 101
Windows Live Forensics 101Windows Live Forensics 101
Windows Live Forensics 101Arpan Raval
 
Catching fileless attacks
Catching fileless attacksCatching fileless attacks
Catching fileless attacksBalaji Rajasekaran
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
 
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...CODE BLUE
 
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows KernelMemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows KernelIgor Korkin
 
Is Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacksIs Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacksguest6f3af5
 
Dissecting ZeuS malware
Dissecting ZeuS malwareDissecting ZeuS malware
Dissecting ZeuS malwareCyphort
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Cyphort
 
International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...CODE BLUE
 
Zeus Dissected
Zeus DissectedZeus Dissected
Zeus DissectedCyphort
 
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel SpacesDivide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel SpacesIgor Korkin
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence Cyphort
 
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory AccessDetect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory AccessIgor Korkin
 
Sophos what-is-zeus-tp
Sophos what-is-zeus-tpSophos what-is-zeus-tp
Sophos what-is-zeus-tpOnet Paradis
 
Malware analysis - What to learn from your invaders
Malware analysis - What to learn from your invadersMalware analysis - What to learn from your invaders
Malware analysis - What to learn from your invadersTazdrumm3r
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur lsINSIGHT FORENSIC
 
(131102) #fitalk get windows logon password in memory dump
(131102) #fitalk get windows logon password in memory dump(131102) #fitalk get windows logon password in memory dump
(131102) #fitalk get windows logon password in memory dumpINSIGHT FORENSIC
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recoveryINSIGHT FORENSIC
 
(130727) #fitalk rp log tracker
(130727) #fitalk rp log tracker(130727) #fitalk rp log tracker
(130727) #fitalk rp log trackerINSIGHT FORENSIC
 
(130608) #fitalk trends in d forensics (may, 2013)
(130608) #fitalk trends in d forensics (may, 2013)(130608) #fitalk trends in d forensics (may, 2013)
(130608) #fitalk trends in d forensics (may, 2013)INSIGHT FORENSIC
 
(Ficon2015) #4 어떻게 가져갔는가, 그리고...
(Ficon2015) #4 어떻게 가져갔는가, 그리고...(Ficon2015) #4 어떻게 가져갔는가, 그리고...
(Ficon2015) #4 어떻게 가져갔는가, 그리고...INSIGHT FORENSIC
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)INSIGHT FORENSIC
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석INSIGHT FORENSIC
 

More Related Content

What's hot

Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
 
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...CODE BLUE
 
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows KernelMemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows KernelIgor Korkin
 
Is Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacksIs Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacksguest6f3af5
 
Dissecting ZeuS malware
Dissecting ZeuS malwareDissecting ZeuS malware
Dissecting ZeuS malwareCyphort
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Cyphort
 
International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...CODE BLUE
 
Zeus Dissected
Zeus DissectedZeus Dissected
Zeus DissectedCyphort
 
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel SpacesDivide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel SpacesIgor Korkin
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence Cyphort
 
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory AccessDetect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory AccessIgor Korkin
 
Sophos what-is-zeus-tp
Sophos what-is-zeus-tpSophos what-is-zeus-tp
Sophos what-is-zeus-tpOnet Paradis
 
Malware analysis - What to learn from your invaders
Malware analysis - What to learn from your invadersMalware analysis - What to learn from your invaders
Malware analysis - What to learn from your invadersTazdrumm3r
 

What's hot (14)

Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
 
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
 
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows KernelMemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel
 
Is Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacksIs Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacks
 
Dissecting ZeuS malware
Dissecting ZeuS malwareDissecting ZeuS malware
Dissecting ZeuS malware
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
 
International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...
 
Zeus Dissected
Zeus DissectedZeus Dissected
Zeus Dissected
 
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel SpacesDivide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence
 
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory AccessDetect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access
 
Sophos what-is-zeus-tp
Sophos what-is-zeus-tpSophos what-is-zeus-tp
Sophos what-is-zeus-tp
 
Malware analysis - What to learn from your invaders
Malware analysis - What to learn from your invadersMalware analysis - What to learn from your invaders
Malware analysis - What to learn from your invaders
 

Viewers also liked

(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur lsINSIGHT FORENSIC
 
(131102) #fitalk get windows logon password in memory dump
(131102) #fitalk get windows logon password in memory dump(131102) #fitalk get windows logon password in memory dump
(131102) #fitalk get windows logon password in memory dumpINSIGHT FORENSIC
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recoveryINSIGHT FORENSIC
 
(130727) #fitalk rp log tracker
(130727) #fitalk rp log tracker(130727) #fitalk rp log tracker
(130727) #fitalk rp log trackerINSIGHT FORENSIC
 
(130608) #fitalk trends in d forensics (may, 2013)
(130608) #fitalk trends in d forensics (may, 2013)(130608) #fitalk trends in d forensics (may, 2013)
(130608) #fitalk trends in d forensics (may, 2013)INSIGHT FORENSIC
 
(Ficon2015) #4 어떻게 가져갔는가, 그리고...
(Ficon2015) #4 어떻게 가져갔는가, 그리고...(Ficon2015) #4 어떻게 가져갔는가, 그리고...
(Ficon2015) #4 어떻게 가져갔는가, 그리고...INSIGHT FORENSIC
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)INSIGHT FORENSIC
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석INSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)INSIGHT FORENSIC
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fsINSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)INSIGHT FORENSIC
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안INSIGHT FORENSIC
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensicsINSIGHT FORENSIC
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threatINSIGHT FORENSIC
 
(130622) #fitalk trend of personal information protection
(130622) #fitalk trend of personal information protection(130622) #fitalk trend of personal information protection
(130622) #fitalk trend of personal information protectionINSIGHT FORENSIC
 
(130622) #fitalk i cloud keychain forensics
(130622) #fitalk i cloud keychain forensics(130622) #fitalk i cloud keychain forensics
(130622) #fitalk i cloud keychain forensicsINSIGHT FORENSIC
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석INSIGHT FORENSIC
 
(130727) #fitalk pfp (portable forensic platform), #2 story
(130727) #fitalk pfp (portable forensic platform), #2 story(130727) #fitalk pfp (portable forensic platform), #2 story
(130727) #fitalk pfp (portable forensic platform), #2 storyINSIGHT FORENSIC
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식INSIGHT FORENSIC
 

Viewers also liked (20)

(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
 
(131102) #fitalk get windows logon password in memory dump
(131102) #fitalk get windows logon password in memory dump(131102) #fitalk get windows logon password in memory dump
(131102) #fitalk get windows logon password in memory dump
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery
 
(130727) #fitalk rp log tracker
(130727) #fitalk rp log tracker(130727) #fitalk rp log tracker
(130727) #fitalk rp log tracker
 
(130608) #fitalk trends in d forensics (may, 2013)
(130608) #fitalk trends in d forensics (may, 2013)(130608) #fitalk trends in d forensics (may, 2013)
(130608) #fitalk trends in d forensics (may, 2013)
 
(Ficon2015) #4 어떻게 가져갔는가, 그리고...
(Ficon2015) #4 어떻게 가져갔는가, 그리고...(Ficon2015) #4 어떻게 가져갔는가, 그리고...
(Ficon2015) #4 어떻게 가져갔는가, 그리고...
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics
 
Ntfs forensics
Ntfs forensicsNtfs forensics
Ntfs forensics
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threat
 
(130622) #fitalk trend of personal information protection
(130622) #fitalk trend of personal information protection(130622) #fitalk trend of personal information protection
(130622) #fitalk trend of personal information protection
 
(130622) #fitalk i cloud keychain forensics
(130622) #fitalk i cloud keychain forensics(130622) #fitalk i cloud keychain forensics
(130622) #fitalk i cloud keychain forensics
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석
 
(130727) #fitalk pfp (portable forensic platform), #2 story
(130727) #fitalk pfp (portable forensic platform), #2 story(130727) #fitalk pfp (portable forensic platform), #2 story
(130727) #fitalk pfp (portable forensic platform), #2 story
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
 

Similar to (140716) #fitalk digital evidence from android-based smartwatch

Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testingSanthosh Kumar
 
Gadget Store Application
Gadget Store ApplicationGadget Store Application
Gadget Store Applicationmakersbay
 
Firefox OS and the Internet of Things - NDC London 2014
Firefox OS and the Internet of Things - NDC London 2014Firefox OS and the Internet of Things - NDC London 2014
Firefox OS and the Internet of Things - NDC London 2014Jan Jongboom
 
Android Training in Chandigarh | Industrial Training in Android Apps Development
Android Training in Chandigarh | Industrial Training in Android Apps DevelopmentAndroid Training in Chandigarh | Industrial Training in Android Apps Development
Android Training in Chandigarh | Industrial Training in Android Apps DevelopmentBig Boxx Animation Academy
 
Easy steps to develop android application (tutorial)
Easy steps to develop android application (tutorial)Easy steps to develop android application (tutorial)
Easy steps to develop android application (tutorial)Dewan Razib
 
Wearable Device Forensics
Wearable Device ForensicsWearable Device Forensics
Wearable Device ForensicsSteve Watson
 
Gene Presentation For Android
Gene Presentation For AndroidGene Presentation For Android
Gene Presentation For AndroidGene Leybzon
 
Cloud Computing in Mobile
Cloud Computing in MobileCloud Computing in Mobile
Cloud Computing in MobileSVWB
 
UXperts 2012: Connectivity Beyond the Web (Android), Friedger Müffke
UXperts 2012: Connectivity Beyond the Web (Android), Friedger MüffkeUXperts 2012: Connectivity Beyond the Web (Android), Friedger Müffke
UXperts 2012: Connectivity Beyond the Web (Android), Friedger MüffkeFriedger Müffke
 
Android-Chapter01-Intro.pptx
Android-Chapter01-Intro.pptxAndroid-Chapter01-Intro.pptx
Android-Chapter01-Intro.pptxMonika Poriye
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosPriyanka Aash
 
Better With Friends: Android+NFC+Arduino
Better With Friends: Android+NFC+ArduinoBetter With Friends: Android+NFC+Arduino
Better With Friends: Android+NFC+ArduinoPearl Chen
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 
Samsung blazes new trail with the world’s first Android based camera - San Fr...
Samsung blazes new trail with the world’s first Android based camera - San Fr...Samsung blazes new trail with the world’s first Android based camera - San Fr...
Samsung blazes new trail with the world’s first Android based camera - San Fr...fearlessportrai19
 
Android word or phrases
Android word or phrasesAndroid word or phrases
Android word or phraseschael_boy
 
Android Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTAndroid Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTinovex GmbH
 
Augmented World Expo 2014 Wearable SDK Overview
Augmented World Expo 2014 Wearable SDK OverviewAugmented World Expo 2014 Wearable SDK Overview
Augmented World Expo 2014 Wearable SDK OverviewPatrick O'Shaughnessey
 
Android and android phones
Android and android phonesAndroid and android phones
Android and android phonesjeannmaglasang
 
Android chapter01-intro
Android chapter01-introAndroid chapter01-intro
Android chapter01-introCouhp HD
 

Similar to (140716) #fitalk digital evidence from android-based smartwatch (20)

Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
 
Apk explorer2
Apk explorer2Apk explorer2
Apk explorer2
 
Gadget Store Application
Gadget Store ApplicationGadget Store Application
Gadget Store Application
 
Firefox OS and the Internet of Things - NDC London 2014
Firefox OS and the Internet of Things - NDC London 2014Firefox OS and the Internet of Things - NDC London 2014
Firefox OS and the Internet of Things - NDC London 2014
 
Android Training in Chandigarh | Industrial Training in Android Apps Development
Android Training in Chandigarh | Industrial Training in Android Apps DevelopmentAndroid Training in Chandigarh | Industrial Training in Android Apps Development
Android Training in Chandigarh | Industrial Training in Android Apps Development
 
Easy steps to develop android application (tutorial)
Easy steps to develop android application (tutorial)Easy steps to develop android application (tutorial)
Easy steps to develop android application (tutorial)
 
Wearable Device Forensics
Wearable Device ForensicsWearable Device Forensics
Wearable Device Forensics
 
Gene Presentation For Android
Gene Presentation For AndroidGene Presentation For Android
Gene Presentation For Android
 
Cloud Computing in Mobile
Cloud Computing in MobileCloud Computing in Mobile
Cloud Computing in Mobile
 
UXperts 2012: Connectivity Beyond the Web (Android), Friedger Müffke
UXperts 2012: Connectivity Beyond the Web (Android), Friedger MüffkeUXperts 2012: Connectivity Beyond the Web (Android), Friedger Müffke
UXperts 2012: Connectivity Beyond the Web (Android), Friedger Müffke
 
Android-Chapter01-Intro.pptx
Android-Chapter01-Intro.pptxAndroid-Chapter01-Intro.pptx
Android-Chapter01-Intro.pptx
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
 
Better With Friends: Android+NFC+Arduino
Better With Friends: Android+NFC+ArduinoBetter With Friends: Android+NFC+Arduino
Better With Friends: Android+NFC+Arduino
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 
Samsung blazes new trail with the world’s first Android based camera - San Fr...
Samsung blazes new trail with the world’s first Android based camera - San Fr...Samsung blazes new trail with the world’s first Android based camera - San Fr...
Samsung blazes new trail with the world’s first Android based camera - San Fr...
 
Android word or phrases
Android word or phrasesAndroid word or phrases
Android word or phrases
 
Android Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTAndroid Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoT
 
Augmented World Expo 2014 Wearable SDK Overview
Augmented World Expo 2014 Wearable SDK OverviewAugmented World Expo 2014 Wearable SDK Overview
Augmented World Expo 2014 Wearable SDK Overview
 
Android and android phones
Android and android phonesAndroid and android phones
Android and android phones
 
Android chapter01-intro
Android chapter01-introAndroid chapter01-intro
Android chapter01-intro
 

More from INSIGHT FORENSIC

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensicsINSIGHT FORENSIC
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trendINSIGHT FORENSIC
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifactsINSIGHT FORENSIC
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법INSIGHT FORENSIC
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysisINSIGHT FORENSIC
 
(130105) #fitalk criminal civil judicial procedure in korea
(130105) #fitalk criminal civil judicial procedure in korea(130105) #fitalk criminal civil judicial procedure in korea
(130105) #fitalk criminal civil judicial procedure in koreaINSIGHT FORENSIC
 
(131116) #fitalk extracting user typing history on bash in mac os x memory
(131116) #fitalk extracting user typing history on bash in mac os x memory(131116) #fitalk extracting user typing history on bash in mac os x memory
(131116) #fitalk extracting user typing history on bash in mac os x memoryINSIGHT FORENSIC
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropboxINSIGHT FORENSIC
 
(130907) #fitalk generating volatility linux profile
(130907) #fitalk generating volatility linux profile(130907) #fitalk generating volatility linux profile
(130907) #fitalk generating volatility linux profileINSIGHT FORENSIC
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
 
(130720) #fitalk trends in d forensics
(130720) #fitalk trends in d forensics(130720) #fitalk trends in d forensics
(130720) #fitalk trends in d forensicsINSIGHT FORENSIC
 
(130622) #fitalk the stealing windows password
(130622) #fitalk the stealing windows password(130622) #fitalk the stealing windows password
(130622) #fitalk the stealing windows passwordINSIGHT FORENSIC
 

More from INSIGHT FORENSIC (12)

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis
 
(130105) #fitalk criminal civil judicial procedure in korea
(130105) #fitalk criminal civil judicial procedure in korea(130105) #fitalk criminal civil judicial procedure in korea
(130105) #fitalk criminal civil judicial procedure in korea
 
(131116) #fitalk extracting user typing history on bash in mac os x memory
(131116) #fitalk extracting user typing history on bash in mac os x memory(131116) #fitalk extracting user typing history on bash in mac os x memory
(131116) #fitalk extracting user typing history on bash in mac os x memory
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox
 
(130907) #fitalk generating volatility linux profile
(130907) #fitalk generating volatility linux profile(130907) #fitalk generating volatility linux profile
(130907) #fitalk generating volatility linux profile
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
 
(130720) #fitalk trends in d forensics
(130720) #fitalk trends in d forensics(130720) #fitalk trends in d forensics
(130720) #fitalk trends in d forensics
 
(130622) #fitalk the stealing windows password
(130622) #fitalk the stealing windows password(130622) #fitalk the stealing windows password
(130622) #fitalk the stealing windows password
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

(140716) #fitalk digital evidence from android-based smartwatch

  • 1. FORENSIC INSIGHT; DIGITAL FORENSICS COMMUNITY IN KOREA Digital Evidence from Android-based Smartwatch Jae-ki Kim Jack2 jack2@korea.ac.kr jack2yo@gmail.com http://jack2.codebreaking.org
  • 2. forensicinsight.org Page 2 Overview 1. Target Device 2. Method & Process 3. Digital Evidence 4. Conclusion
  • 4. forensicinsight.org Page 4 Target Device  Smart Watch – Galaxy Gear (SAMSUNG)
  • 5. forensicinsight.org Page 5 Target Device  Smart Watch – Galaxy Gear (SAMSUNG) 속성 정보 프로세서 삼성 엑시노스 4212 SoC. ARM Cortex-A9 MP2 800 MHz CPU, ARM Mali-400 MP4 440 MHz GPU 메모리 512 MB LPDDR1 SDRAM, 4 GB 내장 메모리 디스플레이 1.63인치 320 x 320 S-Stripe RGB 서브픽셀 방식의 삼성D Super AMOLED 정전식 터치스크린 네트워크 블루투스 4.0+BLE 카메라 190만 화소 AF 배터리 Li-Ion 315 mAh, 사용 시간 25시간, 대기 시간 150시간 운영체제 안드로이드 기반 웨어러블 커스텀 OS
  • 6. forensicinsight.org Page 6 Method & Process For Collecting Digital Evidence from Android-based Smartwatch
  • 7. forensicinsight.org Page 7 Method & Process  Access to a Galaxy Gear 0. Warming-Up
  • 8. forensicinsight.org Page 8 Method & Process  Access to a Galaxy Gear  Need to approved device (ex. Galaxy S III or later) 0. Warming-Up
  • 9. forensicinsight.org Page 9 Method & Process  Access to a Galaxy Gear  Need to approved device (ex. Galaxy S III or later)  Install ’Gear Manger’ Application (only SAMSUNG Apps) 0. Warming-Up
  • 10. forensicinsight.org Page 10 Method & Process  Access to a Galaxy Gear  Need to approved device (ex. Galaxy S III or later)  Install ‘Gear Manger’ Application (only SAMSUNG Apps)  Synchronization (For the 1st time)  NFC  Bluetooth 0. Warming-Up
  • 11. forensicinsight.org Page 11 Method & Process  Access to a Galaxy Gear  Need to approved device (ex. Galaxy S III or later)  Install ‘Gear Manger’ Application (only SAMSUNG Apps)  Synchronization (For the 1st time)  NFC  Bluetooth  Hold the Galaxy Gear Charging Dock  Connect with USB 0. Warming-Up
  • 12. forensicinsight.org Page 12 Method & Process  Previous work  Install Samsung USB Drivers  Settings > Gear Info > Tap Software Version 10 times  Enable USB Debugging on the Galaxy Gear  Plug in the Galaxy Gear via USB 1. Rooting
  • 13. forensicinsight.org Page 13 Method & Process  Previous work  Install Samsung USB Drivers  Settings > Gear Info > Tap Software Version 10 times  Enable USB Debugging on the Galaxy Gear  Plug in the Galaxy Gear via USB  Root the Galaxy Gear  Download Cydia impactor  Start  Install Busybox 1. Rooting
  • 14. forensicinsight.org Page 15 Method & Process  Limitations  Only 4GB Built-In Memory  No Network Interface (Wi-Fi, 3G/4G)  Remote Dump with nc 2. Imaging
  • 15. forensicinsight.org Page 16 Method & Process  Limitations  Only 4GB Built-In Memory  No Network Interface (Wi-Fi, 3G/4G)  Remote Dump with nc  C:UsersJack2> adb forward tcp:8787 tcp:8787  root@android:/ # ./busybox nc -l -p 8787 -e dd if=/dev/block/mmcblk0p21  C:UsersJack2> nc 127.0.0.1 8787 > jack2.img 2. Imaging /dev/block/mmcblk0p21 /data ext4 rw,nosuid,nodev,noatime,barrier=1 ….
  • 17. forensicinsight.org Page 18 Digital Evidence Use FTK Imager Very large amounts of data -_- ;; Select useful 4 digital evidences ^^
  • 18. forensicinsight.org Page 19 Digital Evidence  Path  /data/misc/bluedroid/  Info  Specific information synchronized smartphone (Device name , Bluetooth address … ) bt_config.xml If you fail to obtain a smartphone, Identify the synchronized device
  • 19. forensicinsight.org Page 20 Digital Evidence  Path  /data/data/com.samsung.appcessory.NotiConsumerService/databases/  Info  SMS/MMS, Hangout Message, Gmail information synchronized smartphone NotificationSync.db Though deleted messages from your smartphone, Check original message used by Synchronized information
  • 20. forensicinsight.org Page 21 Digital Evidence  Path  /data/data/com.samsung.accessory.FindMyPhone/ConsumerService/shared_prefs/  Info  Find a synchronized smartphone watch.xml Guessing Activity Time Ex) Put smartphone in the car and Visit Crime scene
  • 21. forensicinsight.org Page 22 Digital Evidence  Path  /data/data/com.sec.android.widgetapp.ap.hero.accuweather.consumer.widget/databases/  Info  Check the local weather used Synchronized smartphone WeatherClock Although Galaxy Gear is no GPS, Check recently visited local information
  • 23. forensicinsight.org Page 24 Conclusion  Smart Watch – Galaxy Gear2 (SAMSUNG) 속성 정보 프로세서 1.0 GHz 듀얼 코어 프로세서 메모리 512 MB LPDDR1 SDRAM, 4 GB 내장 메모리 디스플레이 1.63인치 320 x 320 S-Stripe RGB 서브픽셀 방식의 삼성D 슈퍼 아몰레드 정전식 터치스크린 네트워크 블루투스 v4.0 LE 센서 가속 센서, 자이로스코프, 심박 센서, 방수/방진 카메라 200만 화소 AF 배터리 Li-Ion 300 mAh, 사용 시간 2~3일, 대기 시간 6 일 운영체제 타이젠 기반 웨어러블 플랫폼
  • 24. forensicinsight.org Page 25 Reference  http://theunlockr.com/2013/11/20/root-samsung-galaxy-gear-video/  https://www.facebook.com/groups/212473532271572/permalink/247282375457354/