Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/3339252.3340515acmotherconferencesArticle/Chapter ViewAbstractPublication PagesaresConference Proceedingsconference-collections
research-article

Map My Murder: A Digital Forensic Study of Mobile Health and Fitness Applications

Published: 26 August 2019 Publication History

Abstract

The ongoing popularity of health and fitness applications catalyzes the need for exploring forensic artifacts produced by them. Sensitive Personal Identifiable Information (PII) is requested by the applications during account creation. Augmenting that with ongoing user activities, such as the user's walking paths, could potentially create exculpatory or inculpatory digital evidence. We conducted extensive manual analysis and explored forensic artifacts produced by (n = 13) popular Android mobile health and fitness applications. We also developed and implemented a tool that aided in the timely acquisition and identification of artifacts from the examined applications. Additionally, our work explored the type of data that may be collected from health and fitness web platforms, and Web Scraping mechanisms for data aggregation. The results clearly show that numerous artifacts may be recoverable, and that the tested web platforms pose serious privacy threats.

References

[1]
52% of users reuse their passwords. Panda Security, 2018. https://www.pandasecurity.com/mediacenter/security/password-reuse/.
[2]
Apple health data used in murder trial. BBC News, 2018. https://www.bbc.com/news/technology-42663297.
[3]
10 notable facts about wearable technology. Medium, 2019. https://medium.com/@TechTalker/10-notable-facts-about-wearable-technology-c01c21070324.
[4]
Subscriber share held by smartphone operating systems in the united states from 2012 to 2018. Statista, 2019. https://www.statista.com/statistics/266572/market-share-held-by-smartphone-platforms-in-the-united-states/.
[5]
Linda Ackerman. Mobile health and fitness applications and information privacy. Privacy Rights Clearinghouse, San Diego, CA, 2013.
[6]
Noora Al Mutawa, Ibrahim Baggili, and Andrew Marrington. Forensic analysis of social networking applications on mobile devices. Digital Investigation, 9:S24--S33, 2012.
[7]
Cosimo Anglano. Forensic analysis of whatsapp messenger on android smart-phones. Digital Investigation, 11(3):201--213, 2014.
[8]
Abdullah Azfar, Kim-Kwang Raymond Choo, and Lin Liu. Forensic taxonomy of popular android mhealth apps. 21st Americas Conference on Information Systems, 2015.
[9]
Mona Bader and Ibrahim Baggili. iphone 3gs forensics: Logical analysis using apple itunes backup utility. 2010.
[10]
Ibrahim Baggili, Jeff Oduro, Kyle Anthony, Frank Breitinger, and Glenn McGee. Watch what you wear: preliminary forensic analysis of smart watches. In 2015 10th International Conference on Availability, Reliability and Security, pages 303--311. IEEE, 2015.
[11]
Elizabeth Barber. What happens when you stalk your boyfriend on strava. WIRED, 2018. https://www.wired.com/story/strava-love-surveillance/.
[12]
MF Breeuwsma. Forensic imaging of embedded systems using jtag (boundary-scan). digital investigation, 3(1):32--42, 2006.
[13]
Quang Do, Ben Martini, and Kim-Kwang Raymond Choo. Is the data on your wearable device secure? an android wear smartwatch case study. Software: Practice and Experience, 47(3):391--403, 2017.
[14]
William Enck, Damien Octeau, Patrick D McDaniel, and Swarat Chaudhuri. A study of android application security. In USENIX security symposium, volume 2, page 2, 2011.
[15]
Junbin Fang, Zoe Jiang, Kam-Pui Chow, Siu-Ming Yiu, Lucas Hui, Gang Zhou, Mengfei He, and Yanbin Tang. Forensic analysis of pirated chinese shanzhai mobile phones. In IFIP International Conference on Digital Forensics, pages 129--142. Springer, 2012.
[16]
Aya Fukami, Saugata Ghose, Yixin Luo, Yu Cai, and Onur Mutlu. Improving the reliability of chip-off forensic analysis of nand flash memory devices. Digital Investigation, 20:S1--S11, 2017.
[17]
Jenn Gidman. iphone app foils husband who murdered wife. Newser, 2018. http://www.newser.com/story/268299/iphone-app-foils-husband-who-murdered-wife.html.
[18]
Cinthya Grajeda, Laura Sanchez, Ibrahim Baggili, Devon Clark, and Frank Breitinger. Experience constructing the artifact genome project (agp): Managing the domain's knowledge one artifact at a time. Digital Investigation, 26:S47--S58, 2018.
[19]
Cinthya Grajeda, Laura Sanchez, Ibrahim Baggili, Devon Clark, and Frank Breitinger. Experience constructing the artifact genome project (agp): Managing the domain's knowledge one artifact at a time. Digital Investigation, 26:S47--S58, 2018.
[20]
George Grispos, William Bradley Glisson, and Peter Cooper. A bleeding digital heart: Identifying residual data generation from smartphone applications interacting with medical devices, 2019.
[21]
Trevor Haigh, Frank Breitinger, and Ibrahim Baggili. If i had a million cryptos: Cryptowallet application analysis and a trojan proof-of-concept. In International Conference on Digital Forensics and Cyber Crime, pages 45--65. Springer, 2018.
[22]
Christine Hauser. Police use fitbit data to charge 90-year-old man in stepdaugh-terâĂŹs killing. NYTimes, 2018. https://www.nytimes.com/2018/10/03/us/fitbit-murder-arrest.html.
[23]
Andrew Hoog. Android forensics: investigation, analysis and mobile security for Google Android. Elsevier, 2011.
[24]
Bart Jansen. Strava fitness tracking map reveals military bases, movements in war zones. USA Today, 2018. https://www.usatoday.com/story/news/world/2018/01/29/strava-war-zones/1073975001/.
[25]
Serim Kang, Soram Kim, and Jongsung Kim. Forensic analysis for iot fitness trackers and its application. Peer-to-Peer Networking and Applications, pages 1--10, 2018.
[26]
Filip Karpisek, Ibrahim Baggili, and Frank Breitinger. Whatsapp network forensics: Decrypting and understanding the whatsapp call signaling messages. Digital Investigation, 15:110--118, 2015.
[27]
Jeff Lessard and Gary C Kessler. Android Forensics: Simplifying Cell Phone Examinations. Small Scale Digital Device Forensics Journal, 4(1):1--12, 2010.
[28]
Alex Levinson, Bill Stackpole, and Daryl Johnson. Third party application forensics on apple mobile devices. In 2011 44th Hawaii International Conference on System Sciences, pages 1--9. IEEE, 2011.
[29]
Hafizah Mansor, Konstantinos Markantonakis, Raja Naeem Akram, Keith Mayes, and Iakovos Gurulian. Log your car: The non-invasive vehicle forensics. In 2016 IEEE Trustcom/BigDataSE/ISPA, pages 974--982. IEEE, 2016.
[30]
Farhood Norouzizadeh Dezfouli, Ali Dehghantanha, Brett Eterovic-Soric, and Kim-Kwang Raymond Choo. Investigating social networking applications on smartphones detecting facebook, twitter, linkedin and google+ artefacts on android and ios platforms. Australian journal of forensic sciences, 48(4):469--488, 2016.
[31]
Michael Rucker. Mobile health apps and technology. verywellhealth, 2018. https://www.verywellhealth.com/mobile-health-4014014.
[32]
Mark Russell. Shoe fits in 'frenzied killing' case. The Age, 2013. https://www.theage.com.au/national/victoria/shoe-fits-in-frenzied-killing-case-20130628-2p2c4.html.
[33]
Robert Schmicker, Frank Breitinger, and Ibrahim Baggili. Androparse-an android feature extraction framework and dataset. In International Conference on Digital Forensics and Cyber Crime, pages 66--88. Springer, 2018.
[34]
Brent Schrotenboer. Kellen winslow trial day 5: How bike location data incriminated him. USA Today, 2019. https://www.usatoday.com/story/sports/2019/05/28/kellen-winslow-trial-cycling-clues-hurt-ex-nfl-star-criminal-case/1267080001/.
[35]
David Sharos. Social media has 'emboldened' stalkers, officials say. The Chicago Tribune, 2018. https://www.chicagotribune.com/suburbs/aurora-beacon-news/ct-abn-stalking-st-0118-20180117-story.html.
[36]
Onno Van Eijk and Mark Roeloffs. Forensic acquisition and analysis of the random access memory of tomtom gps navigation systems. Digital Investigation, 6(3-4):179--188, 2010.
[37]
Daniel Walnycky, Ibrahim Baggili, Andrew Marrington, Jason Moore, and Frank Breitinger. Network and device forensic analysis of android social-messaging applications. Digital Investigation, 14:S77--S84, 2015.
[38]
Songyang Wu, Yong Zhang, Xupeng Wang, Xiong Xiong, and Lin Du. Forensic analysis of wechat on android smartphones. Digital investigation, 21:3--10, 2017.
[39]
Seung Jei Yang, Jung Ho Choi, Ki Bom Kim, and Taejoo Chang. New acquisition method based on firmware update protocols for android smartphones. Digital Investigation, 14:S68--S76, 2015.
[40]
Xiaolu Zhang, Ibrahim Baggili, and Frank Breitinger. Breaking into the vault: Privacy, security and forensic analysis of android vault applications. Computers & Security, 70:516--531, 2017.
[41]
Xiaolu Zhang, Frank Breitinger, and Ibrahim Baggili. Rapid android parser for investigating dex files (rapid). Digital Investigation, 17:28--39, 2016.
[42]
Fan Zhou, Yitao Yang, Zhaokun Ding, and Guozi Sun. Dump and analysis of android volatile memory on wechat. In 2015 IEEE International Conference on Communications (ICC), pages 7151--7156. IEEE, 2015.

Cited By

View all
  • (2024)Wearable Activity Trackers: A Survey on Utility, Privacy, and SecurityACM Computing Surveys10.1145/364509156:7(1-40)Online publication date: 8-Feb-2024
  • (2024)I’ve Got You, Under My Skin: Biohacking Augmentation Implant ForensicsDigital Forensics and Cyber Crime10.1007/978-3-031-56583-0_21(315-332)Online publication date: 3-Apr-2024
  • (2024)Catch Me if You Can: Analysis of Digital Devices and Artifacts Used in Murder CasesDigital Forensics and Cyber Crime10.1007/978-3-031-56580-9_2(19-32)Online publication date: 3-Apr-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security
August 2019
979 pages
ISBN:9781450371643
DOI:10.1145/3339252
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Applications
  2. Artifacts
  3. Fitness
  4. Forensics
  5. Health

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ARES '19

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)75
  • Downloads (Last 6 weeks)12
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Wearable Activity Trackers: A Survey on Utility, Privacy, and SecurityACM Computing Surveys10.1145/364509156:7(1-40)Online publication date: 8-Feb-2024
  • (2024)I’ve Got You, Under My Skin: Biohacking Augmentation Implant ForensicsDigital Forensics and Cyber Crime10.1007/978-3-031-56583-0_21(315-332)Online publication date: 3-Apr-2024
  • (2024)Catch Me if You Can: Analysis of Digital Devices and Artifacts Used in Murder CasesDigital Forensics and Cyber Crime10.1007/978-3-031-56580-9_2(19-32)Online publication date: 3-Apr-2024
  • (2024)A digital forensic analysis of an electrocardiogram medical device: A first lookWIREs Forensic Science10.1002/wfs2.1535Online publication date: 29-Sep-2024
  • (2023)Analysis and Definition of Necessary Mechanisms to Ensure the Security and Privacy of Digital Health Data under a Cybernetic Digital Investigation FrameworkKibernetika i vyčislitelʹnaâ tehnika10.15407/kvt212.02.0522023:2(212)(52-79)Online publication date: 15-Jun-2023
  • (2022)Investigating Wearable Fitness Applications: Data Privacy and Digital Forensics Analysis on AndroidApplied Sciences10.3390/app1219974712:19(9747)Online publication date: 28-Sep-2022
  • (2022)Badoo Android and iOS Dating Application AnalysisMobile Networks and Applications10.1007/s11036-022-02048-928:4(1272-1281)Online publication date: 2-Nov-2022
  • (2022)Auto-Parser: Android Auto and Apple CarPlay ForensicsDigital Forensics and Cyber Crime10.1007/978-3-031-06365-7_4(52-71)Online publication date: 4-Jun-2022

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media