Post-mortem digital forensics analysis of the Zepp Life android application

Detalhes bibliográficos
Autor(a) principal: Domingues, Patricio
Data de Publicação: 2023
Outros Autores: Francisco, José, Frade, Miguel
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Texto Completo: http://hdl.handle.net/10400.8/8516
Resumo: This paper studies the post-mortem digital forensic artifacts left by the Android Zepp Life (formerly Mi Fit) mobile application when used in conjunction with a Xiaomi Mi Band 6. The Mi Band 6 is a low-cost smart band device with several sensors that allow for health and activity monitoring, collecting metrics such as heart rate, blood oxygen saturation level, and step count. The device communicates via Bluetooth Low Energy with the Zepp Life application, which displays its data, provides some controls, and acts as a bridge to the Internet. We study, from a digital forensics perspective, the Android version of the mobile application in a rooted smartphone. For this purpose, we analyze the data repositories, namely its databases and XML files, and correlate the data on the smartphone with the corresponding usage of the Mi Band device. The paper also presents two open-source scripts we have developed to ease the task of forensic practitioners dealing with Zepp Life/Mi Band 6: ZL_std and ZL_autopsy. The former refers to a Python 3 script that extracts high-level views of Zepp Life data through the command-line, whereas the latter is a module that integrates ZL_std functionalities within the popular open-source Autopsy digital forensic software. Data stored on the Android companion device of a Mi Band 6 might include GPS coordinates, events and alarms, and biometric data such as heart rate, sleep time, and fitness activity, which can be valuable digital forensic artifacts.
id RCAP_6efaa232e65c6fc742d4a7134d2f88bb
oai_identifier_str oai:iconline.ipleiria.pt:10400.8/8516
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Post-mortem digital forensics analysis of the Zepp Life android applicationDigital forensicsMi bandFitness trackersAndroidWearableThis paper studies the post-mortem digital forensic artifacts left by the Android Zepp Life (formerly Mi Fit) mobile application when used in conjunction with a Xiaomi Mi Band 6. The Mi Band 6 is a low-cost smart band device with several sensors that allow for health and activity monitoring, collecting metrics such as heart rate, blood oxygen saturation level, and step count. The device communicates via Bluetooth Low Energy with the Zepp Life application, which displays its data, provides some controls, and acts as a bridge to the Internet. We study, from a digital forensics perspective, the Android version of the mobile application in a rooted smartphone. For this purpose, we analyze the data repositories, namely its databases and XML files, and correlate the data on the smartphone with the corresponding usage of the Mi Band device. The paper also presents two open-source scripts we have developed to ease the task of forensic practitioners dealing with Zepp Life/Mi Band 6: ZL_std and ZL_autopsy. The former refers to a Python 3 script that extracts high-level views of Zepp Life data through the command-line, whereas the latter is a module that integrates ZL_std functionalities within the popular open-source Autopsy digital forensic software. Data stored on the Android companion device of a Mi Band 6 might include GPS coordinates, events and alarms, and biometric data such as heart rate, sleep time, and fitness activity, which can be valuable digital forensic artifacts.ElsevierRepositório IC-OnlineDomingues, PatricioFrancisco, JoséFrade, Miguel2023-05-25T10:13:30Z2023-05-122023-05-12T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10400.8/8516enghttps://doi.org/10.1016/j.fsidi.2023.301555info:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-02-25T15:13:19Zoai:iconline.ipleiria.pt:10400.8/8516Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T20:52:17.896597Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Post-mortem digital forensics analysis of the Zepp Life android application
title Post-mortem digital forensics analysis of the Zepp Life android application
spellingShingle Post-mortem digital forensics analysis of the Zepp Life android application
Domingues, Patricio
Digital forensics
Mi band
Fitness trackers
Android
Wearable
title_short Post-mortem digital forensics analysis of the Zepp Life android application
title_full Post-mortem digital forensics analysis of the Zepp Life android application
title_fullStr Post-mortem digital forensics analysis of the Zepp Life android application
title_full_unstemmed Post-mortem digital forensics analysis of the Zepp Life android application
title_sort Post-mortem digital forensics analysis of the Zepp Life android application
author Domingues, Patricio
author_facet Domingues, Patricio
Francisco, José
Frade, Miguel
author_role author
author2 Francisco, José
Frade, Miguel
author2_role author
author
dc.contributor.none.fl_str_mv Repositório IC-Online
dc.contributor.author.fl_str_mv Domingues, Patricio
Francisco, José
Frade, Miguel
dc.subject.por.fl_str_mv Digital forensics
Mi band
Fitness trackers
Android
Wearable
topic Digital forensics
Mi band
Fitness trackers
Android
Wearable
description This paper studies the post-mortem digital forensic artifacts left by the Android Zepp Life (formerly Mi Fit) mobile application when used in conjunction with a Xiaomi Mi Band 6. The Mi Band 6 is a low-cost smart band device with several sensors that allow for health and activity monitoring, collecting metrics such as heart rate, blood oxygen saturation level, and step count. The device communicates via Bluetooth Low Energy with the Zepp Life application, which displays its data, provides some controls, and acts as a bridge to the Internet. We study, from a digital forensics perspective, the Android version of the mobile application in a rooted smartphone. For this purpose, we analyze the data repositories, namely its databases and XML files, and correlate the data on the smartphone with the corresponding usage of the Mi Band device. The paper also presents two open-source scripts we have developed to ease the task of forensic practitioners dealing with Zepp Life/Mi Band 6: ZL_std and ZL_autopsy. The former refers to a Python 3 script that extracts high-level views of Zepp Life data through the command-line, whereas the latter is a module that integrates ZL_std functionalities within the popular open-source Autopsy digital forensic software. Data stored on the Android companion device of a Mi Band 6 might include GPS coordinates, events and alarms, and biometric data such as heart rate, sleep time, and fitness activity, which can be valuable digital forensic artifacts.
publishDate 2023
dc.date.none.fl_str_mv 2023-05-25T10:13:30Z
2023-05-12
2023-05-12T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.8/8516
url http://hdl.handle.net/10400.8/8516
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv https://doi.org/10.1016/j.fsidi.2023.301555
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Elsevier
publisher.none.fl_str_mv Elsevier
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833598925540425728

Registros relacionados