Thursday, October 21, 2010

Digital Forensics and ‘self-tracking’

by Forensic Focus columnist, Dr Chris Hargreaves

Chris Hargreaves
About the Author

Dr Chris Hargreaves is a lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK.

This month's article is based very loosely around a recent 5-minute talk from Gary Wolf (link here) which explores the concept of ‘self-tracking’ (the trend for people to record aspects of their life) and how this can now be performed to a much greater extent than was previously possible due to changes in technology. The talk discusses the monitoring of heart rates, sleep patterns, consumption of caffeine, food and alcohol etc. While many of these could be recorded simply with a pen and paper, the talk also introduces a variety of new digital devices that automate the collection, recording and in some cases transmission of this ‘self-tracking’ data. This article ponders the implications of such devices for digital forensics.

Several technologies are mentioned in the referenced TED talk, including general purpose technologies such as Twitter and iPhones that can be used for ‘self-tracking’ of diet or exercise, but it also discusses dedicated devices. This includes technologies such as such as Nike+ (tracking distances and times), Fitbit (for fitness and sleep monitoring), Polar WearLink+ (heart rate) and Zeo Sleep Tracker (sleep monitoring). Outside of those covered in the talk, additional technologies that are already commonly in use that record information about our lives include games consoles such as the Nintendo Wii (amount of time playing a particular game or using other features such as the web browser) and GPS devices (locations visited). There are also other upcoming technologies, for example those which capture and record the total electrical power consumption of your home.

It does not require too much imagination to foresee how data from such devices could be potentially useful (particularly as evidence related to alibis, for example). Really, any additional source of potential digital evidence should be welcomed, and this is particularly true for devices that are difficult to tamper with (there is not yet an evidence eliminator for electricity usage monitors as far as I am aware). There is also an additional benefit from using digital evidence in this way – rather than relying on digital evidence from a single PC or device, multiple, independent devices can be examined for evidence that supports (or refutes) the current working hypothesis of what events occurred. More data sources can only increase the accuracy of any inferences drawn from the evidence...


No comments: