• No results found

Smart TV Forensics

N/A
N/A
Info
Download
Protected

Academic year: 2022

Share "Smart TV Forensics"

Copied!
33
0
0

Loading.... (view fulltext now)

Download now ( 33 Page )

Full text

(1)

25 March 2015

Smart TV Forensics

A.Boztas M. Roeloffs

A.Boztas@holmes.nl M.Roeloffs@holmes.nl

(2)

Smart TV Forensics | 25 March 2015

Agenda

•The NFI

•Introduction

•Material and methods

•Data acquisition

•Data analysis

•Future

•Conclusion

(3)

Smart TV Forensics | 25 March 2015

Introduction

(4)

Smart TV Forensics | 25 March 2015

Introduction

Research questions:

•Can a Smart TV be a key component in a digital forensic investigation?

•Is it possible to acquire data from a Smart TV?

•Can a Smart TV contain relevant data?

(5)

Smart TV Forensics | 25 March 2015

Material and Methods

•Literature study

•Selection Smart TV

•Data acquisition

•Data analysis

•System information and settings

•Apps

•Web browsing

•Photo and multimedia files

•External media

•Cloud services

•Channel information

(6)

Smart TV Forensics | 25 March 2015

Data Acquisition: NFI Memory Toolkit

•Chip-off

•De-soldering of eMMC chip

•Read out with

•NFI Memory Toolkit II

•This method works on

almost all embedded devices, the problem after chip-off is crypto.

(7)

Smart TV Forensics | 25 March 2015

Data Acquisition: the Five-Wire Method

• More and more embedded systems use eMMC chips

• eMMC is roughly the same as an MMC card

• Only three signals + Power Supply required to read

• Controller, a disk image is created, no rough copy of NAND

(8)

Smart TV Forensics | 25 March 2015

Data Acquisition: the Five-Wire Method

(9)

Smart TV Forensics | 25 March 2015

Data Acquisition: the Five-Wire Method

Does not work yet.

Probably because there are also other chips which start-up and draw current.

Can do it with many other devices

(10)

Smart TV Forensics | 25 March 2015

Data Acquisition: App

• Smart TVs are

ordinary computers

• Often work with Linux operating system

• Rooting

(11)

Smart TV Forensics | 25 March 2015

Data Acquisition: App

•SamyGO forum on the Internet

•Many opportunities for "rooting"

•Possible to use Smart TV as a BitTorrent client, etc.

(12)

Smart TV Forensics | 25 March 2015

Data Acquisition

The Five-Wire Method

Quick Method, more research is needed, repeatable Chip-off

Takes longer time, repeatability is getting better App

Fast method, but does not work on all firmware

(13)

Smart TV Forensics | 25 March 2015

Removable Soldered Memory

Test device now equipped with removable media by using a BGA adapter.

13

(14)

Smart TV Forensics | 25 March 2015

FILE SYSTEM ANALYSIS

(15)

Smart TV Forensics | 25 March 2015

File System Analysis

Squashfs

•Read-only

•Software of Samsung Open Source Release Center

•Adjustment image authentication and compression Samsung eMMC

•Samsung chip oriented file system

•Like a BTRFS variant, journaling, snapshotting

•Magic ‘1eMMCFS`

Partition redundancy

•Some partitions have the same size

•Used to reset software

(16)

Smart TV Forensics | 25 March 2015

File System Analysis

(17)

Smart TV Forensics | 25 March 2015

Data Analysis: System and Network Information

•Device name

•Connected devices

•Network information

•Smart functionalities

(18)

Smart TV Forensics | 25 March 2015

Data Analysis: System and Network Information

•System information:

•Serial number

•Model

•Brand

•Unique ID

•etc.

•Network information:

•Information about network name

•IP-addresses

•Bluetooth devices

•MAC-address

(19)

Smart TV Forensics | 25 March 2015

Data Analysis: Apps

•Facebook

•Twitter

•YouTube, etc.

(20)

Smart TV Forensics | 25 March 2015

Data Analysis: Apps

•Name

•Date

•Screenshots

•User related information

(21)

Smart TV Forensics | 25 March 2015

Data Analysis: Apps

(22)

Smart TV Forensics | 25 March 2015

Data Analysis: Apps

(23)

Smart TV Forensics | 25 March 2015

Data Analysis: Web Browsing

•Visited websites

•Web history

•Information about search machines

•Bookmarks

•Cookies

•etc.

(24)

Smart TV Forensics | 25 March 2015

Data Analysis: Web Browsing

settings.db located in p24/webkit/WebBrowser.

•SQLite database

•Contains 14 tables Relevant tables:

•FullBrowserHistory:

•fullBrowser_HiddenHistory:

•fullBrowser_Bookmark:

•fullBrowser_Search:

(25)

Smart TV Forensics | 25 March 2015

Data Analysis: Web Browsing

(26)

Smart TV Forensics | 25 March 2015

Data Analysis: Picture and Multimedia Files

•The file .CM.db located in p22

•SQLite database

•Contains 20 tables

•Information about audio, pictures and video files

•When files are opened, played etc.

Relevant tables:

•PhotoTable

•MusicTable

•VideoTable

•FileTable

•p22/RecentlyPlayed contains files with .mta extension.

(27)

Smart TV Forensics | 25 March 2015

Data Analysis: Picture and Multimedia Files

(28)

Smart TV Forensics | 25 March 2015

Data Analysis: External Media Artifacts

•Device0013.db located in p22

•SQLite database

•Contains one table TABLE_DEVID

•Information about USB flash drives

(29)

Smart TV Forensics | 25 March 2015

Data Analysis: TV Channels

•p16/map-AirA, map-AirD, map-CableA, map-CableD, map-SateD

•p22/.EPG.db; SQLite database and contain Electronic Program Guide

•Due to time constraints not further investigated

(30)

Smart TV Forensics | 25 March 2015

Data Analysis : Cloud services

•URL

•Pictures

•Videos

•Username

•etc.,

(31)

Smart TV Forensics | 25 March 2015

Conclusion

•A Smart TV is actually a computer and can be investigated with the same forensic toolset

•Acquiring data is possible

•A Smart TV can contain relevant data

•Relevant information is usually saved in SQLite databases

•Malicious users can abuse a Smart TV for viewing child pornography, communication, botnet, etc.

(32)

Smart TV Forensics | 25 March 2015

Future

•Further investigation of the five-wire method

•Investigate other makes and models Smart TV

•Extensive data analysis research

•Develop an app for acquiring data

•Make memory dump

•Analyse network activity

(33)

Smart TV Forensics | 25 March 2015

Questions

References

Download now ( PDF - 33 Page - 1.12 MB )

Related documents

Webb-tv – framtidens tv?

Jag kommer gå igenom processen för att se hur reportrar går till väga för att hitta ett inslag som ger höga tittarsiffror, samt hur redaktörerna arbetar för att de ska komma

Use of a Smart TV as a Platform for Social Engagement for Senior Citizens

By combining different existing technologies, devices, and requirements mentioned, the scope of this project will include design, development and implement a social

Anpassning av spelmekaniskakomponenter i mobilspel till Smart-TV

Det sades även att det kändes konstigt att med hjälp av Dpad:en behöva navigera ut från spelplanen eller kartan för att komma till menyn, istället för att kunna interagera med

Smart Locks for Smart Customers?

To make the product o↵ering complete, the smart locks need to o↵er several use-cases, the producers needs to assure the customers about the security of the smart locks, there need to

Data och Tv-spel: Data och tv-spels påverkan på ungdomar

På frågan om hur stor del av sin fritid eleverna lägger på data eller tv-spel var svaren ganska överraskande. 39 av 72 alltså 54.1 % av de tillfrågade sätter sig framför

Smart TV Application platform

27M is a company that has been working with digital TV for more than 10 years, and we can now see more requests for Application on Smart TVs.Todays platform for applications on Smart

SMART THINKING SMART LIVING

For further information on remuneration, fixed and variable pay, see Remuneration Report and Notes to the Consolidated Financial Statements – Note C29, “Information Regarding

Innovationsunionen och Innovationsunionen och Smart specialisering – kan Smart specialisering – kan Västra Götaland bli en smart Västra Götaland bli en smart region? region?

Innovationsunionen erbjuder en utvärderingsmall för Innovationsunionen erbjuder en utvärderingsmall för nationella och regionala forsknings- och innovationssystem nationella