The final phase for the Application Analysis team was analyzing the rest of the Fitbit artifacts. Fitbit generated a very large amount of data. As a result, it took much longer to analyze the VMDK. This means that after cataloging the most important information, there were still hidden artifacts. These artifacts could be of use in a forensic investigation.
The AppData folder of the VMDK contained a file in plain text. It contained incoming messages to our data gen user’s account from a friend.
During data generation, we joined two Fitbit community groups. Stored on the computer in the path shown below was information about posts in the group. The profile picture was found, as well as the picture they shared and the caption or status. This was all found in a file that was in plain text. This text was viewable for all the posts we found, and were found in the same database as listed above.
We have discovered what data these applications store. The need for online security is increasing every day. As such, learning how well an app protects one’s information has become very important. But, this security must not impede the effectiveness of the app. Or else the app fails to gain a following. It is a combination of security and ease of use that allows an app to be successful. This is the conclusion we came to analyzing these apps. Keep an eye out for two reports. One will detail the processes used to generate all the data. The other will outline all the valid information we gathered.
We welcome all feedback! Feel free to comment here or email us at firstname.lastname@example.org. You can also follow us on Facebook or Twitter for the most recent updates on projects, such as App Analysis, VPN Proxy Chain, and more!