Samsung Smart Fridge
From Just Solve the File Format Problem
(Difference between revisions)
Kayvon2008 (Talk | contribs) (→System-data partition) |
Kayvon2008 (Talk | contribs) (→System-data partition) |
||
Line 14: | Line 14: | ||
*The "\etc\localtime" file contains information about the timezone set on the device (in the provided dataset America/Denver, where VTO Labs is located) | *The "\etc\localtime" file contains information about the timezone set on the device (in the provided dataset America/Denver, where VTO Labs is located) | ||
+ | *The "\dnsmasq.leases" file contains information about leases by the DNSmasq service. The provided dataset contains the following values: | ||
+ | **1517956504, that translates to 6th February 2018 at 10:35:04 UTC | ||
+ | **4c:66:41:5c:7e:92, a MAC address manufactured by Samsung Electro-Mechanics | ||
+ | **192.168.7.61, a local IP address | ||
+ | **Samsung-SM-G930V, a smartphone model | ||
+ | **01:4c:66:41:5c:7e:92, a MAC address by an unknown manufacturer | ||
==Links== | ==Links== | ||
* https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-1.html | * https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-1.html |
Revision as of 03:43, 27 November 2021
Samsung Smart Fridges with the Family Hub software are smart fridges that run Tizen. A dataset shared by VTO labs has an image of the all of the partitions like the system and data partition. The blog ZENA forensics has analyzed the dataset for evidence. (Just like a historian, EVERYTHING counts for a case to be solved)
Contents |
Storage format
They use a GPT partitioning schema and it has a total of 21 partitions.
- Partition 19 and 18 contain System data.
- Partition 20 has settings by the user.
- Partition 21 has user data.
RootFS Partition
- \etc\os.release contains details about the installed OS. In the file we see the installed os is Tizen 3.0.
- \etc\tizen-build.conf contains more OS info including build date.
- The "\usr\apps" folder contains the pre-installed applications. This is archivist gold because it has apps.
All apps have a bundle name or a sort-of 10 characters-long GUID.
System-data partition
This partition has settings.
- The "\etc\localtime" file contains information about the timezone set on the device (in the provided dataset America/Denver, where VTO Labs is located)
- The "\dnsmasq.leases" file contains information about leases by the DNSmasq service. The provided dataset contains the following values:
- 1517956504, that translates to 6th February 2018 at 10:35:04 UTC
- 4c:66:41:5c:7e:92, a MAC address manufactured by Samsung Electro-Mechanics
- 192.168.7.61, a local IP address
- Samsung-SM-G930V, a smartphone model
- 01:4c:66:41:5c:7e:92, a MAC address by an unknown manufacturer