Samsung Smart Fridge
From Just Solve the File Format Problem
(Difference between revisions)
Kayvon2008 (Talk | contribs) (→System-data partition) |
Kayvon2008 (Talk | contribs) (→System-data partition) |
||
Line 25: | Line 25: | ||
*The "\var\lib\bluetooth\" folder contains a subfolder apparently named as the Bluetooth MAC Address of the device. In the provided dataset the folder name is 70:2C:1F:41:E2:43, which is a Bluetooth MAC Address manufactured by Wisol, a Samsung company. | *The "\var\lib\bluetooth\" folder contains a subfolder apparently named as the Bluetooth MAC Address of the device. In the provided dataset the folder name is 70:2C:1F:41:E2:43, which is a Bluetooth MAC Address manufactured by Wisol, a Samsung company. | ||
*The "\var\lib\bluetooth\<BT_MAC>\settings" file contains the device Bluetooth name (in the provided dataset "[Refrigerator] Samsung"). | *The "\var\lib\bluetooth\<BT_MAC>\settings" file contains the device Bluetooth name (in the provided dataset "[Refrigerator] Samsung"). | ||
+ | *The "\var\lib\bluetooth\<BT_MAC>\cache" folder contains various files, named as a Mac Address. In the provided dataset 6 files are stored in the folder. Every file contains a device name. They seem to be "seen" devices, although more testing is needed. | ||
+ | *The "\var\lib\buxton2\system.db" contains information about OS settings. The database needs more research to understand the exact content, but it apparently contains interesting configuration and information embedded in BLOB data. Here follow the full settings list. | ||
==Links== | ==Links== | ||
* https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-1.html | * https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-1.html |
Revision as of 03:45, 27 November 2021
Samsung Smart Fridges with the Family Hub software are smart fridges that run Tizen. A dataset shared by VTO labs has an image of the all of the partitions like the system and data partition. The blog ZENA forensics has analyzed the dataset for evidence. (Just like a historian, EVERYTHING counts for a case to be solved)
Contents |
Storage format
They use a GPT partitioning schema and it has a total of 21 partitions.
- Partition 19 and 18 contain System data.
- Partition 20 has settings by the user.
- Partition 21 has user data.
RootFS Partition
- \etc\os.release contains details about the installed OS. In the file we see the installed os is Tizen 3.0.
- \etc\tizen-build.conf contains more OS info including build date.
- The "\usr\apps" folder contains the pre-installed applications. This is archivist gold because it has apps.
All apps have a bundle name or a sort-of 10 characters-long GUID.
System-data partition
This partition has settings.
- The "\etc\localtime" file contains information about the timezone set on the device (in the provided dataset America/Denver, where VTO Labs is located)
- The "\dnsmasq.leases" file contains information about leases by the DNSmasq service. The provided dataset contains the following values:
- 1517956504, that translates to 6th February 2018 at 10:35:04 UTC
- 4c:66:41:5c:7e:92, a MAC address manufactured by Samsung Electro-Mechanics
- 192.168.7.61, a local IP address
- Samsung-SM-G930V, a smartphone model
- 01:4c:66:41:5c:7e:92, a MAC address by an unknown manufacturer
- The "\dbspace\5001\.account.db" file contains information about the Samsung account, including username and email address (in the provided dataset "connectedkitchenvto@gmail.com")
- The "\dbspace\.notification.db" file contains notification settings (per app).
- The "\dbspace\.alarmmgr.db" file contains alarm settings (per app).
- The "\var\lib\bluetooth\" folder contains a subfolder apparently named as the Bluetooth MAC Address of the device. In the provided dataset the folder name is 70:2C:1F:41:E2:43, which is a Bluetooth MAC Address manufactured by Wisol, a Samsung company.
- The "\var\lib\bluetooth\<BT_MAC>\settings" file contains the device Bluetooth name (in the provided dataset "[Refrigerator] Samsung").
- The "\var\lib\bluetooth\<BT_MAC>\cache" folder contains various files, named as a Mac Address. In the provided dataset 6 files are stored in the folder. Every file contains a device name. They seem to be "seen" devices, although more testing is needed.
- The "\var\lib\buxton2\system.db" contains information about OS settings. The database needs more research to understand the exact content, but it apparently contains interesting configuration and information embedded in BLOB data. Here follow the full settings list.