Conclusion

     After all of the research I have done this semester looking at the Galaxy Gear watch I have found that it is possible to find some artifacts of importance on the watch. Some artifacts that can be found on the watch include all notifications that are shown on the watch at any given time. These notifications include text messages, e-mails, tweets, and Facebook notifications. All of these artifacts are located in a database file under the directory of /data/data on the watch.
     It was also possible to pull pictures from the watch without gaining root access using ADB. Lastly it was possible to see who was logged into Facebook on the watch using the Facebook xml file located under /data/data. This will at least allow for someone to figure out the current user of the Samsung Galaxy Gear. To move and pull files I used ADB and to actually analyze all of the files from the watch I used Autopsy from The Sleuth Kit.

How to Root a Galaxy Gear Watch

     The first step to gaining Super User access to the Galaxy Gear is to enable “Developer Mode.” To enable developer mode the examiner needs to scroll to the settings menu. Next scroll all the way to the bottom of the settings menu and tap “Gear Info.” From here the select the only option available “About Gear.” If there is another option here then developer mode may already be enabled. This is where things get tricky. In the current menu there should be a section titled “Software Version,” tapping the “Software Version” label 7 times will enable Developer Mode. Don’t worry, after the first couple taps a pop up tells you how many more taps until developer mode will be activated.

     To finish the first steps of gaining root access backtrack from the "Software Version" area to the "About Gear" menu and tap USB debug so that it has a check mark next to it. This completes the first step of gaining root access.

 

    For Windows to be able to know that the Galaxy Gear is connected to it Samsung drivers must first be installed on the system. The drivers for the Galaxy Gear are available on the Samsung Developers page. Here is the link.

     

     Now that the device drivers are all set use the Cydia Impactor tool to begin gaining root access. Cydia Impactor is available from a direct Google Doc download page. This direct download link will automatically download the Cydia Impactor zip file to the Downloads folder on the computer. Here is the link.

     Extract the zip file and open the application within. Connect the Galaxy Gear to the computer using the cradle and USB cable provided. Once connected click start on the Impactor application. This will cause a pop up to appear on the Galaxy Gear screen that asks if the computer should be allowed to connect to the watch. Select the check box that states “Always allow from this computer” and then select “ok.” After this start the impactor again and make sure the payload hits the device.

     The next thing that needs to be done is to download a program called Wondershare Mobile Go. There is a free trial to use this but it is a $40 program which is not all that cost prohibiting. This is the key to success when it comes to gaining root access on the Galaxy Gear. Wondershare MobileGo is available for download via the Wondershare website.

     The next step is to click into the Google Play Apps resource located on the left side of the screen. In the search bar type “supersu” and then hit the enter key or click the search icon. This will bring up all hits for “supersu” but the first option is most likely going to be the free SuperSU application made by Chainfire. Click on the free SuperSU application and install it.

     This will allow root access on the watch once SuperSU is installed onto the device. First SuperSU will be found under the Downloads menu within Wondershare most likely in the bottom left corner of the window. Once the application has finished installing to Wondershare there will be an option to transfer application to device as long as the trial is not expired. Transfer the application.

     

     Now that SuperSU is on the watch it just needs to be installed. Just like before when the Galaxy Gear needed to be put into developer mode, scroll through the main menus, this time stop at the applications menu titled “Apps” for short. From the Applications menu scroll to the right until the SuperSU application is displayed. The last step is to tap the application and install it. When tapped the SuperSU application will ask to update binaries. Selecting continue at this step will install the application and allow root access to the watch.

Progress

         Since my last post I have made a decent amount of progress on the Samsung Galaxy Gear. I generated text messages, calls, photos, Facebook messages, and tweets. The next step was to pull this data off of the watch. That is where I had a lot of issue. I decided to use ADB to pull the files off the watch. However, without the watch rooted the only files I was able to pull were the ones on the internal SD card. The next step was to root the watch without losing the data.

         I searched for a set of instructions on how to root the watch and thought I found some good instructions. However, there were certain steps left out that caused some setbacks for myself. I wiped the watch clean of data trying to root the watch. I found some better instructions and began re-generating photos, texts, and other data.

         I have successfully rooted the watch using Samsung drivers, Cydia Impactor, Wondershare Mobile Go, and an app called SuperSU. I will do a post on how to do this properly soon. Rooting the device has now allowed me to begin pulling folders from the watch onto my PC. My next step is to begin analyzing the files to find where text messages, call logs, and Facebook messages are stored locally on the device.

Galaxy Gear: Beginning Thoughts and Introduction

     My name is Jared Donohue. I am currently enrolled in my final semester at Champlain College in the Computer and Digital Forensics program. At Champlain, students work on a "Capstone" project in their senior year. For Digital Forensics students the task is to do research and forensically analyze a new device, product, or application that may be utilized in the search for digital data.

     This semester I will be analyzing Samsung's Galaxy Gear, otherwise known as the Samsung smart watch. The watch is paired with a Samsung Phone or tablet via Bluetooth and works as a notification accessory to the phone. The watch can make phone calls, send texts when using S-Voice which is a voice command software utilized by Samsung devices, and even take pictures. The watch has many more features and more applications are being produced for it as demand grows. Since digital evidence can be an important part of an investigation, any new technology that may have this data needs to be understood by professionals in the field. However, not much research has been done on this device so many questions have yet to be answered:

• What can be recovered from the watch itself?
• Are text messages stored on the watch or pushed from the phone?
• What can be found on the watch if the phone disassociates itself from the watch?
• Is there an easy way to extract data from the watch without a direct USB connection?
• What happens to data when the watch is reset?
• Is there any way to push pictures from the phone to the watch?

These are just a few questions that I will look into throughout the semester. As I start to conduct my forensic analysis of the watch, many new questions may come about and findings will be posted here as the semester progresses.