The increase in the adoption of wearable fitness trackers has led to their inclusion as valuable evidence used by law enforcement during investigations. The information available in these fitness trackers can be used by law enforcement to prosecute or exonerate an individual. Wearable fitness devices are constantly being released by companies, with new firmware created for each iteration. As technology developers, research and law enforcement must keep pace to take advantage of data that can be used in investigations. The Fitbit line of devices is a popular brand of wearable trackers. This study will investigate what artifacts are generated by the new Fitbit Versa 2 by investigating what data are generated and stored on the smartphone app component of the new device. The artifacts discovered will be related to areas of forensic interest that are relevant to a law enforcement officer or digital forensics practitioner. Previous research and their methodologies used for application and mobile forensics will be used to conduct this research. This study finds the Fitbit Versa 2, and by extension, the Fitbit smartphone application does not store social media message notifications pushed to the tracker by the user’s mobile device. Some credit card information, health-related data, such as heart rate, GPS locations, and other potentially identifying data were found in plaintext. While the exposed data is not enough on its own to pose an immediate serious issue, it can be used as leverage to phish a user for further details.
This is an open access article distributed under the Creative Commons Attribution License
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited