Abstract
This paper introduces SENTINEL-DL-a novel forensic framework which leverages accelerometer sensory data to associate motion-based digital evidence to its corresponding smartphone or smartwatch models. SENTINEL-DL analyzes robust tamper-resistant intrinsic motion signatures (profiled using built-in 3D accelerometers) to establish device associations. Technically speaking, it leverages small differences in linear acceleration to identify and associate the readings with its generating device. SENTINEL-DL utilizes machine learning models including random forest (RF), deep neural networks (DNN) and convolutional neural networks (CNN) to drive its association during the matching process, i.e., unknown sensory data against a reference database containing device profiles from known sources. The results of empirical tests show that SENTINEL-DL for smartphones and smartwatches, respectively, achieves a true positive rate (TPR) of 93.99% and 92.65%, a false acceptance rate (FAR) of 0.66% and 1.22%, and an overall accuracy of 98.76% and 98.97%. SENTINEL-DL being light-weight promises investigators a dependable analysis solution for motion sensor evidence while providing digital fingerprinting capabilities and forensic authentication support. The research demonstrates how motion sensor data can be utilized in digital forensic investigations to develop improved device fingerprinting and forensic verification methodologies.
Similar content being viewed by others
Data availability
The dataset Heterogeneity Dataset for Human Activity Recognition from Smartphones and Smartwatches used in this study is publicly available25. However, the processed version of the data used for training and evaluation in the current research is available from the corresponding author upon reasonable request.
References
Majumder, S. & Deen, M. J. Smartphone sensors for health monitoring and diagnosis. Sensors 19(9), 2164 (2019).
King, C. E. & Sarrafzadeh, M. A survey of smartwatches in remote health monitoring. J. Healthcare Inf. Res. 2, 1–24 (2018).
Bernardo, J. B. L., Taparugssanagorn, A., Miyazaki, H., Pati, B. M. & Thapa, U. Robust human activity recognition for intelligent transportation systems using smartphone sensors: A position-independent approach. Appl. Sci. 14(22), 10461 (2024).
Lin, L. et al. LIMUNet: A lightweight neural network for human activity recognition using smartwatches. Appl. Sci. 14(22), 10515 (2024).
Ahad, M. A. R. et al. Wearable sensor-based gait analysis for age and gender estimation. Sensors 20(8), 2424 (2020).
Davarci, E., Soysal, B., Erguler, I., Aydin, S. O., Dincer, O. & Anarim, E. Age group detection using smartphone motion sensors. In 2017 25th European Signal Processing Conference (EUSIPCO), 2201–2205 (IEEE, 2017).
Buriro, A. Behavioral biometrics for smartphone user authentication. Ph.D. thesis, University of Trento (2017).
Buriro, A., Akhtar, Z., Ricci, F. & Luccio, F. Wearable wisdom: A Bi-modal behavioral biometric scheme for smartwatch user authentication. IEEE Access, (2024).
MOBILedit. Smartwatch Forensics—Extracting and Analyzing Data from Smartwatches. Available at: https://www.mobiledit.com/smartwatch-forensics (Accessed: 2024–02–06).
Azfar, A., Choo, K.-K. R. & Liu, L. Forensic taxonomy of popular Android mHealth apps. arXiv preprint arXiv:1505.02905 (2015).
Jeon, S., Chung, J. & Jeong, D. Watch Out! Smartwatches as criminal tool and digital forensic investigations. arXiv preprint arXiv:2308.09092 (2023).
Lin, H. Attribution of malicious cyber incidents: From soup to nuts. J. Int. Aff. 70(1), 75–137 (2016).
Martin, J., Mayberry, T., Donahue, C., Foppe, L., Brown, L., Riggins, C., Rye, E. C., & Brown, D. A study of MAC address randomization in mobile devices and when it fails. arXiv preprint arXiv:1703.02874 (2017).
Kumar, K., Kaur, P. & Amritsar, G. N. D. U. Vulnerability detection of international mobile equipment identity number of smartphone and automated reporting of changed IMEI number. Int. J. Comput. Sci. Mob. Comput. 4(5), 527–533 (2015).
Alotaibi, B. & Elleithy, K. A new MAC address spoofing detection technique based on random forests. Sensors 16(3), 281 (2016).
Xie, T., Tu, G.-H., Li, C.-Y. & Peng, C. How can IoT services pose new security threats in operational cellular networks?. IEEE Trans. Mob. Comput. 20(8), 2592–2606 (2020).
Hoque, N., & Rahbari, H. Countering relay and spoofing attacks in the connection establishment phase of Wi-Fi systems. Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 275–285 (2023).
Bojinov, H., Michalevsky, Y., Nakibly, G., & Boneh, D. Mobile device identification via sensor fingerprinting. arXiv preprint arXiv:1408.1416 (2014).
Baldini, G., Steri, G., Amerini, I., & Caldelli, R. The identification of mobile phones through the fingerprints of their built-in magnetometer: An analysis of the portability of the fingerprints. In 2017 International Carnahan Conference on Security Technology (ICCST), 1–6 (2017).
Moubarak, N. N. I., Omar, N. M. M. & Youssef, V. N. Smartphone-sensor-based human activities classification for forensics: A machine learning approach. J. Electr. Syst. Inf. Technol. 11(1), 33 (2024).
Ahmed, T., Arefin, S., Parvez, R., Jahin, F., Sumaiya, F., & Hasan, M. Advancing mobile sensor data authentication: Application of deep machine learning models. In 2024 IEEE International Conference on Electro Information Technology (eIT), 538–544 (2024).
Baldini, G., Steri, G., Dimc, F., Giuliani, R. & Kamnik, R. Experimental identification of smartphones using fingerprints of built-in micro-electro mechanical systems (MEMS). Sensors 16(6), 818 (2016).
Aweya, J. Designing switch/routers: Fundamental concepts and design methods. CRC Press (2022).
Marabissi, D., Mucchi, L. & Stomaci, A. IoT nodes authentication and ID spoofing detection based on joint use of physical layer security and machine learning. Future Internet 14(2), 61 (2022).
Blunck, H., Bhattacharya, S., Prentow, T., Kjrgaard, M. & Dey, A. Heterogeneity activity recognition, UCI machine learning repository, Available at: https://archive.ics.uci.edu/dataset/344/heterogeneity+activity+recognition (2015)
Stisen, A., Blunck, H., Bhattacharya, S., Prentow, T. S., Kjærgaard, M. B., Dey, A., Sonne, T., & Jensen, M. M. Smart devices are different: Assessing and mitigating mobile sensing heterogeneities for activity recognition. In Proceedings of the 13th ACM Conference on Embedded Networked Sensor Systems, 127–140 (2015).
Mills, A. et al. Efficient and interpretable real-time malware detection using random-forest. In 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), 1–8 (2019).
Louk, M. H. L. & Tama, B. A. Tree-based classifier ensembles for PE malware analysis: A performance revisit. Algorithms 15(9), 332 (2022).
Buriro, A. et al. MalwD&C: A quick and accurate machine learning-based approach for malware detection and categorization. Appl. Sci. 13(4), 2508 (2023).
Buriro, A., Luccio, F., Costa, G., Focardi, R., et al. Z-MDZS: Zero-day Malware Detection using Zero-Shot Machine Learning Schemes. In IEEE Consumer Communications & Networking Conference (2024).
Funding
The authors received no funding for this work.
Author information
Authors and Affiliations
Contributions
Attaullah Buriro, Abdul Baseer, Tahir Ahmad, Muhammad Azfar Yaqub, Conceptualization, Methodology, Software, Data Curation, Writing—Original Draft. Flaminia Luccio, Markus Zanker: Supervision, Project Administration, Writing—Review and Editing. Flaminia Luccio, Markus Zanker: Investigation, Validation, Resources, Writing—Review and Editing.
Corresponding authors
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Buriro, A., Buriro, A.B., Ahmad, T. et al. SENTINEL-DL: a forensic framework for device attribution using motion sensor data. Sci Rep (2026). https://doi.org/10.1038/s41598-025-34734-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41598-025-34734-5
