In 2025 in Italy, on average, a cyberattack occurred every five minutes. Phishing emails, harmful software and cracked account passwords are just some examples of possible cyber frauds. Several solutions already exist on the market to help associate a smart device (such as a computer or smartphone) with a specific digital crime. One example is the MAC address (Media Access Control), a unique identification number assigned to a device’s network card that works like a hardware ID and enables the identification of a specific device connected to a network.

However, these systems are vulnerable and can be easily altered by cybercriminals. The research group of the User Experience Laboratory at the Faculty of Engineering of the Free University of Bozen- Bolzano has developed a system designed to support traditional forensic device-incident association methods in a way that is much harder to manipulate.

The system, called SENTINEL-DL, is a novel forensic framework that exploits accelerometer data generated by a device to identify it. Accelerometers are sensors present in all smart devices that measure movement and changes in speed or direction. They allow a device to detect if it is tilting, shaking, or accelerating – for example, when a phone rotates its screen. The research is based on the fact that subtle variations in accelerometer readings depend on the device model (hardware), usage and environmental conditions. These variations can act as “sensor fingerprints” and can be used to link a criminal activity to a specific device model.

To analyse these data, the research team applied machine learning models to accelerometer data from a publicly available dataset (the Heterogeneity Dataset for Human Activity Recognition from Smartphones and Smartwatches), which contains motion sensor data collected from eight smartphone models and four smartwatch models while nine users performed different activities. By analysing 1.25-seconds windows of accelerometer data, the researchers identified unique patterns that can be transformed into feature vectors representing a specific device’s behaviour. An artificial intelligence model then analyses these vectors to predict the smartphone or smartwatch model that generated them.

«The system we developed is not meant to be a standalone solution, but it could be used as supporting evidence to enhance the overall accuracy», explains Attaullah Buriro, who conducted the research at the User Experience Laboratory at unibz and is now Professor at the University of Essex, «The results we obtained are quite remarkable: we achieved a true positive rate (correct association with original device model) of over 93% and an overall accuracy exceeding 98%».

«This research fits into our broader work on decision support systems, where we analyse similarity patterns in behavioural data», explains Markus Zanker, head of the User Experience Laboratory at unibz, «In this case, accelerometer traces become distinctive patterns that allow us to recognise and associate devices in a forensic context».

This research highlights how advanced pattern recognition and decision support systems can open new frontiers in digital forensics, making cybercrime investigations more reliable and robust.