Tag Archives: gps forensics

Updates to GPS Utility (Timestamp Features)

Posted by on August 7, 2013 No comments

I decided to make some pretty solid changes to TrackerCat since my last post.  I wasn’t satisfied with it only converting GPX-to-KML. The new changes include the following:

  • Ability to recursively export all GPXs from a specified path (can be a mounted device image).
  • Extract and write all trackpoint timestamps to CSV  including archived files.  Optionally, you can choose to export Active Log names and times to its own CSV. While the latter isn’t as important to export as trackpoint times, it may still be useful to some.
  • Display a file’s metadata time tag during the timestamp dump. This is critical if the GPX file is the Current.gpx (akin to a last access, or rather, last power-on for some devices). These are not written to CSV as their importance differs depending on file and scenario.

To reduce spam, I’ll try to keep minor official updates to Twitter instead of posting here in the future . Hope the updates are useful!

newlogo

TrackerCat: GPX-to-KML Active Log Mapping Tool

Posted by on July 29, 2013 No comments

To supplement my GPS research, I created a simple tool for the extraction of Active Log data from GPX files. This tool will transform GPS device data files into keyhole markup language files for easy mapping (GPX to KML). The output can easily be opened in programs like Google Earth. This tool will provide analysts with a better understanding of data contained within GPXs and their Active Logs. The KMLs are complete with timestamps and trackpoint coordinates.

Prior to TrackerCat – and without the use of expensive utilities – analysts had to manually re-save exported GPX files as KMLs in mapping programs. TrackerCat automates the transformation process while striving to preserve as much forensic data as possible.

While the tool is really just a simple XML-to-XML XSLT transform script (that parses the appropriate formats), you can join the the project to improve its functionality! You can use the project’s Github to show off your own GPS device forensics scripts. Also be sure to check out the PowerPoint here.

Official Github Logo

Click on the Official GitHub logo above for TrackerCat’s reader-friendly GitHub landing page, or go right to the project’s GitHub.

Metadata Extraction of GPX Files

Posted by on July 11, 2013 No comments

To briefly supplement my GPS Device Analysis research, the GPX file itself should have interesting metadata qualities that can help you decide its relevance to your case. For example, I was able to pull the following data out of my GPX file using ExifTool by Phil Harvey:

Gpx Metadata Link Href : http://www.garmin.com
Gpx Metadata Link Text : Garmin International
Gpx Metadata Time : 2013:03:03 19:38:00Z
Gpx Trk Name : ACTIVE LOG: 03 MAR 2013 14:11
Gpx Trk Trkseg Trkpt Lat : 11.111111
Gpx Trk Trkseg Trkpt Lon : -11.111111
Gpx Trk Trkseg Trkpt Ele : 143.85
Gpx Trk Trkseg Trkpt Time : 2013:03:03 19:35:50Z
Gpx Trk Trkseg Trkpt Extensions Track Point Extension Speed: 8.24
Gpx Trk Trkseg Trkpt Extensions Track Point Extension Course: 292.24

This provides yet another quick way of determining whether the GPX’s last Active Log corresponds with your working timeline.

Research: GPS Device Analysis

Posted by on July 9, 2013 No comments

After much work, I’ve released my research covering the analysis of a Garmin Nuvi 1490 GPS device.

There’s not a lot of accurate information out there on GPS forensics. What you typically find is that some sites have information on only a select number of GPS devices, and that information is extremely shallow at best. The other end of the equation is companies selling their services. Seeing the need for a clear, free and open forensic report, I conducted the research and published it on my site free of charge.

The goal of this paper is meant to aide in providing meaningful analysis for one of the most popular Garmin devices. This particular model was sold heavily through the U.S. wholesaler Costco a few years ago and has been a GPS of choice for many casual users since then. It also uses industry adopted GPX file standard to store Track data which is of significant importance to GPS forensics.

Such skills are absolutely essential whether you work for law enforcement, military or in the private sector. I hope that my small contribution can help. Expect more research papers in the future.

Please click here for the research paper: Research: GPS Device Analysis