The document discusses analyzing GPS data from devices forensically. It provides examples of examining GPS data from devices like Garmin, TomTom, and Magellan using EnCase forensic software. Key information that can be extracted includes travel paths, trackpoints, waypoints, routes, saved locations, photos/videos, and other location-related data. The document demonstrates how to acquire the devices, extract relevant files, and view the data in tools like Google Earth to analyze travel histories and locations of interest.
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
Mobile forensics is a branch of digital forensics. Simply, it is a science of recovering different kinds of evidence from mobile phones. It helps investigators significantly to reach to the criminal.
Forensics analysis and validation: Determining what data to collect and analyze, validating forensic data, addressing data-hiding techniques, performing remote acquisitions Network Forensics: Network forensics overview, performing live acquisitions, developing standard procedures for network forensics, using network tools, examining the honeynet project.
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
Mobile forensics is a branch of digital forensics. Simply, it is a science of recovering different kinds of evidence from mobile phones. It helps investigators significantly to reach to the criminal.
Forensics analysis and validation: Determining what data to collect and analyze, validating forensic data, addressing data-hiding techniques, performing remote acquisitions Network Forensics: Network forensics overview, performing live acquisitions, developing standard procedures for network forensics, using network tools, examining the honeynet project.
Get familier with basic Maltego features. It is great tool for information gathering. Learn about the reconnaissance using Maltego and visualize the result. You can integrate tools like nmap with it.
This presentation provides an introduction to the Data hiding or Steganography topic, it also shows the types of Steganography, advantages and the related applications.
Working with Windows and DOS Systems: understanding file systems, exploring Microsoft File Structures, Examining NTFS disks, Understanding whole disk encryption, windows registry, Microsoft startup tasks, MS-DOS startup tasks, virtual machines
EDINA webinar delivered 24 October 2012. Introduces the map data and services available in Digimap's Ordnance Survey Collection, a subscription service for UK further education and higher education.
Get familier with basic Maltego features. It is great tool for information gathering. Learn about the reconnaissance using Maltego and visualize the result. You can integrate tools like nmap with it.
This presentation provides an introduction to the Data hiding or Steganography topic, it also shows the types of Steganography, advantages and the related applications.
Working with Windows and DOS Systems: understanding file systems, exploring Microsoft File Structures, Examining NTFS disks, Understanding whole disk encryption, windows registry, Microsoft startup tasks, MS-DOS startup tasks, virtual machines
EDINA webinar delivered 24 October 2012. Introduces the map data and services available in Digimap's Ordnance Survey Collection, a subscription service for UK further education and higher education.
40 min presentation to the Map Curators Workshop 2013 held in Hothorpe Hall. The presentation looks at how EDINA has used the knowledge fro running web based mapping services for 15 years to develop a new mobile mapping app. The focus is on "knowing your users" and ensuring that you fulfill their needs.
GIS educators often don’t get the opportunity to work on “real” research projects or gain day-to-day experience with geospatial technology. In order to stay on top of an ever-changing industry, sometimes they have to get creative. In this instructional, and hopefully entertaining demonstration, presenter Elizabeth Tulanowski will show how Collector for ArcGIS was used to capture her path around a racetrack, and how the data was processed to calculate lap time and speed. Data setup including schema design, and accuracy considerations will also be discussed.
Geopaparazzi: Never Out of Data in the Field
The workshop is dedicated to professionals that needs to collect data from the field and use this information to update or create GIS data, but also to OpenStreetMappers as well as tourists that want to keep a geo-diary. Geopaparazzi is a mobile application for digital field mapping for Android devices developed to support the work of the technicians in the field offering a mapping environment with real time GPS position and a form for structured data collection. The application is easy to use, intuitive and provides just few important functionalities to be used in the field, as for example register GPS tracks and take georeferenced notes and pictures with the possibility to work also off line. The main features available in Geopaparazzi are: - taking georeferenced notes: texts, pictures, sketches and forms - logging GPS tracks - browsing and navigation of the maps and the available data - easy export of the collected data - simple preparation of custom background data. The map view shows the GPS position on the reference background data with the possibility to pan and zoom. From the map view it is possible to add and manage notes and bookmarks and measure distances. Notes and bookmarks can be added directly to the map either in the GPS position or in the center of the map. From a dedicated list view it is possible to visualize, zoom and edit each note. Background data can be personalized using available local data or on-line services with the possibility to use vector offline Mapsforge basemaps, Mbtiles offline databases, TMS (online and offline tiles) and WMS services. Geopaparazzi supports personalized complex forms with combo and check boxes, text fields (that can be constrained to number or string type), pictures (taken using the mobile internal camera) and sketches organized over multiple tabs. The workshop starts with an introduction of the application, installation and main features. Then a short section will be dedicated to the preparation of the input data: background maps and vector layers. Following these sections there is a practical testing of Geopaparazzi outdoor in the field. The last section, back in the room, is dedicated to the export of the collected data to be visualized or used in other GIS environments.
Aimed at touring cyclists. Looks at how to how to prepare a route and navigate during the ride, log your route and the hardware and software you will need. The examples use a iPhone, but most of the software is available for Android.
The main goal of this presentation is how to do research in particular field of engineering. For an example this presentation describes design of Vehicle tracking and monitoring system. So how to do research in particular field by referring standard IEEE papers is described in this presentation.
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Damir Delija
Sažetak - U ovom radu razmatramo načine kontinuiranog uvođenje novih sadržaja u predmete s područja kibernetičke sigurnosti. Kao primjer navodimo „Osnove računalne forenzike“ u koji se novi sadržaji uvode korištenjem studentskih praktičnih i teoretskih radova, ideje za radove predlažu studenti i predavači. Predloženi postupak se sastoji iz testiranja kroz studentski rad, te ugradnje rezultata u nastavne materijale. Da bi se studentski rad uspješno koristio mora zadovoljiti niz zahtjeva: prilagođenost stupnju znanja studenta i raspoloživoj opremi, raspoloživost alata i sustava, jednostavna implementacija i prenosivost, upotreba alata otvorenog koda i slobodnih alata, te minimalna cijena.
Draft current state of digital forensic and data science Damir Delija
In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
One of draft versios of "Concepts and Methodology in Mobile Devices Digital Forensics Education and Training",
Abstract - This paper presents various issues in digital forensics of mobile devices and how to address these issues in the related education and training process. Mobile devices forensics is a new, very fast developing field which lacks standardization, compatibility, tools, methods and skills. All this drawbacks have impact on the results of forensic process and also have deep influence in training and education process. In this paper real life experience in training is presented, with tools, devices, procedures and organization with purpose to improve process of mobile devices forensics and mobile forensic training and education
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
2. What we will talk about
• GPS
– how to acquire evidence
– where we can find GPS (device or just functionality)
• What we can find on a GPS
– What tools and procedures to use ?
• Examples in EnCase: Magellan, TomTom, Exif
data ..
– examples slides are here as help/idea for practitioners
Page 2
3. Sources
• Materials are compilation of various sources
– Celebrite “Portable GPS Forensic”
http://www.cellebrite.com/gps.html
– “GPS Device Acquisition and Examination”, CEIC
2012 by Nathen Langfeldt, Guidance Software, Inc
– “Forenzika GPS uređaja”, Filip
Baričevid, DATAFOCUS 2012
GPS Device Acquisition and Examination Page 3
4. GPS
• GPS -Global Positioning System
• http://en.wikipedia.org/wiki/Global_Positioni
ng_System
• Not only GPS, but other systems
Russia, China, India, EU ..
Page 4
5. GPS embedded in another device
• Mobiles / smartphones
• Tablets – PC’s
• car, robots (?)
• Usually direct connection to Internet and live
map access
Page 5
6. GPS standalone devices
• Garmin
• Magellan
• MIO
• TomTom
• Maps are prepared and sold by vendor
• Maybe small vendors will go extinct
7. Forensic tools and GPS
• Today all commercial tool have support GPS data
extraction, level can vary, depends on model,
encryption...
• Idea is to get out geolocation data and put in on the
map, also and all other available data from device
– location data can be obtained from other sources too
• There is a BIG difference among mobile device forensic
tools and general purpose forensic tools
Page 7
8. Forensic Tool Examples
• EnCase - general purpose forensic tool
– support for geolocation data extracted from evidence as part of smartphone support
module
– support for standalone device as disk image and enscripts to extract data
• UFED ultimate / UFED physical analyzer - mobile device forensic tool
– support only for geolocation data extracted from evidence as part of smartphone
support (some magic can be done too)
– support for standalone device but in a way as mobile phones or smartphones
– support for encrypted logs and data on some standalone devices (tom-tom)
– python scripts for additional processing
• It is almost impossible to mix results of both tools ....
– it takes a lot of effort
– there is no standardization (like E01 format in traditional digital forensic)
Page 8
9. GPS information
1. travel path
2. trackpoints (coordinates)
3. waypoints (coordinates and names)
4. route (list of waypoint)
5. saved locations
6. video, pictures
7. all other available data from device related to
locations / positions
Page 9
10. Example Tom-Tom data
• *.cfg – locations.
• ttgo.bif, ttnavigator.bif –
general info on
device, S/N, model ...
• password (encrypted)
• settings.dat – IDs, user data
...
• triplog files – encrypted files
– user route data
Page 10
11. GPS seizure
• Device seizure is the first step and can be difficult
• These devices send and receive signals when
powered on – precautions need to be taken
• How do you stop a GPS from updating its location?
− If possible, a Faraday bag
• What if a Faraday bag is not available???
• Once the device is protected, what next?
• Page 11
Page 11
12. What is needed for acquisition
• Once the device has been seized, the next
logical step is to acquire the device.
• The following is a list of tools that could be
important:
• USB cable to connect the device to an
acquisition machine/tool
• Faraday bag (as mentioned previously)
• write blocker (either software or hardware
will be acceptable)
• Card reader (optional)
Page 12
Page 12
13. Examples
• ENCase details in CEIC 2012 “GPS Device
Acquisition and Examination”
– EnCase and Garmin
– EnCase and TomTom
– Encase and Magellan
– Encase and Exif data
Master Title Page 13
Page 13
14. EnCase and TomTom/Garmin
• Encase can acquire Garmin and TomTom GPS devices
trough the use of a write-block device
Note:
• If a media card is in use by the
GPS device, the card must be
removed and imaged separately.
If it is not removed, the media
card may be the only thing that
shows up during a preview
Page 14
Page 14
15. EnCase and Magellan
• Similarly to Garmin or TomTom, acquisition of a
Magellan GPS device can be accomplished by
using a write-block device and a forensic
acquisition tool (EnCase)
• Some Magellan's may not be imaged in this
fashion
• The only solution may be to use a backup of the
device on a media card supported by the device
• Or to use another tool like UFED .
Page 15
Page 15
16. Garmin device examination through EnCase
More can be done for Garmin .gpx...
• Aside from viewing the .gpx file within EnCase or an XML
browser, the file can be viewed in Google Earth.
• This can be accomplished one of two ways:
− Bring the .gpx file out of EnCase
and use a website to convert the
file to KML
− This site is used for the
conversion:
http://www.gpsvisualizer.com/map_input?form=googleearth
Page 16
Page 16
18. EnCase Garmin examination
• Click the “create KML”
button
• A new page will be loaded
• The KML file can then be
downloaded
Page 18
Page 18
19. EnCase Garmin examination
• With the KML file
brought into Google
Earth, we can begin
the examination.
• When it is brought
in, the data will show
up under Temporary
Places.
Page 19
Page 19
20. EnCase Garmin examination
• The data is broken down into two main pieces:
− Waypoints
− Tracks
• Waypoints contains data like address book entries
• Tracks can contain data from recent routes that were
traveled
Page 20
Page 20
22. EnCase Garmin examination
• The other option is to bring the KML
file straight into Google Earth
• If this option is used, you will be
presented with three options.
• “Create KML LineStrings” is
unchecked by default
− It is recommended
that this be
checked
Page 22
Page 22
23. EnCase Garmin examination
• In summary, Garmin GPS devices are
super easy to examine and can be the
most fruitful
• The data is easy to access and should
not be overlooked
• Some upcoming challenges:
− Who uses a portable GPS device?
− Garmin now has multiple apps
available for download
Page 23
Page 23
24. EnCase TomTom examination
• TomTom GPS devices have been
around for some time and are
widely used
• The examination of these devices
is a bit different
• TomTom GPS devices can in some
ways store more info than Garmin
Page 24
Page 24
25. EnCase TomTom examination
• With TomTom GPS devices, a few
files will be of interest to us
• To start, we can look at the
CurrentMap.dat
• In this example the file is sitting
at the root of the device
• This will give the name of the
map that is currently in use
• As you can see in the
example, “North_America_2GB”
is the name of the map being
used Page 25
Page 25
26. EnCase TomTom examination
• In summary, TomTom GPS can be examined
through the use of an EnScript module or
third-party tools
• If trip logs are present, a request could be
made to TomTom in an attempt to get the
logs decrypted (or trough UFED tools)
• Some upcoming challenges:
− Who uses a portable
GPS device?
− TomTom now has
multiple apps available
for download
Page 26
Page 26
27. EnCase Magellan examination
• Magellan devices can be more difficult in
part because of the the acquisition
process
• Some Magellan devices may not be able
to be acquired at the physical level
• In those cases it might be possible to
create a backup through the device
directly to an SD card
• The SD card containing the backup can
then be acquired
Page 27
Page 27
28. EnCase Magellan examination
• In summary, Magellan GPS devices are
the most difficult to examine due to the
limited information available
• Though third-party tools are
available, their ability to parse data may
be limited by the actual models
supported
• Some upcoming challenges:
− Who uses a portable
GPS device?
− Magellan now has
multiple apps
available for
download
Page 28
Page 28
29. Examination of EXIF GPS Data
• The examination of EXIF GPS
can be made simple
• This data can be extracted
and made invaluable through
the use of various third-party
tools or an EnScript program
• The “Exif GPS Information
Reader” EnScript module will
be used here
The images used here were taken with a BlackBerry
Page 29
Page 29
30. Examination of EXIF GPS Data
• The exported KML file can
be viewed in Google Earth
Page 30
Page 30
31. Conclusion ?
• It is wild area
• in developement, new models, new features,
encryption, applications od devices
• legal issuses
• a lot to learn
Master Title Page 31
Page 31