Difference between pages "Tools:Data Recovery" and "Global Positioning System"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m
 
m (External Links)
 
Line 1: Line 1:
{{Wikify}}
+
The '''Global Positioning System''' ('''GPS''') is a satellite navigation system.
  
<div style="margin-top:0.5em; border:2px solid #ff0000; padding:0.5em 0.5em 0.5em 0.5em; background-color:#dddddd; align:center;">
+
== Forensics ==
'''Note:''' We're trying to use the same [[tool template]] for all devices. Please use this if possible.
+
</div>
+
  
= Partition Recovery =
+
There are several places where GPS information can found. It can be very useful for forensic investigations in certain situations. GPS devices have expanded their capabilites and features as the technology has improved. Some of the most popular GPS devices today are made by [http://www.TomTom.com TomTom]. Some of the other GPS manufacturors include [http://www.garmin.com Garmin] and [http://www.magellangps.com Magellan].
  
; [[Partition Table Doctor]]
+
[http://www.cortextech.com/tomtom910.jpg Picture of TomTom910]
: http://www.ptdd.com/index.htm
+
  
; [[parted]]
+
TomTom provides a wide range of devices for biking, hiking, and car navigation. Depending on the capabilities of the model, several different types of digital evidence can be located on these devices. For instance, the [http://www.tomtom.com/products/product.php?ID=212&Category=0&Lid=1 TomTom 910] is basically a 20GB external harddrive. This model can be docked with a personal computer via a USB cable or through the use of Bluetooth technology. The listed features include the ability to store pictures, play MP3 music files, and connect to certain cell phones via bluetooth technology. Data commonly found on cell phones could easily be found on the TomTom910. Via the Bluetooth, the TomTom can transfer the entire contact list from your phone. The GPS unit also records your call logs and SMS messages. Research needs to be done to see if the TomTom stores actual trips conducted with the unit. This would include routes, times, and travel speeds.  
: The Linux partition management tool.
+
  
; [[Active Partition Recovery]]
+
The TomTom unit connects to a computer via a USB base station. An examiner should be able to acquire the image of the harddrive through a USB write blocker. If not, it may be necessary to remove the hard drive from the unit.  
: ...
+
  
; [[gpart]]
+
=== Digital Camera Images with GPS Information ===
: http://www.stud.uni-hannover.de/user/76201/gpart/
+
  
; [[Testdisk]]
+
Some recent digital cameras have built-in GPS receivers (or external modules you can connect to the camera). This makes it possible for the camera to record where extactly a photo was taken. This positioning information (latitude, longitude) can be stored in the [[Exif]] [[metadata]] header of [[JPEG]] files. Tools such as [[jhead]] can display the GPS information in the [[Exif]] headers.
: http://www.cgsecurity.org/wiki/TestDisk
+
  
== See Also ==
+
=== Cell Phones with GPS ===
  
* [http://support.microsoft.com/?kbid=166997 Using Norton Disk Edit to Backup Your Master Boot Record]
+
Some recent cell phones (e.g. a [http://wiki.openezx.org Motorola EZX phone] such as the Motorola A780) have a built-in GPS receiver and navigation software. This software might record the paths travelled (and the date/time), which can be very useful in forensic investigations.
  
== Notes ==
+
== External Links ==
  
* "fdisk /mbr" restores the boot code in the [[MBR]], but not the partition itself.
+
* [http://en.wikipedia.org/wiki/Global_Positioning_System Wikipedia: GPS]
= Data Recovery =
+
  
; [[BringBack]]
 
: http://www.toolsthatwork.com/
 
: BringBack offers easy to use, inexpensive, and highly successful data recovery for Windows and Linux (ext2) operating systems and digital images stored on memory cards, etc.
 
  
; [[ByteBack Data Recovery Investigative Suite v4.0]]
+
* [http://www.digivence.com Digivence: TomTom Forensic Analyser]
: http://www.toolsthatwork.com
+
: Now with UDMA, ATA & SATA support, memory management and greater ease and control of partition and MBR manipulations, ByteBack continues to uphold it's viability as the computer forensics and recovery application of professionals.
+
 
+
; [[RAID Reconstructor]]
+
: http://www.runtime.org/raid.htm
+
: Runtime Software's RAID Reconstructor will reconstruct [[RAID Level 0]] (Striping) and [[RAID Level 5]] drives.
+
 
+
; [[Salvation Data]]
+
: http://www.salvationdata.com
+
: Claims to have a program that can read the "[[bad blocks]]" of [[Maxtor]] drives with proprietary commands.
+

Revision as of 08:28, 17 October 2007

The Global Positioning System (GPS) is a satellite navigation system.

Contents

Forensics

There are several places where GPS information can found. It can be very useful for forensic investigations in certain situations. GPS devices have expanded their capabilites and features as the technology has improved. Some of the most popular GPS devices today are made by TomTom. Some of the other GPS manufacturors include Garmin and Magellan.

Picture of TomTom910

TomTom provides a wide range of devices for biking, hiking, and car navigation. Depending on the capabilities of the model, several different types of digital evidence can be located on these devices. For instance, the TomTom 910 is basically a 20GB external harddrive. This model can be docked with a personal computer via a USB cable or through the use of Bluetooth technology. The listed features include the ability to store pictures, play MP3 music files, and connect to certain cell phones via bluetooth technology. Data commonly found on cell phones could easily be found on the TomTom910. Via the Bluetooth, the TomTom can transfer the entire contact list from your phone. The GPS unit also records your call logs and SMS messages. Research needs to be done to see if the TomTom stores actual trips conducted with the unit. This would include routes, times, and travel speeds.

The TomTom unit connects to a computer via a USB base station. An examiner should be able to acquire the image of the harddrive through a USB write blocker. If not, it may be necessary to remove the hard drive from the unit.

Digital Camera Images with GPS Information

Some recent digital cameras have built-in GPS receivers (or external modules you can connect to the camera). This makes it possible for the camera to record where extactly a photo was taken. This positioning information (latitude, longitude) can be stored in the Exif metadata header of JPEG files. Tools such as jhead can display the GPS information in the Exif headers.

Cell Phones with GPS

Some recent cell phones (e.g. a Motorola EZX phone such as the Motorola A780) have a built-in GPS receiver and navigation software. This software might record the paths travelled (and the date/time), which can be very useful in forensic investigations.

External Links