Difference between pages ".XRY" and "Global Positioning System"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Update for 2012)
 
(Forensics)
 
Line 1: Line 1:
{{Infobox_Software |
+
The '''Global Positioning System''' ('''GPS''') is a satellite navigation system.
  name = XRY |
+
  maintainer = [[Micro Systemation]] |
+
  os = {{Windows}} |
+
  genre = {{Mobile forensics}} |
+
  license = {{Commercial}} |
+
  website = [http://www.msab.com www.msab.com] |
+
}}
+
  
'''XRY''', pronounced "ex-arr-why", is a forensic system specifically designed for analyzing mobile digital devices written by [[Micro Systemation]]. The software is designed to run on a Windows computer and will retrieve information from mobile devices for immediate display of the results or files can be saved for later analysis. At the time of writing support levels included smartphones, gps units and mobile tablets such as the iPad.
+
== Forensics ==
  
== Overview ==
+
There are several places where GPS information can found. It can be very useful for forensic investigations in certain situations. GPS devices have expanded their capabilites and features as the technology has improved. Some of the most popular GPS devices today are made by [http://www.TomTom.com TomTom]. Some of the other GPS manufacturors include [http://www.garmin.com Garmin] and [http://www.magellangps.com Magellan].
XRY comes complete as a package containing both hardware and software to read the device information. XRY currently includes the following hardware in the package; XRY Communications Unit, SIM Card Reader, Clone SIM Cards, Write-Protected Memory Card Reader & Complete set of Cables.  
+
  
The hardware is connected to a Windows computer using a USB cable and is capable of displaying immediate results from the device extraction.  
+
[http://www.cortextech.com/tomtom910.jpg Picture of TomTom910]
  
The software can grab phone book information, SMS and other text messages, MMS, call lists, calendar entries, task items, pictures, media files, and SIM card information. XRY also retrieves a lot of information about the phone itself, such as IMEI/ESN, IMSI, model no., matching between the clock in the telephone and the computer, etc. The latest version includes support for some smartphone applications such as Facebook, Myspace, Skype and Gmail.
+
TomTom provides a wide range of devices for biking, hiking, and car navigation. Depending on the capabilities of the model, several different types of digital evidence can be located on these devices. For instance, the [http://www.tomtom.com/products/product.php?ID=212&Category=0&Lid=1 TomTom 910] is basically a 20GB external harddrive. This model can be docked with a personal computer via a USB cable or through the use of Bluetooth technology. The listed features include the ability to store pictures, play MP3 music files, and connect to certain cell phones via bluetooth technology. Data commonly found on cell phones could easily be found on the TomTom910. Via the Bluetooth, the TomTom can transfer the entire contact list from your phone. The GPS unit also records your call logs and SMS messages. Research needs to be done to see if the TomTom stores actual trips conducted with the unit. This would include routes, times, and travel speeds.  
  
The system generates an encrypted file called .XRY which contains a copy of all the information retrieved from the phone. The company also licences customers to free issue their XRY Reader application so these secure encrypted files can be read by authorized third parties.
+
The TomTom unit connects to a computer via a USB base station. An examiner should be able to acquire the image of the harddrive through a USB write blocker. If not, it may be necessary to remove the hard drive from the unit.  
  
One difference with XRY is that the software allows for the extraction of up to 3 different mobile devices simultaneously on the same computer from a single license key.
+
TomTom models such the TomTom One Regional, TomTom Europe, Go 510, Go 710 and the Go 720 store map data, favourites, and recent destinations on a removable SD card.  This allows the forensic examiner to remove the SD card and make a backup with a write blocked SD card reader.  The most important file for the forensic examiner will be the CFG file that is held in the map data directory.  This holds a list of all recent destinations that the user has entered into the device.  The information is held in a hex file and stores the represents grid coordinates of these locations.
  
== Supported devices ==
+
Certain TomTom models (Go 510, Go 910, Go 920 etc.) allow the user to pair their mobile phone to the device so they can use the TomTom as a hands free kit.  If the user has paired their phone to the TomTom device, then the TomTom will store the Bluetooth MAC ID for up to five phones, erasing the oldest if a sixth phone is paired. Depending on the phone model paired with the TomTom, there may also be Call lists, contacts and text messages (sent & received) stored in the device too. Automated forensic analysis for TomTom GPS units is possible with software from Digivence - Forensic Analyser - TomTom Edition.  [http://www.digivence.com/SCREEN%20OPTIMISED%20REPORT%20-%20Demo%2011072007%20163219.htm Sample Report]
The tool supports more than 5,000 different mobile device profiles including [[GSM]], [[UMTS]], [[CDMA]] and iDEN phones. SIM cards are supported as well. Smartphones such as Android, BlackBerry, iPhone, Symbian and Windows Mobile are also supported.  
+
 
 +
=== Digital Camera Images with GPS Information ===
  
XRY is one of a limited number of mobile forensic products which also offers Physical Extraction capabilities on devices to gain access to potentially more information from a device, including deleted data.
+
Some recent digital cameras have built-in GPS receivers (or external modules you can connect to the camera). This makes it possible for the camera to record where extactly a photo was taken. This positioning information (latitude, longitude) can be stored in the [[Exif]] [[metadata]] header of [[JPEG]] files. Tools such as [[jhead]] can display the GPS information in the [[Exif]] headers.
  
 +
=== Cell Phones with GPS ===
  
== XRY Reader ==
+
Some recent cell phones (e.g. a [http://wiki.openezx.org Motorola EZX phone] such as the Motorola A780) have a built-in GPS receiver and navigation software. This software might record the paths travelled (and the date/time), which can be very useful in forensic investigations.
XRY creates a report containing the user's own logotype, address, etc. and the basic required information. The generated report can either be printed out, exported in whole or in part, or forwarded electronically with .XRY Reader which is distributed for free. A search function simplifies the task of searching for a particular name/number or some other type of text.
+
  
== External Links ==  
+
== External Links ==
* [http://www.msab.com/ Official web site]
+
 
* [http://en.wikipedia.org/wiki/.XRY Wikipedia]
+
* [http://en.wikipedia.org/wiki/Global_Positioning_System Wikipedia: GPS]
 +
 
 +
 
 +
* [http://www.digivence.com Digivence: TomTom Forensic Analyser]

Revision as of 08:50, 17 October 2007

The Global Positioning System (GPS) is a satellite navigation system.

Forensics

There are several places where GPS information can found. It can be very useful for forensic investigations in certain situations. GPS devices have expanded their capabilites and features as the technology has improved. Some of the most popular GPS devices today are made by TomTom. Some of the other GPS manufacturors include Garmin and Magellan.

Picture of TomTom910

TomTom provides a wide range of devices for biking, hiking, and car navigation. Depending on the capabilities of the model, several different types of digital evidence can be located on these devices. For instance, the TomTom 910 is basically a 20GB external harddrive. This model can be docked with a personal computer via a USB cable or through the use of Bluetooth technology. The listed features include the ability to store pictures, play MP3 music files, and connect to certain cell phones via bluetooth technology. Data commonly found on cell phones could easily be found on the TomTom910. Via the Bluetooth, the TomTom can transfer the entire contact list from your phone. The GPS unit also records your call logs and SMS messages. Research needs to be done to see if the TomTom stores actual trips conducted with the unit. This would include routes, times, and travel speeds.

The TomTom unit connects to a computer via a USB base station. An examiner should be able to acquire the image of the harddrive through a USB write blocker. If not, it may be necessary to remove the hard drive from the unit.

TomTom models such the TomTom One Regional, TomTom Europe, Go 510, Go 710 and the Go 720 store map data, favourites, and recent destinations on a removable SD card. This allows the forensic examiner to remove the SD card and make a backup with a write blocked SD card reader. The most important file for the forensic examiner will be the CFG file that is held in the map data directory. This holds a list of all recent destinations that the user has entered into the device. The information is held in a hex file and stores the represents grid coordinates of these locations.

Certain TomTom models (Go 510, Go 910, Go 920 etc.) allow the user to pair their mobile phone to the device so they can use the TomTom as a hands free kit. If the user has paired their phone to the TomTom device, then the TomTom will store the Bluetooth MAC ID for up to five phones, erasing the oldest if a sixth phone is paired. Depending on the phone model paired with the TomTom, there may also be Call lists, contacts and text messages (sent & received) stored in the device too. Automated forensic analysis for TomTom GPS units is possible with software from Digivence - Forensic Analyser - TomTom Edition. Sample Report

Digital Camera Images with GPS Information

Some recent digital cameras have built-in GPS receivers (or external modules you can connect to the camera). This makes it possible for the camera to record where extactly a photo was taken. This positioning information (latitude, longitude) can be stored in the Exif metadata header of JPEG files. Tools such as jhead can display the GPS information in the Exif headers.

Cell Phones with GPS

Some recent cell phones (e.g. a Motorola EZX phone such as the Motorola A780) have a built-in GPS receiver and navigation software. This software might record the paths travelled (and the date/time), which can be very useful in forensic investigations.

External Links