Difference between pages "Upcoming events" and "Global Positioning System"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Addition of DEASTP/SCERS training classes for October 2007.)
 
(External Links)
 
Line 1: Line 1:
Here is a BY DATE listing of '''upcoming conferences and training events''' that pertain to [[digital forensics]]. Some of these duplicate the generic [[conferences]], but have specific dates/locations for the upcoming conference/training event.
+
The '''Global Positioning System''' ('''GPS''') is a satellite navigation system.
  
<b> The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv</b>
+
== Forensics ==
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
<b> Any requests for additions, deletions or corrections to this list should be sent by email to David Baker <i>(bakerd AT mitre.org)</i>. </b>
+
  
== Calls For Papers ==
+
There are several places where GPS information can found. It can be very useful for forensic investigations in certain situations. GPS devices have expanded their capabilites and features as the technology has improved. Some of the most popular GPS devices today are made by [http://www.TomTom.com TomTom]. Some of the other GPS manufacturors include [http://www.garmin.com Garmin] and [http://www.magellangps.com Magellan].
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Due Date
+
! Website
+
|-
+
|DFRWS 2007 File Carving Challenge
+
|Jul 09, 2007
+
|http://www.dfrws.org/2007/challenge/submission.html
+
|-
+
|American Academy of Forensic Sciences 2008 Annual Meeting
+
|Aug 01, 2007
+
|http://www.aafs.org/abstracts/your_online_presentation_submiss.htm
+
|-
+
|Digital Forensic Forum Prague 2007
+
|Aug 31, 2007
+
|http://www.dff-prague.com/News/article/sid=17.html
+
|}
+
  
== Conferences ==
+
[http://www.cortextech.com/tomtom910.jpg Picture of TomTom910]
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location
+
! Website
+
|-
+
|Computer Security Institute NetSec '07
+
|Jun 11-13, Scottsdale, AZ
+
|http://www.gocsi.com/netsec/
+
|-
+
|2007 USENIX Annual Technical Conference
+
|Jun 17-22, Santa Clara, CA
+
|http://www.usenix.org/events/
+
|-
+
|Third Government Forum of Incident Response and Security Teams Conference
+
|Jun 25-29, Orlando, FL
+
|http://www.us-cert.gov/GFIRST/index.html
+
|-
+
|First International Workshop on Cyber-Fraud
+
|Jul 01-06, San Jose, CA
+
|http://www.iaria.org/conferences2007/CYBERFRAUD.html
+
|-
+
|Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2007
+
|Jul 12-13, Lucerne, Switzerland
+
|http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/dimva/
+
|-
+
|BlackHat Briefings
+
|Jul 28-Aug 02, Las Vegas, NV
+
|http://www.blackhat.com/html/bh-link/briefings.html
+
|-
+
|DefCon
+
|Aug 03-05, Las Vegas, NV
+
|http://www.defcon.org/
+
|-
+
|16th USENIX Security Symposium
+
|Aug 06-10, Boston, MA
+
|http://www.usenix.org/events/
+
|-
+
|GMU 2007 Symposium
+
|Aug 06-10, George Mason University, Fairfax, VA
+
|http://www.rcfg.org
+
|-
+
|[[Digital Forensic Research Workshop|Digital Forensic Research Workshop 2007]]
+
|Aug 13-15, Pittsburgh, PA
+
|http://www.dfrws.org/2007/index.html
+
|-
+
|HTCIA 2007 International Training Conference & Exposition
+
|Aug 27-29, San Diego, CA
+
|http://www.htcia-sd.org/htcia2007.html
+
|-
+
|Recent Advances in Intrusion Detection (RAID) 2007
+
|Sep 05-07, Gold Coast, Queensland, Australia
+
|http://www.isi.qut.edu.au/events/conferences/raid07
+
|-
+
|14th International Conference on Image Analysis and Processing (ICIAP 2007)
+
|Sep 10-14, Modena, Italy
+
|http://www.iciap2007.org
+
|-
+
|3rd International Conference on IT-Incident Management & IT-Forensics
+
|Sep 11-12, Stuttgart, Germany
+
|http://www.imf-conference.org/
+
|-
+
|Black and White Ball
+
|Sep 25-28, London, UK
+
|http://www.theblackandwhiteball.co.uk/
+
|-
+
|Wisconsin Association of Computer Crimes Investigators/Forensic Association of Computer Technologists
+
|Sep 26-28, Milwaukee, WI
+
|http://www.byteoutofcrime.org
+
|-
+
|BlackHat Japan - Briefings
+
|Oct 23-26, Tokyo, Japan
+
|http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
+
|-
+
|Global Conference on Economic and High-Tech Crime (NW3C Membership Required)
+
|Oct 24-26, Crystal City, VA
+
|https://conference.nw3c.org/index.cfm
+
|-
+
|Techno-Forensics Conference
+
|Oct 29 - 31, Rockville, MD
+
|http://www.techsec.com/html/TechnoForensics2007.html
+
|-
+
|DeepSec IDSC
+
|Nov 22-24, Vienna, Austria
+
|http://deepsec.net/
+
|-
+
|Digital Forensic Forum Prague 2007
+
|Nov 26-27, Prague, Czech Republic
+
|http://www.dff-prague.com/
+
|-
+
|DoD Cyber Crime Conference 2008
+
|Jan 13-18 2008, St. Louis, MO
+
|http://www.dodcybercrime.com/
+
|-
+
|AAFS Annual Meeting
+
|Feb 18-23 2008, Washington, DC
+
|http://aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
|-
+
|}
+
  
== On-going / Continuous Training ==
+
TomTom provides a wide range of devices for biking, hiking, and car navigation. Depending on the capabilities of the model, several different types of digital evidence can be located on these devices. For instance, the [http://www.tomtom.com/products/product.php?ID=212&Category=0&Lid=1 TomTom 910] is basically a 20GB external harddrive. This model can be docked with a personal computer via a USB cable or through the use of Bluetooth technology. The listed features include the ability to store pictures, play MP3 music files, and connect to certain cell phones via bluetooth technology. Data commonly found on cell phones could easily be found on the TomTom910. Via the Bluetooth, the TomTom can transfer the entire contact list from your phone. The GPS unit also records your call logs and SMS messages. Research needs to be done to see if the TomTom stores actual trips conducted with the unit. This would include routes, times, and travel speeds.  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location or Venue
+
! Website
+
|-
+
|Basic Computer Examiner Course
+
|Computer Forensic Training Online
+
|http://www.cftco.com
+
|-
+
|MaresWare Suite Training
+
|First full week every month, Atlanta, GA
+
|http://www.maresware.com/maresware/training/maresware.htm
+
|-
+
|Linux Data Forensics Training
+
|Distance Learning Format
+
|http://www.crazytrain.com/training.html
+
|-
+
|Evidence Recovery for Windows Vista&trade;
+
|First full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for Windows Server&reg; 2003 R2
+
|Second full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for the Windows XP&trade; operating system
+
|Third full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|}
+
  
== Scheduled Training Courses ==
+
The TomTom unit connects to a computer via a USB base station. An examiner should be able to acquire the image of the harddrive through a USB write blocker. If not, it may be necessary to remove the hard drive from the unit.  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
 
|- style="background:#bfbfbf; font-weight: bold"
+
TomTom models such the TomTom One Regional, TomTom Europe, Go 510, Go 710 and the Go 720 store map data, favourites, and recent destinations on a removable SD card. This allows the forensic examiner to remove the SD card and make a backup with a write blocked SD card reader. The most important file for the forensic examiner will be the CFG file that is held in the map data directory. This holds a list of all recent destinations that the user has entered into the device. The information is held in a hex file and stores the represents grid coordinates of these locations.
! Title
+
 
! Date/Location
+
Certain TomTom models (Go 510, Go 910, Go 920 etc.) allow the user to pair their mobile phone to the device so they can use the TomTom as a hands free kit. If the user has paired their phone to the TomTom device, then the TomTom will store the Bluetooth MAC ID for up to five phones, erasing the oldest if a sixth phone is paired. Depending on the phone model paired with the TomTom, there may also be Call lists, contacts and text messages (sent & received) stored in the device too.  
! Website
+
 
! Limitation
+
Automated forensic analysis for TomTom GPS units is possible with software from Digivence - Forensic Analyser - TomTom Edition.   [http://www.digivence.com/SCREEN%20OPTIMISED%20REPORT%20-%20Demo%2011072007%20163219.htm Sample Report]. Whilst not shown in the example report, call history, contacts, text messages, Bluetooth MAC ID, and unit info is also automatically processed if available.
|-
+
 
|Paraben Handheld Forensic Course
+
=== Digital Camera Images with GPS Information ===
|Jun 18-21, Potomac Falls, VA
+
 
|http://www.paraben-training.com/
+
Some recent digital cameras have built-in GPS receivers (or external modules you can connect to the camera). This makes it possible for the camera to record where extactly a photo was taken. This positioning information (latitude, longitude) can be stored in the [[Exif]] [[metadata]] header of [[JPEG]] files. Tools such as [[jhead]] can display the GPS information in the [[Exif]] headers.
|-
+
 
|AccessData Windows Forensics
+
=== Cell Phones with GPS ===
|Jun 19-21, Dallas, TX
+
 
|http://www.accessdata.com/training
+
Some recent cell phones (e.g. a [http://wiki.openezx.org Motorola EZX phone] such as the Motorola A780) have a built-in GPS receiver and navigation software. This software might record the paths travelled (and the date/time), which can be very useful in forensic investigations.
|-
+
 
|SMART for Linux
+
== External Links ==
|Jul 09-12, Austin, TX
+
 
|http://asrdata.com/training/training2.html
+
* [http://en.wikipedia.org/wiki/Global_Positioning_System Wikipedia: GPS]
|-
+
 
|Cyber Counterterrorism Investigations Training Program (CCITP)
+
 
|Jul 09-13, FLETC, Glynco, GA
+
* [http://www.digivence.com Digivence: TomTom Forensic Analyser]
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
 
|Limited to Law Enforcement
+
 
|-
+
* [http://www.paraben-forensics.com/catalog/product_info.php?cPath=25&products_id=404    Point 2 Point v1.0]
|SMART Windows Data Forensics
+
|Jul 16-18, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Seized Computer Evidence Recovery Specialist (SCERS)
+
|Jul 16-27, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData BootCamp
+
|Jul 17-19, Boise, ID
+
|http://www.accessdata.com/training
+
|-
+
|Paraben Handheld Forensic Course
+
|Jul 23-26, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|AccessData Windows Forensics
+
|Jul 24-26, Albuquerque, NM
+
|http://www.accessdata.com/training
+
|-
+
|Network Forensics and Investigations Workshop
+
|Jul 25-27, Washington, DC
+
|http://www.strozllc.com/trainingcenter/
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Jul 31-Aug 02, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|Paraben Wireless Forensics
+
|Aug 01-03, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|SARC Steganography Examiner Training
+
|Aug 04-05, Fairfax, VA (RCFG/GMU Conference 2007)
+
|http://www.sarc-wv.com/training.aspx
+
|-
+
|SMART for Linux
+
|Aug 06-09, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Introduction to Cyber Crime
+
|Aug 06-08, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|X-Ways Forensics
+
|Aug 06-08, Seattle, WA
+
|http://www.x-ways.net/training/seattle.html
+
|-
+
|Forensics Tools and Techniques
+
|Aug 08-10, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|File Systems Revealed
+
|Aug 09-10, Seattle, WA
+
|http://www.x-ways.net/training/seattle.html
+
|-
+
|Search and Seizure of Computers and Electronic Evidence
+
|Aug 09-10, Oxford, MS
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Paraben Cellular/GPS Signal Analysis
+
|Aug 13-14, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|Computer Network Investigations Training Program (CNITP)
+
|Aug 14-24, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART Linux Data Forensics
+
|Aug 13-15, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Network Forensics and Investigations Workshop
+
|Aug 13-15, Los Angeles, CA
+
|http://www.strozllc.com/trainingcenter/
+
|-
+
|Macintosh Forensic Survival Course
+
|Aug 13-17, Fredricksburg, VA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|AccessData Internet Forensics
+
|Aug 14-16 , Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|Helix Live Forensics and Incident Response Course
+
|Aug 28-30, Tennessee Bureau of Investigations - Nashville, TN
+
|https://www.e-fense.com/register.php
+
|-
+
|Paraben Cellular/GPS Signal Analysis
+
|Aug 30-31, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|SMART for Linux
+
|Sep 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Paraben Handheld Forensic Course
+
|Sep 04-07, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|AccessData BootCamp
+
|Sep 04-06, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Paraben Advanced Cell Phone Forensics
+
|Sep 10-12, San Diego, CA
+
|http://www.paraben-training.com/
+
|-
+
|Paraben E-Discovery: E-mail & Mobile E-mail Devices
+
|Sep 10-14, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Sep 11-13, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData Applied Decryption
+
|Sep 11-13, Dallas, TX
+
|http://www.accessdata.com/training
+
|-
+
|Paraben Advanced SIM Card Forensics
+
|Sep 13-14, San Diego, CA
+
|http://www.paraben-training.com/
+
|-
+
|Enterprise Data Forensics
+
|Sep 17-19, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Paraben Network Incident Response
+
|Sep 17-21, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|Paraben Cellular/GPS Signal Analysis
+
|Sep 20-21, San Diego, CA
+
|http://www.paraben-training.com/
+
|-
+
|Paraben Advanced Cell Phone Forensics
+
|Sep 24-26, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|Introduction to Cyber Crime
+
|Sep 24-26, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Macintosh Forensic Survival Course
+
|Sep 24-28, Santa Ana, CA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|AccessData Applied Decryption
+
|Sep 25-27, Chicago, IL
+
|http://www.accessdata.com/training
+
|-
+
|AccessData BootCamp
+
|Sep 25-27, Solna, SE
+
|http://www.accessdata.com/training
+
|-
+
|Forensics Tools and Techniques
+
|Sep 26-28, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Paraben Advanced SIM Card Forensics
+
|Sep 27-28, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|Search and Seizure of Computers and Electronic Evidence
+
|Oct 29-30, Oxford, MS
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Seized Computer Evidence Recovery Specialist (SCERS)
+
|Oct 29-Nov 9, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|Paraben Wireless Forensics
+
|Oct 01-03, San Diego, CA
+
|http://www.paraben-training.com/
+
|-
+
|SMART for Linux
+
|Oct 01-04, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Paraben Cellular/GPS Signal Analysis
+
|Oct 04-05, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|SMART Windows Data Forensics
+
|Oct 08-10, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Paraben Handheld Forensic Course
+
|Oct 8-11, San Diego, CA
+
|http://www.paraben-training.com/
+
|-
+
|Paraben Handheld Forensic Course
+
|Oct 8-11, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|Paraben Advanced Cell Phone Forensics
+
|Oct 15-17, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|Digital Evidence Acquisition Specialist Training Program (DEASTP)
+
|Oct 15-26, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|Paraben Advanced SIM Card Forensics
+
|Oct 18-19, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|Paraben E-Discovery: E-mail & Mobile E-mail Devices
+
|Oct 15-19, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|X-Ways Forensics
+
|Oct 22-24, Hong Kong
+
|http://www.x-ways.net/training/hong_kong.html
+
|-
+
|File Systems Revealed
+
|Oct 25-26, Hong Kong
+
|http://www.x-ways.net/training/hong_kong.html
+
|-
+
|SARC Steganography Examiner Training
+
|Oct 26 - 27, Gaithersburg, MD (Techno Forensics Conference 2007)
+
|http://www.sarc-wv.com/training.aspx
+
|-
+
|Paraben Handheld Forensic Course
+
|Nov 05-08, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|SMART for Linux
+
|Nov 05-08, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Introduction to Cyber Crime
+
|Nov 05-07, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|AccessData BootCamp
+
|Nov 06-08, Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Nov 06-08, Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|Forensics Tools and Techniques
+
|Nov 07-09, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|SMART Linux Data Forensics
+
|Nov 12-14, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData BootCamp
+
|Nov 13-15, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|SMART for Linux
+
|Dec 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Introduction to Cyber Crime
+
|Dec 03-05, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|AccessData Internet Forensics
+
|Dec 04-06 , Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|Forensics Tools and Techniques
+
|Dec 05-07, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Enterprise Data Forensics
+
|Dec 10-12, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Paraben Advanced Cell Phone Forensics
+
|Dec 17-19, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|Paraben Advanced SIM Card Forensics
+
|Dec 20-21, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|}
+

Revision as of 07:42, 21 April 2008

The Global Positioning System (GPS) is a satellite navigation system.

Forensics

There are several places where GPS information can found. It can be very useful for forensic investigations in certain situations. GPS devices have expanded their capabilites and features as the technology has improved. Some of the most popular GPS devices today are made by TomTom. Some of the other GPS manufacturors include Garmin and Magellan.

Picture of TomTom910

TomTom provides a wide range of devices for biking, hiking, and car navigation. Depending on the capabilities of the model, several different types of digital evidence can be located on these devices. For instance, the TomTom 910 is basically a 20GB external harddrive. This model can be docked with a personal computer via a USB cable or through the use of Bluetooth technology. The listed features include the ability to store pictures, play MP3 music files, and connect to certain cell phones via bluetooth technology. Data commonly found on cell phones could easily be found on the TomTom910. Via the Bluetooth, the TomTom can transfer the entire contact list from your phone. The GPS unit also records your call logs and SMS messages. Research needs to be done to see if the TomTom stores actual trips conducted with the unit. This would include routes, times, and travel speeds.

The TomTom unit connects to a computer via a USB base station. An examiner should be able to acquire the image of the harddrive through a USB write blocker. If not, it may be necessary to remove the hard drive from the unit.

TomTom models such the TomTom One Regional, TomTom Europe, Go 510, Go 710 and the Go 720 store map data, favourites, and recent destinations on a removable SD card. This allows the forensic examiner to remove the SD card and make a backup with a write blocked SD card reader. The most important file for the forensic examiner will be the CFG file that is held in the map data directory. This holds a list of all recent destinations that the user has entered into the device. The information is held in a hex file and stores the represents grid coordinates of these locations.

Certain TomTom models (Go 510, Go 910, Go 920 etc.) allow the user to pair their mobile phone to the device so they can use the TomTom as a hands free kit. If the user has paired their phone to the TomTom device, then the TomTom will store the Bluetooth MAC ID for up to five phones, erasing the oldest if a sixth phone is paired. Depending on the phone model paired with the TomTom, there may also be Call lists, contacts and text messages (sent & received) stored in the device too.

Automated forensic analysis for TomTom GPS units is possible with software from Digivence - Forensic Analyser - TomTom Edition. Sample Report. Whilst not shown in the example report, call history, contacts, text messages, Bluetooth MAC ID, and unit info is also automatically processed if available.

Digital Camera Images with GPS Information

Some recent digital cameras have built-in GPS receivers (or external modules you can connect to the camera). This makes it possible for the camera to record where extactly a photo was taken. This positioning information (latitude, longitude) can be stored in the Exif metadata header of JPEG files. Tools such as jhead can display the GPS information in the Exif headers.

Cell Phones with GPS

Some recent cell phones (e.g. a Motorola EZX phone such as the Motorola A780) have a built-in GPS receiver and navigation software. This software might record the paths travelled (and the date/time), which can be very useful in forensic investigations.

External Links