A lightweight utility for gps device analysis by adam schneider gcfe ace
Download
1 / 11

A Lightweight Utility for GPS Device Analysis By: Adam Schneider GCFE, ACE - PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on

The TrackerCat Project. A Lightweight Utility for GPS Device Analysis By: Adam Schneider GCFE, ACE. Table of Contents. What is TrackerCat ? What are GPX f iles? What are KML files? Why was TC created? How is TC used? KML Screenshots What is the future of TC?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'A Lightweight Utility for GPS Device Analysis By: Adam Schneider GCFE, ACE' - chelsi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
A lightweight utility for gps device analysis by adam schneider gcfe ace

  • The

  • TrackerCat

  • Project

A Lightweight Utility for GPS Device Analysis

By: Adam Schneider

GCFE, ACE


Table of contents
Table of Contents

  • What is TrackerCat?

  • What are GPX files?

  • What are KML files?

  • Why was TC created?

  • How is TC used?

  • KML Screenshots

  • What is the future of TC?

  • Research and Links


What is trackercat
What is TrackerCat?

  • A Python utility for GPX file analysis.

  • A Github project created to improve TC’s features and functionality.

  • A heavily documented forensics project! 

    … The Github project is also dedicated to R&D of new open source tools for GPS analysis.


What are gpx f iles
What are GPX files?

  • GPS eXchangeFormat

  • An XML designed for recording GPS data (thousands of lines of code per file).

  • Contain trackpoints and waypoints.

  • Trackpoints are broken up into Active Logs.

  • Active Logs are historical logs of calculated “trips.”

  • Active Logs contain timestamps as do eachtrackpoint.

  • … They contain a LOT of data! 


What are kml files
What are KML files?

  • Keyhole Markup Language format (really named the OpenGIS® KML Encoding Standard)

  • Originally designed by Keyhole, Inc. (acquired by Google).

  • Used to store geospatial information (coordinates, location placemarks, etc).

  • Designed to be imported into Google Earth.


Why was tc created
Why was TC created?

  • To help infosec professionals explore GPX files if performing a manual analysis.

  • To provide analysts with a no-cost supplement to other forensic tools.

  • tc.py is an extremely simple but versatile programwith the goal of eliminating some of the complexity of conducting GPS forensics.


How is tc used
How is TC used?

  • Recursive GPX Extraction:

    python tc.py –e [Path]

    Including all historically archived logs

  • GPX-to-KML Conversion:

    python tc.py –i [gpx file] –o [kml file]

  • TrackpointTimestamp & Active Log Extraction:

    python tc.py –csv [gpx file]

  • Help/Feature Check:

    python tc.py –h


Kml screenshots
KML Screenshots

… snip... KML Active Log (XML Spy) … snip...

Trackpoint data in KMLs lack individual turn-by-turn timestamps. Each Active Log timestamp is preserved!

Coordinates for Active Logs in KML are actually in a huge chunk!

GPX Active Log Sample

(FTK Imager)


Screenshots part ii
Screenshots,Part II

XSLT Converted KML; made by TrackerCat, Viewed in Google Earth


What is the future of tc
What is the future of TC?

Github collaboration on TrackerCat means the possibility of advanced features like:

  • Extracting and dumping all times to body file format for the inclusion into case super timelines.

  • Mounting Image Files Directly

  • Master KML with all current & archived data

    … anything is possible!


Research and links
Research and Links

GPS Device Research Notes:

fork() Forensics & Infosec Blog

http://forensicsblog.org/research-gps-device-analysis/

TrackerCatGithubLanding (Basic Info):

http://irq8.github.io/trackercat/

TrackerCat on Github:

http://git.io/qDVR-Q

Contributors = progress!


ad