6/12/2014

GPS

Increasingly, we are using devices that can track our travels with full knowledge, but also, at times, without realizing it.

I recently discovered in an article that some GPS road trafic information systems use the fact that, even when in standby mode, our mobile phones still receive a signal from the network terminals. A freak accumulation of phones on a road therefore indicates a traffic jam, the information can thus be relayed to those who suscribed to the traffic warning systems. Unknowingly, you contribute to those running systems.

In an organized crime case, it was ordered that a forensic examination be made on the GPS system of one of the cars that had been seized. Here is the account.

Some sophisticated cars have a GPS integrated system. The GPS in question includes a hard disk. Since the GSE's have sealed this hard disk, I was left here with an unusual analysis. I contacted the magistrate in charge of the case. The latter reassured me, he had sufficient evidence at his disposal. The examination was required in addition, just in case... I was left then with a hard disk to be analyzed, but without the detailed instructions, if I may say so.

My initial reaction was to make a bit-by-bit copy of the hard disk, by using the tools I needed for my other forensic examinations : a write blocker, the creation of an accurate digital image (taking into account any bad sectors on the disk) and its analysis. But here's the thing, a proprietary format that was not recognized by my analysis tools was used to format the disk. At my level, no analysis whatsoever could be performed... and I hadn't any worthwhile information at that moment.

I started my afternoon with phone calls. First I got through to Police Officer for more details on the GPS brand and model. I also called the French distributor, the German subcontractor, and the ''Europe'' distributor. After spending much time waiting for the on-hold music, calling back because of meetings, and secretariat filters, I reached the door opener that every forensic scientist know well (as does anyone who call for help support) : a technically competent person at the other end of the phone.

After several days of negotiations, explanations, and e-mail exchanges, we agreed to the following procedure : I would personally bring the hard disk to the technical parisian structure so that it could be analyzed in my presence via a special intern procedure specific to the manufacturer. Under conditions of confidentiality.

On D day, I found myself in a small suburban area, and was greeted by a careful technician. I described him the conditions under which I would like the operation to be carried out, I gave him my write blocker and my hard disk. He put everything into a proprietary analysis system that did the complete reading of the hard disk data. He explained me that the embedded GPS performs approximately one measure per second and stores it on the hard disk regarded then as an endless tape. I came out of that place with an Excel file containing all the measures (and of course the hard disk was sealed again).

I was just back home with a set of GPS coordinates that were converted to decimal degrees WGS84 (World Geodetic System 1984) and a list of valuable advice provided by the technician ''always use caution when converting if you intend to use maps so as to place points on it.''

It is indeed quite a challenge to move from those coordinates to my usual LAMBERT coordinates (used in spelunking with the military IGN maps) in sexagesimal format (base 60).


So I thought of using Google Earth that uses a simple cylindrical projection with a WGS84 datum for its imagery base. As a result, I was able to set the points from my Excel file on a map (after many attempts, I admit it). I was also able to track the movements of the car in question.
As well as its prolonged stops at some addresses. The addresses proved to be those of the alleged accomplices, supposedly unknown to the car user.

Since Google Earth is not an expertise software (read the terms of use) and does not ensure the accuracy of the deferred points, I carried out several tests with my IGN maps to check if I was not making a mistake. I submitted a full report detailing my method and the addresses of the identified stop points. The magistrate who was on the phone looked satisfied with my job. Unfortunately I don't know the follow-ups to my case, having been ''expelled'' from the procedure as soon as my report was submitted.

But since then, I don't see neither my phone nor my Tomtom device in the same way...

--------------------------------------
Translation by Kevin Oheix
Photo credit xkcd

The original note is here: http://zythom.blogspot.fr/2011/04/gps.html