1 / 11

A Lightweight Utility for GPS Device Analysis By: Adam Schneider GCFE, ACE

The TrackerCat Project. A Lightweight Utility for GPS Device Analysis By: Adam Schneider GCFE, ACE. Table of Contents. What is TrackerCat ? What are GPX f iles? What are KML files? Why was TC created? How is TC used? KML Screenshots What is the future of TC?

chelsi
Download Presentation

A Lightweight Utility for GPS Device Analysis By: Adam Schneider GCFE, ACE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The • TrackerCat • Project A Lightweight Utility for GPS Device Analysis By: Adam Schneider GCFE, ACE

  2. Table of Contents • What is TrackerCat? • What are GPX files? • What are KML files? • Why was TC created? • How is TC used? • KML Screenshots • What is the future of TC? • Research and Links

  3. What is TrackerCat? • A Python utility for GPX file analysis. • A Github project created to improve TC’s features and functionality. • A heavily documented forensics project!  … The Github project is also dedicated to R&D of new open source tools for GPS analysis.

  4. What are GPX files? • GPS eXchangeFormat • An XML designed for recording GPS data (thousands of lines of code per file). • Contain trackpoints and waypoints. • Trackpoints are broken up into Active Logs. • Active Logs are historical logs of calculated “trips.” • Active Logs contain timestamps as do eachtrackpoint. • … They contain a LOT of data! 

  5. What are KML files? • Keyhole Markup Language format (really named the OpenGIS® KML Encoding Standard) • Originally designed by Keyhole, Inc. (acquired by Google). • Used to store geospatial information (coordinates, location placemarks, etc). • Designed to be imported into Google Earth.

  6. Why was TC created? • To help infosec professionals explore GPX files if performing a manual analysis. • To provide analysts with a no-cost supplement to other forensic tools. • tc.py is an extremely simple but versatile programwith the goal of eliminating some of the complexity of conducting GPS forensics.

  7. How is TC used? • Recursive GPX Extraction: python tc.py –e [Path] Including all historically archived logs • GPX-to-KML Conversion: python tc.py –i [gpx file] –o [kml file] • TrackpointTimestamp & Active Log Extraction: python tc.py –csv [gpx file] • Help/Feature Check: python tc.py –h

  8. KML Screenshots … snip... KML Active Log (XML Spy) … snip... Trackpoint data in KMLs lack individual turn-by-turn timestamps. Each Active Log timestamp is preserved! Coordinates for Active Logs in KML are actually in a huge chunk! GPX Active Log Sample (FTK Imager)

  9. Screenshots,Part II XSLT Converted KML; made by TrackerCat, Viewed in Google Earth

  10. What is the future of TC? Github collaboration on TrackerCat means the possibility of advanced features like: • Extracting and dumping all times to body file format for the inclusion into case super timelines. • Mounting Image Files Directly • Master KML with all current & archived data … anything is possible!

  11. Research and Links GPS Device Research Notes: fork() Forensics & Infosec Blog http://forensicsblog.org/research-gps-device-analysis/ TrackerCatGithubLanding (Basic Info): http://irq8.github.io/trackercat/ TrackerCat on Github: http://git.io/qDVR-Q Contributors = progress!

More Related