1 / 10

Forensic GPS Analysis: Visualizing Suspect Journeys

Dive into GPS and database analysis with a case study on extracting and visualizing suspect locations from a seized GPS device. Explore forensic, software engineering, and visualization aspects in a lab-based, group learning scenario.

brittania-sellers
Télécharger la présentation

Forensic GPS Analysis: Visualizing Suspect Journeys

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Quo Vadis? – An introductory case study in GPS and database analysis Dr R.I.Ferguson University of Abertay Dundee School of Computing and Engineering Systems

  2. Introduction • An intro to • Databases • XML • Forensic examination of mobile devices

  3. Context • “Enthusing” first years • Group based experiential learning • Problem solving • Could be used as a vehicle for other aspects of CS • Graphics • Data visualization • Software design • Etc. • ~85 students • 6 weeks • 3 hours/week • Lab-based • “free”/open-source software

  4. Scenario • A GPS device has been seized by police from a suspect (Mr John Doe) in a major drugs enquiry. They want to know if any useful information about the suspect's activities/whereabouts can be recovered from the device. Unfortunately the GPS unit is of a type that they've never come across before. They've made a copy of an SDcard found in the unit. The rest is up to you.......

  5. Task • The copy of the card is going to made available to you (see “Resources” below). You are to extract any location information you can (in a forensically sound manner) and turn it into a visualisation of the journeys undertaken by the suspect. You may use any technique/approach you like, although an approach based upon writing a simple (?) Java program to convert the data into a form suitable for import into GoogleEarth will be outlined in the first session.

  6. Marking Criteria • Forensic aspects: (10%) • Have you recovered all the data? • Is the method forensically sound? • Software Engineering aspects (30%) • Does it work? • Is the approach taken appropriate • Is the solution elegant? • Is it a good design? • Is the software well built (properly laid out, commented, tested etc.)? • Visualisation aspects (60 %) • Is the approach taken appropriate • Is the solution elegant? • Overall clarity • Are separate journeys clearly identified? • Is time/date information communicated clearly? • Is location information communicated clearly? • Are different modes of transport identified?

  7. Demo • The GPS unit/Sdcard – imaging (dd) • Airbox.dd (Hexdump, strings, gzip etc.) • Looking inside the image – • Loopback Mounting the filesystem (losetup) • First sign of database technology • Sqlite (sqlite3) • Data/User/FlightLog

  8. Sqlite3 Flightlog • .tables • .schema • Select * from Log • More specific queries • Journeys/waypoints • Programming • SQL querying from within Java (java, SQLjet) • Output some XML (actually kml)

  9. Exploration of visualization • Google Earth (as a GIS visualization tool) • Tours • Styles • Labelling • Flythroughs • Questions - • Where was the suspect at 3:00pm...? • How may times did he go to....? • When did he pass.....?

  10. Conclusion • Introduced aspects of databases • Could have been focused on other aspects (of DB) • Or other topics • Mean mark - ~62%, std dev. ~25% • Good engagement • Usual problems of group work • Quo Vadis? • Larger GPS data set • Expand into larger group project

More Related