Quo Vadis? – An introductory case study in GPS and database analysis

Dr R.I.FergusonUniversity of Abertay Dundee

School of Computing and Engineering Systems

Introduction• An intro to– Databases– XML– Forensic examination of

mobile devices

Context

• “Enthusing” first years• Group based

experiential learning– Problem solving

• Could be used as a vehicle for other aspects of CS– Graphics– Data visualization– Software design– Etc.

• ~85 students• 6 weeks• 3 hours/week• Lab-based• “free”/open-source

software

Scenario

• A GPS device has been seized by police from a suspect (Mr John Doe) in a major drugs enquiry. They want to know if any useful information about the suspect's activities/whereabouts can be recovered from the device. Unfortunately the GPS unit is of a type that they've never come across before. They've made a copy of an SDcard found in the unit. The rest is up to you.......

Task

• The copy of the card is going to made available to you (see “Resources” below). You are to extract any location information you can (in a forensically sound manner) and turn it into a visualisation of the journeys undertaken by the suspect. You may use any technique/approach you like, although an approach based upon writing a simple (?) Java program to convert the data into a form suitable for import into GoogleEarth will be outlined in the first session.

Marking Criteria• Forensic aspects: (10%)• Have you recovered all the data?• Is the method forensically sound?• • Software Engineering aspects (30%)• Does it work?• Is the approach taken appropriate• Is the solution elegant?• Is it a good design?• Is the software well built (properly laid out, commented, tested etc.)?• • Visualisation aspects (60 %)• Is the approach taken appropriate• Is the solution elegant?• Overall clarity• Are separate journeys clearly identified?• Is time/date information communicated clearly?• Is location information communicated clearly?• Are different modes of transport identified?

Demo

• The GPS unit/Sdcard – imaging (dd)– Airbox.dd (Hexdump, strings, gzip etc.)

• Looking inside the image – – Loopback Mounting the filesystem (losetup)

• First sign of database technology – Sqlite (sqlite3)– Data/User/FlightLog

• Sqlite3 Flightlog– .tables– .schema– Select * from Log• More specific queries• Journeys/waypoints

• Programming– SQL querying from within Java (java, SQLjet)– Output some XML (actually kml)

Exploration of visualization

• Google Earth (as a GIS visualization tool)– Tours– Styles– Labelling– Flythroughs

• Questions - • Where was the suspect at 3:00pm...?• How may times did he go to....?• When did he pass.....?

Conclusion

• Introduced aspects of databases– Could have been focused on other aspects (of DB)– Or other topics

• Mean mark - ~62%, std dev. ~25%– Good engagement– Usual problems of group work

• Quo Vadis?– Larger GPS data set– Expand into larger group project