Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, March 17, 2010

Forensics for GPS Unit

Blackthorn2 -


Forensic Analyser - TomTom Edition - - company seems to be dead
TomTology -
EnCase Enscript - can parse TomTom files once they have been recovered from a device


Device Seizure
\Garmin\GPX\Current.gpx is an text file that contains trips details

Cross Product

For forensics acquisition, examination and analysis platform for various platforms including Garmin, TomTom, and Magellan:
I like this product since it provides forensic quality data (including hashes).
Pricing:  Being requested.

Device Seizure
• GPS Waypoints, Tracks, Routes…
Price: USD 199 per license

TomTom Specific

Decoding of live data providing:
         Home Location
     Recent Destinations
     Last Journey Start and End Point (where available)
         Stored Phonebook
         Called Phone Numbers
     Received Phone Numbers
         Sent SMS Messages
         Received SMS Messages
         Location where TomTom was turned off

• Retrieving of deleted journeys from unallocated space proving same details as above for all recovered.

• Locating deleted phone numbers

• Locating deleted SMS Messages

Price: USD 250 per license

Retrieves location data.

Pricing: Being requested.

Not tools but useful pages of info:

Tom Tom GPS Forensics
Pinpointing TomTom location records: A forensic analysis

Posted on 03/17