Global Positioning System (GPS) devices have been established over the years as being useful sources of evidence. For criminal investigations, accident reconstruction, search and rescue, and more, there are many situations where GPS data can prove invaluable to examiners in a GPS forensics case.

GPS Overview

The Global Positioning System, also referred to as NAVSTAR, is the system of 32 satellites put into orbit by the United States. There are other such systems, such as Russia’s GLONASS, but NAVSTAR was the first fully functioning system with global coverage. Due to the way the satellite orbits are set up, any given GPS device should have access to at least 4 satellites anywhere in the world, though this obviously does not work perfectly due to various obstructions such as mountains or tall buildings, inclement weather, and other device interference. With access to at least 4 satellites, GPS devices are able to calculate time, latitude, longitude, and altitude, giving GPS users thorough knowledge of their whereabouts. The accuracy of these devices improves when they have access to more satellites, as more satellite data is available to them and thus more precise calculations are possible.

There are four main types of portable GPS devices including aviation devices, maritime devices, automotive devices, and handheld devices. Automotive devices lead the pack in popularity, which is not surprising when you consider how many automotive vehicle owners there are and how many vehicles have a GPS device as standard equipment. Some of these device types function slightly different than others, such as North American aviation GPS devices. Due to strict FAA accuracy requirements, the Wide Area Augmentation System (WAAS) was developed. Instead of just using orbital satellites to calculate a plane’s location and altitude, a series of fixed ground GPS stations were set up to assist with accuracy, making it possible for planes to calculate their location within an accuracy of 7.6m, 95% of the time.

All of these types of GPS devices have proved useful time and time again for forensic examiners. They are capable of providing an incredible amount of location information, making GPS forensics a very common source of data in a wide variety of cases.

Standard GPS Forensics Data

There are two categories of information that most GPS units can provide examiners. The first is system level information, which is data that the device itself records, independent of the user. The second is user created data, which is data that requires user interaction in order to be recorded.

These two types of information may be broken up further. Within system level information, there are trackpoints and a track log. When a GPS device has been powered on and recognizes enough satellites, it will begin recording trackpoints on its own. These points record location data and are tracked at a predetermined interval, though many devices allow the user to create trackpoints at certain time/distance intervals of their choosing. Beyond that, users are generally unable to alter trackpoint data.

The track log is simply a list of all recorded trackpoints, listed in the order they were recorded. Users may use the track log to retrace their steps and navigate back to a previous location if need be. In terms of forensic use, examiners can use the track log to chart a clear path of where the GPS device was located and at what time. In criminal investigations, this kind of information could be used to help determine where and when a crime may have taken place.

As for user created data, there are waypoints and routes. Waypoints are locations that users must physically enter into the device themselves, which can be done by pinning a location they were at, entering a location as an address, or by selecting a point of interest in the device. Similar to trackpoints, waypoints can be found again in the future by using the GPS device as a guide.

As might be expected, a route is basically the waypoint equivalent of a track log. By using a route, users can navigate to waypoints in any order they choose. Once a user creates a route, the GPS device will guide them to each successive waypoint and automatically jump to the next waypoint when one is reached.

While all of this data can be useful to forensic examiners, in general there is a difference between what system level data and user created data may be used for. Since system level data is entered by the device itself, it can help prove that someone was at a specific location, or at the very least it proves that the device was at a specific location. On the other hand, user data can help with proving intent, as it requires someone to enter the data itself. In a criminal investigation, this would help prove that someone was intending to go to a specific location.

Portable GPS Device Capabilities

In addition to the previous four groups of devices mentioned, portable GPS devices can be broken into groups based on their capabilities. These include Simple, Smart, Hybrid, and Connected devices.

Simple devices can essentially only track basic routes and will store the four types of data mentioned in the Standard GPS Data section. They may also have a USB connection. The most popular types of portable devices are Smart devices, which are USB mass storage devices and typically carry at least 2GB of internal data storage, the ability to utilize SD cards, and other useful features like point of interest lookup, favorite locations, and sometimes even an mp3 player.

Hybrid devices have all the capabilities of smart devices but are also able to Bluetooth connect to a mobile phone and be used for calls. This of course allows forensic examiners to not only have access to the typical location data, but also valuable calling data that would normally only be accessible on the phone itself. Connected devices are like Hybrid devices, but they have their own GSM cellular radio and SIM card.

Whichever type of device is being used, there is a wealth of information to be gained by an experienced forensic examiner. Obviously it can be much more helpful if there is also access to things like calling data, but even simple devices are useful when it comes to an examination.

