Notifications
Clear all

Sat Nav Forensics

DebFergie
(@debfergie)
New Member

Hi everyone,
I am writing my masters degree dissertation on forensic analysis for sat nav using TomTom 530 and One Europe as case study.
Please can anyone help me?
I understand that I will get help here since TomTom acquisition and analysis project has been done but not widely acceptable yet.
I also want help on how to open a .dat file as the user information are stored as .dat file in the TomTom memory.
Thanks.
Deb.

Quote
Topic starter Posted : 13/07/2008 7:03 pm
tootypegs
(@tootypegs)
Member

at the risk of making myself sound stupid I'l see if i can help out………

Most of the files ive found in TomToms the one ive found to have the most information is the .cfg file. The best way to view this file is through a hex editer as this file contains the destinations, recent and favourite and the long and lat coordinates of the destinations. In order to interpret the coordinates you will need to view the hex. As well if you look closely at each destination you'l find they have different hex 'Flags' depending on whether they are a 'favourite' or 'recent' desitintion and so on. Once you've located the structure of each entry you should be able to create a 'GREP' and use this in Encase (if you use it) to search for deleted entries.

I've gound my .cfg file to be prefixed with something like GBR but I only had the Great britain map set on mine. You may get more .cfg files for different mapsets like europe that you said you were investigating?

I believe modern sat navs now have bluetooth and contacts and what not, not just your plain old satnavs so these might be data you may also want to have a look at!

I hope this could get you started but I believe attacking it with a hex editor would be the best way to go about things, if aI'm wrong on any points guys please feel free to put me right on anything

ReplyQuote
Posted : 13/07/2008 8:45 pm
trewmte
(@trewmte)
Community Legend

Deb have you looked at TomTology at www.forensicnavigation.com?
See if Phil Sayers is around to chat with you.

Greg

ReplyQuote
Posted : 13/07/2008 11:21 pm
DebFergie
(@debfergie)
New Member

Deb have you looked at TomTology at www.forensicnavigation.com?
See if Phil Sayers is around to chat with you.

Greg

Thank you so much for your help Tootypegs and Greg.
I have used POIEdit software to open the .cfg file. I have tried to modify the data and to investigate further and also trying to write a code to spot abnormalities.
Greg, I had a chat with Andy from www.forensicnavigation.com and he has been so helpful.
Tootypegs, can I also use FTK as that is the one that I can lay my hands on right now.
Also, do anyone have materials that I can reference in my literature review.
Thanks.
Deb

ReplyQuote
Topic starter Posted : 22/07/2008 7:12 pm
DebFergie
(@debfergie)
New Member

Tootypegs,
I only have one .cfg file on the TomTom One and the TomTom 530, I am just mapping out locations on it, I mean using it lamely before the investigation begins. I have the .cfg file saved as an excel; I am wondering if I can do some data mining. Any advice on that?
Thanks.

ReplyQuote
Topic starter Posted : 22/07/2008 7:17 pm
ebl31
(@ebl31)
New Member

http//www.gpsforensics.org/tomtom_forensics.html

ReplyQuote
Posted : 30/07/2008 11:04 am
dandaman_24
(@dandaman_24)
Active Member

Deb have you looked at TomTology at www.forensicnavigation.com?
See if Phil Sayers is around to chat with you.

Greg

We took delivery of the CODED kit from www.forensicnavigation.com last week. Very well made piece of kit we managed to extract data from one of the newer TOMTOMS and parse the data through their software without too much trouble.

ReplyQuote
Posted : 03/07/2015 3:31 pm
radiac
(@radiac)
New Member

Hi,

did everybody here managed it to get a dump of a TomTom Start 50?! Neither UFED nor FTK can get a dump. It's recognized as a device on my computer, but not as storage device.

ReplyQuote
Posted : 07/03/2016 10:14 pm
RolfGutmann
(@rolfgutmann)
Community Legend

gpsforensics.org-link has changed, start here

GPSforensics TomTom Forensics

ReplyQuote
Posted : 07/03/2016 10:37 pm
andysayers
(@andysayers)
New Member

As dandaman_24 points out, you can use CODED from forensicnavigation.com to download the start 50.
TomTology2 will then parse through the image and give you a report.

ReplyQuote
Posted : 23/03/2016 6:47 pm
Ady_F liked
Ady_F
(@ady_f)
New Member

Hello Team,

Sad to learn that Forensic Navigation Ltd has closed down. Thank you Andy and Paul for all you have done to help assist and advise us in the past 10 years.

Does anyone on here have the 'PIN-OUTS' for a TomTom Go 950 Live ? 

ReplyQuote
Posted : 21/04/2021 10:44 am
Share: