It came to my attention that there are still very few investigators that are aware of what treasure the triplog files in the STATDATA folder of many of the TomTom GPS devices hold.
So, for those that are not aware
The triplog files hold complete trip GPS information in a resolution of 1 to 5 seconds (depending on the TomTom device and version).
As you know, generally, TomTom forensics does not provide any timestamps, while these files have it in such a high resolution.
For more information and a way to decrypt them, please PM me.
Best regards,
RonS
Hi Ron,
It doesnt seem like I can send PM's at the moment…no idea why!
Could you PM me the details?
Thanks!
got your PM and replied
For those of you that never had a chance to see what data is stored in the trip-log files, here is something Cellebrite decrypted
http//
You will see several triplog files as they are stored in the STATDATA folder on a TomTom GPS and the decrypted files that were created by Cellebrite in a form of kml files that can be viewed using Google Earth.
As you can see the GPS fixes are in a 1 second resolution.
RonS
Hi Ron,
I PM'd you, though I'm not sure if it's been sent properly. I too would appreciate it if you could PM me the details for this.
Cheers,
Phil H
Since you seem to be sending details privately, why not just post those details here?
There is a lot of good evidence in most Satnavs.
I put a video up on Youtube a couple of years ago showing what can be done with data from a Garmin.
The link is- http//
I'll save y'all the trouble.
When you PM him asking for help on the thread he started about these files you will get a kind response in no uncertain terms that says "BUY CELLEBRITE" or cellebrite can do that.
Hope that helps ya.
thank you armresl,
But because of many questions, I have posted the sample files to show what is in these files since investigators are not aware of the data in them.
And, yes, Cellebrite can decode them.
Should I be hiding this?
RonS
Ron,
I believe that investigators of sat navs are aware of what kind of data is contained in these files, as many white papers and much research has been carried out into TomTom devices, and what data is stored within them; many of which make reference to these files.
However, as far as I know, you are the only person to come out and say you have successfully managed to decrypt them.
So, for everyone reading this; when will this feature be incorporated into Cellebrite, and if you choose not to include this feature, will you make the technique public knowledge so other practitioners can benefit?