ebook img

Google Earth Forensics: Using Google Earth Geo-Location in Digital Forensic Investigations PDF

115 Pages·2014·6.994 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Google Earth Forensics: Using Google Earth Geo-Location in Digital Forensic Investigations

Google Earth Forensics Using Google Earth Geo-Location in Digital Forensic Investigations Michael Harrington Michael Cross AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Syngress is an Imprint of Elsevier Acquiring Editor: Chris Katsaropoulos Editorial Project Manager: Benjamin Rearick Project Manager: Surya Narayanan Jayachandran Designer: Matthew Limbert Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA Copyright © 2015 Elsevier Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the Library of Congress ISBN: 978-0-12-800216-2 For information on all Syngress publications visit our website at http://store.elsevier.com/ Biography Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet specialist/ computer forensic analyst with the Niagara Regional Police Service (NRPS). He performs computer forensic examinations on computers involved in crim- inal investigation. He also has consulted and assisted in cases dealing with computer-related/Internet crimes. In addition to designing and maintaining the NRPS Web site at www.nrps.com and the NRPS intranet, he has provided support in the areas of programming, hardware, and network administration. As part of an information technology team that provides support to a user base of more than 800 civilian and uniform users, he has a theory that when the us- ers carry guns, you tend to be more motivated in solving their problems. Michael also owns KnightWare (www.knightware.ca) that provides computer- related services such as Web page design, and Bookworms (www.bookworms.ca), where you can purchase collectibles and other interesting items online. He has been a freelance writer for several years, and he has been published more than three dozen times in numerous books and anthologies. He currently resides in St. Catharines, Ontario, Canada, with his lovely wife, Jennifer, his darling daughter, Sara, and charming son, Jason. Michael Harrington is a former law enforcement officer with over 10 years of experience in digital forensics. He lectures on mobile forensics around the world and has been involved in various forensic projects including Pandora’s Box and WOLF. Michael has been published in the Thomas J Cooley Law Jour- nal and on Forensic Focus. He also writes on the subject of mobile forensics at http://mobileforensics.wordpress.com/. vii CHAPTER 1 Google Earth Basics INFORMATION IN THIS CHAPTER: j What is Google Earth? j Google Earth for Forensics j Flavors of Google Earth j Installing Google Earth WHAT IS GOOGLE EARTH? Google Earth (GE) is a tool that provides you with the ability to view the planet through a virtual globe, and tunnel down to examine more detailed informa- tion. Using it, you can navigate through satellite images, aerial photography, and even views of street level imagery and 3D models of the world. This not only includes landmasses on Earth, but other locations like oceans, the moon, Mars, and outer space. Features in Google Earth even allow you to take tours of locations, or fly across locations using a flight simulator. Looking at some of these features, you might think that Google Earth is just a nov- elty or some kind of toy, but that is not the case. By entering in an address or coor- dinates of a location, GE will display a map that includes the labeled position of the place you are searching for. You can then zoom in to see 3D structures or actual photos of a location. As we will see in the chapters that follow, you can also view areas of the earth using custom maps or overlays, which contain data imported from GPS units, other devices, or files you have created. The real world, practical applications for this tool are varied and sometimes amazing. How Google Earth is Being Used As a resource, it is often only limited by your resourcefulness. For years, Google Earth has been used by teachers creating lesson plans involving geography 1 Google Earth Forensics Copyright © 2015 Elsevier Inc. All rights reserved. 2 CHAPTER 1: Google Earth Basics and location. Through this application, students can see population densities, learn about migration, and how cultures have evolved and interacted in differ- ent locations. Other examples of the usefulness of this tool include: j In 2014, aboriginal groups began using Google Earth to map First Nations territories in Canada. Some of its uses will be to compare relationships, track environmental changes, and resolve potential land-claim issues [1]. j The U.S. Fish and Wildlife Service provides data on wetlands that can be displayed in Google Earth [2]. Police throughout the world have used Google Earth in a variety of ways, from investigating crimes to sharing information with the public. Crime analysts in law enforcement agencies gather data from police reports and/or other sources, and may have this information made available through Google Earth. For example, the Shawnee Police Department in Kansas provides data that can be loaded into GE to see locations where robberies, auto thefts, vandalism and other crimes have taken place [3]. In another example, Sheriff’s deputies in Humboldt County, California pulled over a man with approximately $63,000 in marijuana, and used the coordinates in his GPS device to find several fields of pot. The local coordinates were entered into Google Earth, allowing them to display the locations quickly and gain an understanding of the terrain. As you might expect, if Google Earth is used by police, the criminals are also probably using it. In 2009, Tom Berge used it to review aerial photographs to find buildings that had lead roof tiles. Over a 6-month period, he would find targets with Google Earth by searching for darker than normal roofs. He would then go to a location where he would climb onto the roof, and steal the tiles so they could be sold for scrap metal [4]. Another example of GE being used for criminal activity occurred in 2014, when burglars were found to be using it to scout the best way in and out of houses they were breaking into [5]. GOOGLE EARTH FOR FORENSICS Forensics is the use of scientific or technological techniques to investigate and establish facts. In a criminal case, the facts you are looking for will be evidence of how a crime was committed and who was responsible. In looking at tradi- tional methods, an investigator would visit a crime scene and gather finger- prints, fibers, and take photographs. Throughout a process of preserving the crime scene and identifying, gathering and examining evidence, information is carefully documented. This is used in the hopes of understanding what occurred, and so that it may be used to identify, arrest and convict the person(s) responsible. Even though it is physical evidence that is being handled, the same basic principles apply to digital forensics. Google Earth for Forensics 3 Digital forensics is a newer branch of forensics, in which evidence is gathered from computers and other devices capable of storing digital information. This not only includes data stored on a computer’s hard disk, but geo-location in- formation, pictures and other data stored in mobile phones, tablets, GPS units and other devices. As we will discuss in Chapter 5, just like fingerprints and other physical evidence is investigated by following best practices and proce- dures, digital forensics also follows a process of seizing, acquiring, analyzing, and reporting what evidence is found. Digital forensics differs from traditional forensics in how it is used and who is using it. A criminal investigation will generally be conducted by members of law enforcement, but digital forensics may also be used by organizations and individuals. A member of the IT department may be the first responder to a breach in security (such as a hacking attempt), discover illegal photos on a computer, or involved in internal investigations of other employees. In other circumstances, such as private investigation, the data on a device might be examined to determine if a person had conducted themselves in an inappropriate or illegal manner. Regardless of the situation, an investiga- tor may use the same software and hardware as police, and should follow the same best practices and procedures that law enforcement use. Not only do these methods prevent evidence from being compromised, but they will prevent the evidence from being challenged and dismissed if the case needs to go to civil or criminal court. While we will discuss a number of tools used to acquire data from a device, the location-specific information gathered often is not meaningful until it is analyzed. The raw data is useful, but if it is a series of coordinates referencing a location on the Earth, what does that tell you? After all, if I tell you I found the coordinates 38.8977°N, 77.0366°W on a cell phone, it is not as significant as showing you that this is the location of the White House. Using Google Earth, you can search and display location-specific information in a way that is more telling than the raw data. Using it as a forensic tool, you can so such things as: j Import data from mobile devices and GPS units to determine a route that was taken, or locations that a person visited j Determine the location where a photo was taken using geo-location information stored in a digital picture j Create maps that display locations that a person visited, and movies that covey location-based information in a compelling format for investigations and court Throughout this book, we will discuss these and other ways Google Earth can be used and the methods involved in acquiring, analyzing and reporting 4 CHAPTER 1: Google Earth Basics Table 1.1 Google Earth for Web Requirements Operating System Browser Microsoft Windows Google Chrome 5.0-37.0 (32-bit) Vista or higher Internet Explorer 7-9, 10-11 (in compatibility mode (32-bit)) Firefox 2.0 or higher Flock 1.0 or higher Apple Mac OS X Google Chrome 5.0-37.0 10.6 or higher Safari 3.1 or higher Firefox 3.0 or higher geo-location information. However, before you get a taste of this, let us look at the flavors of Google Earth available to you. FLAVORS OF GOOGLE EARTH When you visit the Google Earth site (www.google.com/earth), you will find there are several variations of the product for different platforms and different uses. These are: j Web j Mobile j Desktop j Enterprise As we will see in the sections that follow, each of these versions allow you to view and navigate through 3D maps, satellite images, and view Earth data. Not all of them will be equally useful to your needs, so it is important to consider how you plan to use the tool, and what you will be using to run it. Google Earth for Web Originally released in 2008, the Web version is a free plug-in that installs on your browser, and allows you to use features of Google Earth through Web pages. Web developers can place a version of GE on Web pages, dis- playing custom maps or integrating features into online applications that communicate with a free JavaScript API (Application Programming Inter- face) that Google provides. When you visit such a site, the page loads and the plug-in can display a 3D globe, custom maps, and other Google Earth content. The plug-in is available on the Google Earth site. By visiting the plug-in page at http://earth.google.com/plugin.html, you can download and in- stall the plug-in on any of the supported browsers and operating systems (Table 1.1). Flavors of Google Earth 5 It is important to note that if you are trying to install the plug-in on Firefox, it will not install while Firefox is running. As such, you need to download the plug-in, shutdown Firefox, and then run the installation. Google Earth for Mobile Devices The mobile app for Google Earth was also released in 2008, and allows you to access Google Earth features through a smartphone, tablet or other mobile de- vices. Versions of the app are available for iOS and Android devices, and avail- able to download through app stores like Google Play and iTunes. In 2012, Google also provided the ability to view custom content on the mobile version of GE, allowing you to view any custom maps or overlays available on a page by clicking the link to an associated KML file (which we will discuss in detail in Chapter 3). Once you click on the link to a Google Earth file, the mobile app will open and automatically launch and load the custom map. The app has features that are remarkably useful to mobile users, such as the abil- ity to view public transit and traffic information. The traffic view overlays colored lines on a map to tell you the estimated speed that traffic is flowing, and icons indicating road closures and other conditions. To get an idea of this feature on a computer, you can visit Google Maps (http://maps.google.com) and type “Traffic Near” followed by the name of a location into the search box. Similarly, the public transit view overlays transit lines on a map to tell you about public transportation in a particular area. You can also see this in Google Maps by searching for a loca- tion, and when the map the area appears, typing “Transit” into the search box. Google Earth Enterprise In addition to these two versions, there is also an Enterprise edition, which is designed for larger organizations. Using Google Earth Enterprise (GEE), a company can create and store imagery on their own server infrastructure, and make it available to users. The maps can be published and viewed with any of the previously mentioned versions of Google Earth, or through a custom ap- plication that uses the Google Maps API. GEE is actually a package of software that resides on client and server ma- chines, and is made up of several components: j Fusion, which is used to combine images, terrain, KML and other data into a globe or map j Server Software, which is used to host the globe and maps provided to users j Client, which allows users to view the globe and maps j Google Earth API, which allows developers to incorporate Google Earth features into Web applications and pages, allowing your company’s data is viewed in a way that’s customized to your organization’s needs 6 CHAPTER 1: Google Earth Basics GEE is used to distribute geographic information across a wide audience of users in an organization. For example, an advertising company might use it to create a custom map of current customers, which the sales people could use to view information on clients. A police department might use it to re- cord the location of different types of crimes, which could then be used as a reference for high-crime areas and to see where clusters of certain crimes are committed. Such applications of the tool could be helpful in determining where additional people need to be deployed to properly service an area. The kneejerk reaction might be to buy the Enterprise version, since those types of versions generally have the most features. For forensics purposes, GEE is probably more than you need. Google Earth is used in such circumstances to examine and report geographic data, and generally not to publish evidence to a large audience. As such, in discussing Google Earth in this book, we will be discussing the Free or Pro versions of the product. Free vs. Pro Desktop Versions There are two versions of Google Earth that you can install on your computer. j Google Earth, which is a free version of the application j Google Earth Pro, which (at the time of this writing costs $399 per year), and provides additional tools for business users. If you are unsure if you want to purchase the Pro version, a 7-day trial version is available. The free version of Google Earth is intended for home or personal use, and is often the best choice for others to view the findings of your investigation. Without having to purchase a copy of the program, a person can install the free version on their desktop and view satellite and aerial imagery, as well as custom map data. You can also import and manually geo-locate GIS images, and save or print the information you’re viewing as screen resolution images. Unlike the Pro version, the free copy of this product contains in-product ads. This should not be a big sur- prise. After all, if you are not buying it, Google has to make their money somehow. Google Earth Pro is designed for commercial use, and provides the same fea- tures as the free version with additional features added. Using it, you can mea- sure areas of a polygon or circle on a map, and print or save the informa- tion as high-resolution images. You can also create movies using this version, thereby enabling you to share videos that show a user the information you feel is important. This version also allows you to import data and images from GIS systems your company might use (such as shapefiles from ESRI and MapInfo tab files), and provides the ability to batch geocode addresses, regionate large datasets, and automatically geo-locate GIS images. Using the Pro version with such datasets, you can take a dataset and quickly map thousands of addresses. You can also access demographic, parcel and traffic data layers, map multiple points on a map at once, and use tools that are not available in the free version. Flavors of Google Earth 7 Table 1.2 Google Earth System Requirements Operating System Minimum Recommended Windows XP or higher, with j Pentium 3, 500 MHz j Pentium 4.2 GHz or Windows 7 or 8 (or higher) CPU higher or AMD2400 xp recommended j 512 MB of memory or higher CPU (RAM) j 1 GB or higher of j 500 MB free hard disk memory (RAM) space j 2 GB of free hard disk j Network speed of space 128 Kbits/s j Network speed of j Graphics Card (Direct 768 Kbits/s X9 and 3D capable with j Graphics Card (Direct 64 MB of VRAM) X9 and 3D capable with j Screen resolution of 256 MB of VRAM) 1024 × 768, 16-bit High j Screen resolution of Color with Direct X9 1280 × 1024, 32-bit (to run in Direct X mode) True Color Outlook 2007 or higher is also required for email functionality Mac OS X 10.6 or higher, j Any Intel Mac CPU j Dual Core Intel Mac CPU with OS X 10.6.8 or higher j 512 MB of memory j 1 GB or higher of recommended (RAM) memory (RAM) j 500 MB free hard disk j 2 GB of free hard disk space space j Network speed of j Network speed of 128 Kbits/s 768 Kbits/s j Graphics Card (Direct j Graphics Card (Direct X9 and 3D capable with X9 and 3D capable with 64 MB of VRAM) 256 MB of VRAM) j Screen resolution of j Screen resolution of 1024 × 768, “Thousands 1280 × 1024, “Millions of of Colors” Colors” Linux (Kernel 2.4 or j Pentium 3, 500 MHz j 1 GB or higher of later, with 2.6 or higher CPU memory (RAM) recommended) j 512 MB of memory (RAM) j 2 GB of free hard disk j 500 MB free hard disk space space j Network speed of j Network speed of 768 Kbits/s 128 Kbits/s j Graphics Card (Direct j Graphics Card (Direct X9 and 3D capable with X9 and 3D capable with 256 MB of VRAM) 64 MB of VRAM) j Screen resolution of j Screen resolution of 1280 × 1024, 32-bit color 1024 × 768, 16-bit High j glibc: 2.3.5 w/NPTL or Color later j glibc: 2.3.2 w/NPTL or j x.org R6.7 or later later j XFree86-4.0 or x.org R6.7 or later

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.