My article on geo-location artifacts was chosen as the cover story in Digital Forensics Magazine for this quarter (Issue 9, November 2011). It has been some time since I have written anything for published media, and the process was intriguing. It definitely gives me new respect for journalists that pound out print articles two at a time.
Geo-location forensics has been a focus of my research for a while, and I am fascinated with how much information our devices record about our activities and how little we collectively seem to care. You can record my browsing habits all day long, but once you start tracking my physical location, it feels so much more like spying. Hence the title, Big Brother Forensics. As smartphones and mobile devices near 75% of personal computer sales, geo-tracking capabilities will become even more pervasive, and even more lucrative to marketers. Importantly, devices can be geo-located and store location artifacts even if they do not contain a GPS capability. This includes laptops, netbooks, and older smartphones. Many of the most popular applications today, like Twitter, store information that can be used to pinpoint a device’s location, even if the user has not opted into sharing his/her location. This is great for forensic analysts, but consider the ramifications when malware authors begin to take advantage of this.
This Digital Forensics Magazine article focuses on browser-based artifacts that can be found on nearly any Internet capable device. One of my favorite “pull quotes” is:
“Browser history is so useful, a critical shortcoming is often ignored; with today’s dynamic webpages, the vast number of web page requests go unrecorded. “
The most interesting artifacts I am finding these days are recorded by the browser cache, not in history files. But the browser is only one culprit happily recording geo-location data. There is a rogue’s gallery of other geo-artifacts kept by our various operating systems, file formats and applications. I plan to write more about this in the upcoming months. Until then, grab a copy of Digital Forensics Magazine, or come see me at the US Department of Defense Cybercrime Conference in January 2012. I will be giving a presentation at DoD Cybercrime on incorporating geo-location artifacts into forensic investigations.