Evaluation of GPS EXIF Data Reporting for Digital Forensics Tools
Primary Investigator:
Umit Karabiyik
Mohammad M. Mirza, Dr. Umit Karabiyik
Abstract
Recently there has been an increase in the number of smartphone devices that can capture additional data (e.g., GPS tags) when a photo is taken. In many cases, responders and digital forensic investigators consider photos as an important source of information, especially if they are dealing with mobile investigations as photos might be embedded with corresponding GPS data. Therefore, many of the advanced digital forensics tools, including open source (e.g., Autopsy) and proprietary (e.g., AXIOM) have incorporated extraction techniques for EXIF data from media files. However, these tools only present a limited EXIF data related to Geolocation (i.e., latitude, longitude, and altitude). Although general GPS information would be satisfactory in some cases, there are other EXIF data inducing GPS (image) direction and speed that might aid investigators and can be considered useful in many investigation settings. In this research, we focus on investigating and demonstrating missing GPS EXIF data in forensics tools such as Autopsy and AXIOM, where they lack identification, examination, and presentation of these data. Moreover, this has led us to the development of a simple functional extraction tool that parse and preserve relevant GPS EXIF data for further examination by digital forensic investigators.