Wednesday, November 3, 2010

Garmin GPS: What you don't know can track you!

Garmin GPS devices track their position by default (caveat: at least every device I have been given to examine!).  They will do so, approximately every 30 seconds, when powered on.  Notice I said nothing about navigating.  Simply powering the devices causes them to start logging their location.  While this feature can be disabled, it is buried in the settings and I suspect that most users are not even aware of it.

The data is stored in a GPX file, also know as the Global Positioning Satellite (GPS) Exchange Format.  The most current track, appropriately named "Current.gpx," is stored in the "/Garmin/GPX" directory on the device.  Older tracks are stored in "/Garmin/GPX/Archive" directory.  The archives take on the name ".gpx," e.g,. "1.gpx," "2.gpx," etc.  I have never seen more that 17 archived files, but I don't know if this is a system limitation or just a coincidence that I have seen it more than once.  The history can cover quite a time span: my most recent examination revealed a history of 6 months!

GPX files are in xml.  The Current.gpx file can have interesting entries, including the "Home" address of the device owner.  I have used this setting to reunite stolen devices with their owners or thieves back to their homes. But the most interesting information is the device track, which consists of a series of GPS waypoints or "trackpoints" recorded by the device.  Here is a sample from an archive file:

There are many ways to handle a GPX file, but I have found it is most useful to convert it to a KML, or Key Hole Markup Language, file for use with Google Earth.  While I know that Google Earth is not an open sourced application, and other tools like "gpxviewer" can map the GPX file directly, most of the people I support are Windows users that have experience with Google Earth.

There are two methods I am aware of for creating KML files.  The first is using an online resource, like GPSVisualizer.  Just complete the online form and upload your file to make a map that meets your requirements.  Other formats, besides Google Earth, are possible, including Google Maps, JPG, PNG, SVG, and text.

I don't like to rely on websites, however, because Internet connectivity is never assured.  Enter GPSBabel.  GPSBabel is a command line tool (gui available) to convert over 100 different types of GPS data formats.  A basic conversion can be as simple as:
gpsbabel -i gpx -f input.gpx -o kml -F output.kml
There are numerous options, that I won't cover here, to customize your output file.  They include labeling the way points with the date and time they were created, allowing you to easily visualize the track.  I'd recommend the use of a GUI to familiarize yourself with the customization options, though be aware that the GUIs seldom provide all available options.

I have used Garmin GPX files to map a suspects' travels and place him them at crime scenes.  I hope with this information you will be able to do so, too!

4 comments:

  1. Sir,
    My son was convicted of reckless driving for over 80 mph in VA. Would a garmin keep a log of his actual speed?

    ReplyDelete
  2. Mike,
    I've not seen the Garmin log speed, but speed is a calculation of distance over time. I would suggest that speed could be estimated, but not determined with exactitude because the tracks occur at approximately 30 second intervals.

    While you could determine the distance between two GSP track points, that would be "as a crow flies" and not account for road direction variations. Even if you accurately measured the distance between two track points following the road, you would not know the speed variances of the vehicle between the points, and any calculation would just show the average speed.

    I hope this answers your question.

    ReplyDelete
  3. Hi,
    I found sqLite timestamp entries with 9 digits in a Car navigation unit with Garmin software. eg. 947183221 Any idea what format this is, how to convert this ? I expect somewhere between 2018 and 2020.

    ReplyDelete
  4. It appears to be an epoch of 1989-12-31:

    sqlite> select datetime(947183221 + strftime('%s', '1989-12-31'), 'unixepoch');
    2020-01-05 18:27:01

    I like to use the strftime conversion because it is easier to remember epoch dates than the difference in seconds between the target epoch date and Unix epoch. But if you prefer to know the number of seconds:

    sqlite> select strftime('%s', '1989-12-31');
    631065600
    sqlite> select datetime(947183221 + 631065600, 'unixepoch');
    2020-01-05 18:27:01

    ReplyDelete

Time Perspective

Telling time in forensic computing can be complicated. User interfaces hide the complexity, usually displaying time stamps in a human reada...