Example Cell Phone Forensics Decision Tree, George Durkee - Operational Guide |
Mapping Photos (Updated 04/15/2021)
A recent case in LA County, CA prompted me to make a quick update to this blog.
Option 1: See if the photo has x,y stored in the metadata.
If a missing or lost subject can send you a photo, that photo should contain x,y coordinates (unless this is manually turned off). It does matter how the photo is shared as some apps will strip out the photo metadata, but it appears at least iMessages do keep location information as long as the photo was not taken using the iMessage app itself. Then you can use a variety of tools to inspect the EXIF of the photo and collect the x,y OR you can use tools to map the photo itself. Here is an example from ArcGIS Online (Thanks to Paul Ross for the reminder and Bernie for the blog post).
Example using iPhone that works
Example using iPhone that works
1) Person 1 (lost person) takes a photo with the iPhone camera app (do not use the iMessage app to take the photo, apparently it will lose the location information).
2) Send photo in an iMessage to person 2 (friend, SAR Team member, etc).
3) Person 2 saves the photo to "Camera Roll".
4) Person 2 opens "Photos", then "Albums".
5) Open the "Places" album, location shows up on the map. This gives you an idea of the location.
6) Gmail the photo to the search and rescue team or yourself.
7) Download the photo. Open the photo properties and then the "Details" tab.
8) Scroll down to the "GPS" section. It looks like it defaults to degree decimal minutes. You should be able to use most mapping systems (SARTopo, ArcGIS Online) to now map the location from coordinates.
Option 2: If that does not work, you might try some creative approaches like georeferencing the photo from visible landscape features like Ben did here https://twitter.com/ai6yrham/status/1382381870134951938. In this case, the law enforcement agency asked the public to help and fortunately, a citizen was able to come up with a solution that may have saved a life.
Rapid SOS (Updated 04/15/2021)
At the time of writing this blog post in 2016, I did not have much information about RapidSOS. This is another important way for emergency call centers to derive location from a cell phone.
For expediency I suggest going to the RapidSOS https://rapidsos.com/ website and finding out more, but here is an excerpt " RapidSOS is an emergency technology company providing a direct data link from connected devices to 9-1-1 and first responders. It connects more than 250 million devices directly to 3,500+ local public safety agencies.".
MyUSNG (Update 04/15/2021)
A free app I now keep on my phone is called MyUSNG - I've used when calling 911 to ensure proper location.
"MyUSNG reports the location of your device in US National Grid format (USNG). With a single tap on the screen, you will copy the USNG location into your clipboard. With a tap and hold, you can easily e-mail your USNG location.
MyUSNG also includes a simple map that will let you capture the USNG of locations away from you, or center the map. The United States National Grid (USNG) is a nationally consistent language of location in a user friendly format. USNG is commonly used during Search and Rescue operations in the United States. For more information about USNG visit usngcenter.org."
Apple https://apps.apple.com/us/app/myusng/id1281298855
Android https://play.google.com/store/apps/details?id=com.esri.myusng&hl=en_US&gl=US
These are free apps that can be used to locate persons that need help, are responsive, and can access the network - even with a fairly limited connection (using SMS). It is a good idea to get familiar with all four as they can be used in different circumstances.
YourLo.ca/tion (Michael Coyle @Michael_F_Coyle)
"Free" mode: users can go to the website, and generate an URL. You text the URL to the lost person. The web page loads, determines the location, and sends you the location via email.
"Advanced" mode:
- Agency signs in and creates a new request. Form auto-fills details and includes a field to reference a unique ID for the request.
- Agency sends text to subject via the web (back end is Twilio)
- Agency monitors the request on the monitor page
- When subject loads the web page, location is "pushed" to the monitoring page.
- Location displays on google maps
- Page "pings"
- Estimated error displayed
- Coordinates in Lat/Lon and UTM
- Can download GPX / KML
- Send and receive SMS with subjects
- SMS log with subjects
Cellular GPS (Point of Contact Chris Thompson)
Cellular device geolocation web app https://gps.asrc.net/help (updated link, is not using "https" so you may need to click "proceed" at the bottom of the warning message). This app is very simple. It basically sends a text message to a cell phone, requests to activate GPS, then sends maps of coordinates of SMS reply.
- A SAR Team member should login from a PC browser (as a Guest).
- Enter a phone number and short message. Once the person receives the text message and clicks on the link - the coordinates and accuracy will be sent to the admin console.
- Go to the admin console and click on the coordinates under the Location column.
"Any 911 dispatcher can ask a wireless caller to browse to "findmesar.com", open that web page and soon read off their coordinates usually with a 10 meter or better location accuracy."
The person who needs help has to be told by voice or text to browse to findmesar.com and might need to give permission for their browser or the app to use location services. If the user cannot get online with their browser, then the app will not work.
The “Next format” button cycles through four coordinate formats including USNG (same as MGRS). Each coordinate format has a different colored screen.
The app continuously asks the API for the user’s location. The first location displayed will likely have a high accuracy. If the user is outside or even next to a window, then in well under a minute the accuracy value will usually be 10 meters or less.
The person who needs help has to read or text the coordinates and accuracy to whoever is receiving their information.
There is more documentation at:
SARLOC
"SARLOC has been around since 2011. It has been used by many teams around the world but is mainly used in the UK.
In the UK we use a program called MRMap (www.mrmap.org) to track team members radios which have a GPS in the handset. Each radio has a unique ID."
In the UK we use a program called MRMap (www.mrmap.org) to track team members radios which have a GPS in the handset. Each radio has a unique ID."
SARLOC uses the web browsers geolocation API to attempt to get the phones position.
SARLOC can be activated in three ways.
- The team send a link to the LostPer with a radio ID as a parameter. When the user clicks on the link, the radio ID gets added to an online database with its location and it appears on the MRMap screen
- MRMap can make a web call to SARLOC passing in a radio ID. SARLOC then generate a unique token and sends an SMS to the LostPer. When SARLOC gets the position back, it retrieves the radio ID associated with the unique token and adds it to the online database when MRMap can display it from.
- Where the MRT does not have internet access, the team can send an SMS to a virtual ‘phone number provided by the SMS gateway provider (In our case this is WorldText) The provider calls a SARLOC URL and SARLOC sends the SMS to the LostPer. When SARLOC gets the position it sends it back to the MRT as a text message. therefore they do not need internet access.
Russ Hore has a worldwide version you can test with.
The LostPer needs to click on the following URL;
After the MYID= the MRT need to add something unique to them such as PaulDoherty_2016_06_01
When the LostPer click on the link, the location can be seen at;
Fixes at this URL are removed after 72 hours. To see historical hits use;
Having Trouble?
If you run into any issues, consider the device's browser settings (Help for Chrome / Android and Safari / Apple).
Remember these are not "apps" you download onto your PC or Mobile Device, they are websites with special capabilities. Therefore, bookmark or add shortcuts to your home screen.
Key Message
(By Joseph Elfelt)
"It is likely that no one app will always be best suited for all circumstances. I invite everyone to take a look at these apps and get a sense for what they do and how they do it. Then when a SAR mission comes along you will be able to make a well-informed choice as to whether any of these apps will be helpful.
All three apps use the same browser geolocation API. That API uses the cell phone’s location services to obtain (1) latitude longitude coordinates in decimal degrees and (2) accuracy in meters. If you draw a circle at the coordinate and use the accuracy value for the radius then the specification says there is supposed to be a 95% likelihood that the cell phone is inside that circle."
For documentation on that API see:
Cell Phone Forensic Workflows for SAR
Finally, George Durkee of Columbia College have put together the "Operational Guide to Cell Phones for SAR" a living document that should be extremely helpful for SAR Teams in the coming months.
Nice list and informative post. Thanks.
ReplyDeleteAnother tool for folks to explore is Most Likely Area http://www.mostlikelyarea.com/
While MLA has a cost associated with it, it has some slick integrated tools. 1) communicating with subjects [recorded voice or collaborative SMS], 2) collaborating with other SAR team members, 3) accuracy rings, 4) locations are not shared with the world, 5) the ability to export data as .kmz files, 6) carrier lookup, and 7) it also has cellular forensic tools that some may find useful. Justin Ogden with the Civil Air Patrol runs the site. Justin is the go to guy for AFRCC cellular forensics.
I have no financial interest in MLA (other than paying to use it) and am not posting my team affiliation as the team does not endorse products.
Jeff Sparhawk
Great content! Thanks.
ReplyDelete