Forensic geolocation and GPS data analysis

Forensic Geolocation Data Recovery and Analysis

Media Forensics offers forensic geolocation data recovery and analysis that can identify where a smartphone (or GPS device) is with accuracy well above typical cell tower location data. It is important to remember that it is the device location, not necessarily where the owner of the phone is.

Accessing Cell Tower Location Data

Law Enforcement Agencies (LEAs) regularly utilise cell tower data based upon a mobile phone’s tower connectivity. While the tower location data is accurate to within a few metres, the location of the phone could be 1KM^2 to 10KM^2 off. Relying solely upon a tower location and sector connection is typical of the location data often central to the Prosecution’s case. Information about the tower that the phone is communicating with is very limited and can potentially result in incorrect assumptions about a person’s whereabouts if the phone is handed off to an adjacent tower due to congestion or maintenance of the tower.

Cell tower sector handoff and tracking of phone
Cell Tower Hand-off

Cell Tower Sectors

Cell towers typically split their send/receive antennas into three sectors of 120 degrees to provide a 360 degree coverage. These sectors are not hard and fast cut-off points. There is always some sector overlap, with each antenna effectively covering around 180 degrees, albeit at a lower signal strength for a given distance from the tower. Overlaps also occur with coverage provided by adjacent towers. The overlaps help the Cell Tower to hand over the user’s mobile phone connection to an adjacent sector or new tower as its received signal varies or congestion occurs.

Cell Tower data used in court will typically consist of the Lat and Long of the Tower and the 120 degree sector that the phone was communicating with on the tower. This can result in a very large area where the phone is potentially located.

In Metro and suburban areas, the tower coverage will overlap with several adjacent towers’ coverage. Typically, the phone will link with the tower with the strongest signal. However, congestion, maintenance, or other signal blocking structures can result in the phone connecting with another nearby tower of lesser signal strength. This can result in a skewed assumed location based on the position of the tower providing the service.

Distance from Tower to Mobile Phone

The received power levels of the phone the tower connected with can assist in estimating the phone’s distance from the tower. However, many factors such as terrain, weather, state of tower maintenance etc. can impact on the accuracy of the power readings.

The round trip time from tower – phone – tower (known as Time Difference of Arrival or TDOA) for any adjacent towers within range can provide an accurate distance from each tower to the phone within their 120 degree sector. Where the sector line cross for the TDOA values of serveral towers a Circular Error of Probability (CEP) can be calculated or estimated. However, TDOA information is rarely provided in prosecution’s evidence as it is usually only available if the service provider is given notice of the requirement to collect such data under a warrant.

Cell Tower Coverage

Congested city cell tower coverage can result in towers on every city block each with an operating range of up to 1.6km. Suburban towers are usually at least several kilometres apart and typically operate up to 6km. Country towns may have only one central cell tower that may operate up to the maximum range of 35km.

Cell tower dead spots and reception areas.
Cell Tower Antenna Downtilt Angle

Factors Affecting Cell Tower location data

  • Single tower sector location vs phone communicating with several towers.
  • Transmit power of tower or maintenance mode.
  • Tower congestion hand-off.
  • If a phone is located too close to a tower i.e. within the inner radius of the beam, false power level readings and or connection to a neighbouring tower can result.

Accessing Accurate Geolocation Data

Mobile phones fitted with GPS receivers began in 1999/2000, around the time the US turned off Selective Availability of accurate GPS data. Almost all mobile phones today come with GPS receivers and mapping applications. Almost all applications installed on a mobile phone access the GPS location data in order to provide a claimed better service to the user.

Any movement of the mobile phone is recorded by inbuilt multi-axis motion sensors and accelerometers that trigger the phone to record and save the phones movements, speed and direction, elevation and geolocation. This data is typically sent off to the user’s Google Account Location, Web activity and YouTube search records.

The Google Activity records can be a treasure trove of information, providing highly accurate and detailed geolocation and web activity data.