In the smart device IOS and Android, many applications will locate the user's current location, such as weather forecast, city greetings, map software, social networking software, most of these applications using GPS and LBS base station positioning, of course, is to take WiFi, A-GPS, GPS-one and other location. Mobile location data in the application of the local App location has been saved, and some may also be saved to the application of the cloud server. For mobile forensics, mainly from the local App file to extract geographic information.
GPS and LBS base station positioning is the main source of the mobile phone location data, according to different mobile phone applications, specific performance for a variety of different forms of mobile phone data source, the following 4 kinds of mobile phone positioning data source and analysis method:
1 simple XML
Simple XML, by the name of the field can be a clear analysis of latitude and longitude, latitude and time information. Figure, msc.lat latitude, msc.lng longitude, location_last_update is time (Unix time).
2.App log file
.log.Ini APP and other.Txt log files in the log data has a certain format, search and positioning data can be used to a certain algorithm of regular expression. As shown in Figure 2, GPS positioning data in the atitude latitude, longitude longitude.
3.Android device log.log log
Log.log log for the Android unique equipment log, containing the base station location data. Among them, the CellIdentityGsm field is the beginning of the base station information. CellIdentityGsm field content in the mMcc said the country code, Mnc identifies the network type, mLac identifies the location of the base station area code, mCid identifies the base station number.
DB database in IOS and Android applications, a large number of applications, DB database files used to store the basic parameters required to run the App and run the user settings need to save the data. Open the DB database file a record of the location data, the LOC field for the location data encryption abbreviation containing position information, the time field is Unix time stamp, after the decryption algorithm can obtain the latitude and longitude information.