Project Introduction

What Waze is

From a first glance, Waze, now owned by Google (isn’t everything?) might look like a typical GPS application. From one perspective it is. It offers your average garden variety GPS features. From favorite locations, to restaurants, to even cheapest gas prices in the area, Waze just seems like another typical GPS app.  However, dive a little deeper and you begin to see that Waze is much more. Waze is an entire community of users.  Waze gives the user the ability to communicate with other “Wazers” through a variety of methods such as direct messages. 

Map Chat Feature 

Here is a list of some of the other features that are available on the Waze App.

• Native Group Forums
• Pick Up (allows a user to text or email another Wazer their location to get “picked up”)
• Save Parking Location  (friends on Waze can see where you parked)
• Link to Facebook, Twitter, and FourSquare.
• Drive Sharing (watching other Waze Friends drive to a location)
• Map Chat and direct messages  
• Picture Taking (Built in Camera) 

As their motto goes, the goal of Waze it to outsmart traffic together. Users can post where they have seen accidents, slow roads, construction, or even where speed cameras and police are located.

Waze and Forensics

So why is Waze forensically relevant?  All these features, all this data. To an average user

Waze is a great way to combine communication and navigation. But from a forensic perspective it could be a potential goldmine of hidden, critical information. This is where my capstone comes in. Is all this data retrievable? I certainly hope so!

The amount of data, and therefore the amount analysis required for this the App is extensive. To make this project feasible in the amount of time I have, I decided to solely focus on data that I believe could impact a digital forensic investigation. I have broken up the potential artifacts into five main categories

• Artifacts relating to the GPS functionality.
• Artifacts relating to unique Waze features found on the device
• Web Browser History (my Waze profile online)
• Social Media data (Waze links to FB, Twitter and FourSqaure)
•  SMS and Email Artifacts relating to Waze.

Direct Message Feature

To  accomplish this I will be generating data using a mobile phone. The mobile phone I have selected is the Android LG Optimus F7 running Jellybean 4.1 which was bought specifically for this project and will only be used when generating Waze evidence.

Questions to be answered

This project will be focused around a few main questions.

• Can I forensically uncover any data?
• Is there any recoverable deleted data?
• Can I create a timeline of events based on GPS coordinates or timestamps?
• Is there any data stored in memory? (Live routes or shared drives?)

Tools

Although I have not finalized the tools I plan on using to uncover this data, currently I plan at least using the following:

• Cellebrite UFED touch
• XRY
• Volatility
• Oxygen Forensic Suite

Over the next few weeks I will begin to create the evidence on the mobile device. My plan is to create evidence based on each category and then analyze the data for that category before moving on to the next.

If you would like to read more about Waze in the meantime here is a link to their manual.

https://www.waze.com/wiki/Waze_Version_3.5

David Storozuk's Waze Forensic Blog

Hello and welcome to Waze Forensics! 

As a digital forensic senior at Champlain College , my capstone project requires me to choose a topic that has yet to be researched within the digital forensic community. 

As part of this project, I will be blogging about the progress I make uncovering artifacts relating to Waze.To stay up to date on my blog, you can follow me on Google + or Twitter.