Geolocation: A Look at Sensorvault

Geo-fence warrants are not unusual when law enforcement agencies are looking for a person or persons for a particular crime. As the name suggest, these warrants require companies to provide GPS data for their subscribers when receiving a lawful request. Senorvault, a code name for a database used within Google, provides these data across every user using Google's Location History.

Location History was launched in 2009 and described on Google's Mobile Blog:

Whether you're taking a road trip across the country, backpacking across Europe, or just going out for a night on the town, it's fascinating to look back at where you went, and for how long you stayed.

However, law enforcement taps into this seemly private user data where every movement is tracked.

New York Times wrote an article which dealt with a case on Arizona where Jorge Moline was pegged at a crime scene of a murder. The article points out seriously point:

The Arizona case demonstrates the promise and perils of the new investigative technique, whose use has risen sharply in the past six months, according to Google employees familiar with the requests. It can help solve crimes. But it can also snare innocent people.

It took nearly a week for investigators to realize Mr. Moline was innocent. Investigators found that his mother's ex-boyfriend sometimes used his car which was seen in security camera footage.

New York Times's article also goes into depth on how these technology is used with a warrant. Although, you should read the full article. There are two take a ways from the article about how these warrants are handled:

The initial data set handed to law enforcement with anonymized information for Google's user.

After law enforcement filters the data points, GPS data, into a much smaller subset of phones, Google, then, provides the customer's information including email addresses, name, and other information for each device.
People freak out about the data collection which is something everyone should be worried about (see. here, here); at the same time, Google does take some cautions when providing information to law informant. Of course, those users who do not want to be tracked can always stop Google's Location tracking.

Question: how is this data stored on our mobile devices? Sensorvault does not just store GPS map points but also WiFi networks and Bluetooth information. Jessica Hyde and Tarah Melton of Magnet Forensics recent did a webinar (Google, Where Do You Store Data? Analysis of Data Storage Between Android and Google Takeout) on Google account information on where Google stores information between Android devices and Google Takeout. Taken together, data can be find in difference places but never in a single place. Jessica's thought on the subject was it was stored on the device until sync'd to Google's server. This leads to follow up question: does this information only reside in place before sync or after sync?

If there was some kind of database which might hold all this data, it could really be interesting for forensics and possible incident response.