Digital forensics on automotive infotainment systems
It contains tons of historical data that can be useful in a after-crash analysis
The current generation of automotive infotainment and telematics systems is very powerful, and offers a large set of features, like:
- Digital radio
- Satellite (GPS) navigation
- Bluetooth connectivity with mobile phones
- Audio player
- Mobile Hotspot for Internet access
- Satellite TV tuner
- Parking cameras
- Screen mirroring of mobile devices on the car’s larger touchscreen
Recently i have read a really interesting article on Sans DFIR (SANS Digital Forensics and Incident Response) which deals with forensics analysis on infotainment systems.
In the article, Paul Henry first raises an interesting point:
As automotive infotainment and telematics systems evolve and become more powerful, the value of the historical data they contain from an evidence perspective grows as well.
Beware of what you sell on bay!
Paul bought on Ebay two infotainment systems recovered by wrecked vehicles, and uses that for testing the forensics tool.
The information that has been recovered has really interesting and accurate:
Once extraction has completed, analysis can be performed, and reports can be generated. iVe’s data export functionality supports .csv, tab-delimited, and .kml for GPS data, and reports can be exported in HTML or PDF format.
Some hightlights from the report
- Automotive infotainment systems are not Crash Data Recorders: in a CDR, safety sensor data such as brake position, speed, steering wheel position and airbag deployment is recorded at high frequency but only for a matter of seconds before the crash.
In an infotainment system data are collected from primarily non-safety related components and can show the longer term driving habits of the vehicle’s driver.
- No crash data but tons of historical data that can potentially show details of driver’s habits prior to a crash
- Your “mileage may vary” as to exactly what can be recovered, partially depending on how the vehicle was used and what features and actions the occupant(s) employed
- There is no clearly defined data standard for vehicle infotainment and telematics systems
- “Very much like the early days of mobile device forensics”
For further technical informations i highly recomend the reading of the original article: