Log Your Car:The Non-invasive Vehicle Forensics

Digital forensics is becoming an important feature for many embedded devices. In automotive systems, digital forensics involves multiple electronic control units (ECUs) used to support the connected and intelligent vehicle’s technology. Digital evidence from these ECUs can be used in forensics investigation and analysis. Such a mechanism can potentially facilitate crash investigation, insurance claims and crime investigation. Issues related to forensics include the authenticity, integrity and privacy of the data. In this paper, the security of the forensic process and data in automotive systems is analysed. We propose an efficient, secure, privacy-preserving and reliable mechanism to provide a forensics data collection and storage process. A diagnostic application for smart phones, DiaLOG, is incorporated in the proposed process that uses a secure protocol to communicate the collected forensic data to a secure cloud storage. The proposed protocol for communicating forensic data is implemented to measure performance results and formally analysed using Scyther and CasperFDR with no known attack found

Forensic analysis of computer evidence

Digital forensics is the science involved in the discovery, preservation, and analysis of evidence on digital devices. The end goal of digital forensics is to determine the events that occurred, who performed them, and how were they performed. In order for an investigation to lead to a sound conclusion, it must demonstrate that it is the product of sound scientific methodology. Digital forensics is inundated with many problems. These problems include an insufficient number of capable examiners, without a standard for certification there is a lack of training for examiners and current tools are unable to deal with the more complex cases, and lack of intelligent automation. This work perpetuates the ability of computer science principles to digital forensics creates a basis of acceptance for digital forensics in both the legal and forensic science community. This work focuses on three solutions. In terms of education, there is a lack of mandatory standardization, certification, and accreditation. Currently, there is a lack of standards in the interpretation of forensic evidence. The current techniques used by forensic investigators during analysis generally involve ad-hoc methods based on the vague and untested understanding of the system. These forensic techniques are the root of the significant differences in the testimony conducted by digital forensic expert witnesses. Lastly, digital forensic expert witness testimony is under great scrutiny because of the lack of standards in both education and investigative methods. To remedy this situation, we developed multiple avenues to facilitate more effective investigations. To improve the availability and standardization of education, we developed a multidisciplinary digital forensics curriculum. To improve the standards of forensic evidence interpretation, we developed a methodology based on graph theory to develop a logical view of low-level forensic data. To improve the admissibility of evidence, we developed a methodology to assign a likelihood to the hypotheses determined by forensic investigators. Together, these methods significantly improve the effectiveness of digital forensic investigations. Overall, this work calls the computer science community to join forces with the digital forensics community in order to develop, test and implement established computer science methodology in the application of digital forensics