A generalized approach to automotive forensics

In the past years, software became an essential topic in modern vehicles, e.g., with the rise of more and more complex driver assistance systems. The advent of automated driving will drive this trend even further. Today, accident investigation, as well as warranty claim analysis, need to take into consideration an analysis of the rapidly increasing proportion of software and security based implementations as part of modern vehicles, the so-called digital forensics. This paper evaluates the general feasibility of digital forensics on a state-of-the-art vehicle. To do so, we analyzed current digital forensics techniques on a state-of-the-art vehicle to constitute gaps in the automotive forensics process used on in-vehicle systems. We present a general process for automotive forensics to close existing gaps and implemented it on a state-of-the-art vehicle in an in-vehicle device manipulation scenario. The implementation uses the on-board diagnostics interface, the diagnostics over internet protocol, as well as the unified diagnostic services for communication. Our implementation requires automotive Ethernet at the diagnostic interface. Our research shows future directions for efficient automotive forensic as well as the exemplary feasibility of automotive forensic analysis on state-of-the-art vehicles without the need for additional in-vehicle components such as intrusion detection systems or event data recorders. (c) 2021 The Authors. Published by Elsevier Ltd.