Automotive digital forensics through data and log analysis of vehicle diagnosis Android apps

Modern vehicles including smart cars have been equipped with many electronic devices such as electronic control units (ECUs), on-board diagnostics (OBD) systems, telematics and infotainment systems, gateways, sensors, etc. Because these devices create, transmit, and store a lot of digital data, modern vehicles are becoming key source of digital evidence in vehicular forensics. In addition, some dedicated mobile apps can capture driving and diagnostic data from a vehicle via a Bluetooth-enabled OBD-II scanner. In this paper, we propose a new process for effective automotive forensics. It collects and analyzes three different types of data left on an Android phone which has been connected to the OBD-II port of a vehicle via Bluetooth communication. The three types of data are OBD-II Android apps' data, Bluetooth HCI snoop log, and the main log buffer of the Android logging system. By analyzing them individually and integratedly, we find Bluetooth connection time, vehicle information, MAC address of the OBD-II scanner, vehicle velocity, sharp speeding event, sudden braking event, refueling event, and so on. We also construct a timeline of Bluetooth traffic and driving events through the timeline analysis, which can be used to determine the driver's behaviors in terms of vehicle forensics.