Vehicle Forensics Blog 24 August 2017
Sun, wine and good food are great catalysts for the mind and soul. This well-being was quickly tempered by the prospect of thirteen-hour drive back to Bedfordshire from Provence. However, this journey allowed my attention to return to the day job and current project “Develop a credible and useful vehicle forensics capability”.
Welcome to my new weekly blog where I will discuss the challenges, discoveries and successes in vehicle forensics.
Over the years 4Secure have recognised the needs of professional investigators, in both criminal and corporate spheres of obtaining potentially crucial data from a diverse range of sources. Vehicles are key enablers of many crimes and the potential data that could be derived is theoretically limitless….
Well, that’s the sales pitch done, what are the realities involved?
Diversity is not always good
The main challenge in providing an effective vehicle forensics solution is the sheer breadth of manufacturers. Up to July 2017, vehicles registered in the United Kingdom (161,997) were composed of 42 different brands. Whilst some technology is shared (Volkswagen Audi Group, Fiat Chrysler) we have found that even amongst the same brand and even model the technology used can differ. It is not just the hardware that is different, operating systems vary considerably too. With two similar models from the same manufacturer, even though the user experience can seem identical, the way the operating system has been configured is very different. Other factors can include regional variation, mid-life updates, etc.
Get your bits out
With this diversity, the ways and means of extracting data required is equally varied. Attempting a Cellebrite-type one box solution is currently not an appropriate extraction method. We have to employ the full raft of forensic techniques to acquire the data – from a simple network connection, through to chip-off. Clearly, we need to be as non-destructive as possible but sometimes it is unavoidable (although most of the vehicles I see are write offs).
Go on then, prove it!
Acquiring the data is the easy bit. Identification, analysis and reporting on the data obtained is a bit more of a challenge, but not impossible.
In the standard digital forensics arena of PC’s and mobile devices, verification of data by using sample devices was a straightforward process;
- Talk the budget holder into buying an identical device
- Carry out a documented set of processes and actions
- Verify the effects on the device
As a persuader, I can usually talk the budget holder into a £500 smartphone or even a £900 laptop. Not so easy if I want to purchase say, a £149k Audi R8? (Or even an £8k Peugeot 108 to be fair).
With the lack of verification how would this stand up in a Court of Law? Does this mean that any data of evidential significance, would only be fit for intelligence purposes? One of the key areas we are looking at is how to provide a robust, but cost-effective means of verifying the extracted data.
Now for the good news
The question that all customers want answering is: What information can you give me?
As always in digital forensics the key response is: It depends on…
Even after taking into account the differences in applied technology, the actual data that is stored varies dramatically. For example, one model may provide data, with geo-location coordinates, of events such as doors opening; gearbox placed into park; when the infotainment unit was last rebooted; details of mobile devices connected; library of music that was played. Another vehicle by the same manufacturer will provide Bluetooth details of mobile phones attached. That’s it. One of the developments we are working on is to provide the investigator with a clear matrix that shows the data that can be extracted from that particular vehicle.
We also, with our strong links within the law enforcement community are focussing our efforts on vehicles that are more likely to be used in crimes (not many big-time gangsters drive Dacia Dusters). This smart research strategy will bring a more appropriate portfolio of vehicles to the investigator.
Thanks for your time
Thank you for taking the time to read through this blog. I’ll be updating this on a weekly basis with the good, the bad and the ugly of our work so please keep tuned!
If you have any comments or would like to find out more please use the contact form below.
Now, where are the keys to my business development director’s AMG 63?
Head of Digital Forensics
T: 0800 043 0101