Forensic investigation of vehicle-related data in Android phones connected to In-Vehicle Infotainment systems

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-05-24 DOI:10.1016/j.comnet.2025.111370

Seongbin Cho , Hojun Seong , Haein Kang , Seong-je Cho , BooJoong Kang

{"title":"Forensic investigation of vehicle-related data in Android phones connected to In-Vehicle Infotainment systems","authors":"Seongbin Cho , Hojun Seong , Haein Kang , Seong-je Cho , BooJoong Kang","doi":"10.1016/j.comnet.2025.111370","DOIUrl":null,"url":null,"abstract":"<div><div>As modern vehicles are popularly equipped with an In-Vehicle Infotainment (IVI) system, many drivers use the IVI system which provides various infotainment services to them while driving. In general, after connecting a driver’s smartphone to the IVI system via Bluetooth, WiFi, or USB, she or he can make phone calls, use short message service (SMS), perform media playback, and utilize navigation functions of the smartphone. As a result, various vehicle-related data can be stored in the smartphone linked to the IVI system. Therefore, it is possible to obtain digital evidence through forensic investigation of the smartphone if a suspect has used his or her smartphone while connected to a vehicle’s IVI system. In this paper, we propose a new forensic technique to collect and analyze Android log messages as well as Bluetooth HCI snoop log left on Android phones which have interacted with vehicles’ IVI system via Bluetooth. The Android log messages are stored in multiple circular buffers kept by the Android logging system. The Bluetooth HCI snoop log, a type of log file, is a record of all Host Controller Interface (HCI) commands and events transmitted through Bluetooth on an Android device. From the two forensic data sources, we have identified lots of digital artifacts including as MAC address of the connected vehicle, the vehicle information, the time when being connected and disconnected to a vehicle, phone call history, etc. We also analyze the differences of digital artifacts obtained from the Android log messages and the Bluetooth HCI packets. We finally construct a timeline of the examined driver’s behaviors and vehicle events in terms of vehicle forensics.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"268 ","pages":"Article 111370"},"PeriodicalIF":4.4000,"publicationDate":"2025-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625003378","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

As modern vehicles are popularly equipped with an In-Vehicle Infotainment (IVI) system, many drivers use the IVI system which provides various infotainment services to them while driving. In general, after connecting a driver’s smartphone to the IVI system via Bluetooth, WiFi, or USB, she or he can make phone calls, use short message service (SMS), perform media playback, and utilize navigation functions of the smartphone. As a result, various vehicle-related data can be stored in the smartphone linked to the IVI system. Therefore, it is possible to obtain digital evidence through forensic investigation of the smartphone if a suspect has used his or her smartphone while connected to a vehicle’s IVI system. In this paper, we propose a new forensic technique to collect and analyze Android log messages as well as Bluetooth HCI snoop log left on Android phones which have interacted with vehicles’ IVI system via Bluetooth. The Android log messages are stored in multiple circular buffers kept by the Android logging system. The Bluetooth HCI snoop log, a type of log file, is a record of all Host Controller Interface (HCI) commands and events transmitted through Bluetooth on an Android device. From the two forensic data sources, we have identified lots of digital artifacts including as MAC address of the connected vehicle, the vehicle information, the time when being connected and disconnected to a vehicle, phone call history, etc. We also analyze the differences of digital artifacts obtained from the Android log messages and the Bluetooth HCI packets. We finally construct a timeline of the examined driver’s behaviors and vehicle events in terms of vehicle forensics.

查看原文本刊更多论文

对连接车载信息娱乐系统的Android手机中与车辆相关的数据进行取证调查

随着现代车辆普遍配备车载信息娱乐系统，许多驾驶员使用车载信息娱乐系统在驾驶过程中为他们提供各种信息娱乐服务。一般情况下，驾驶员将智能手机通过蓝牙、WiFi或USB连接到IVI系统后，可以拨打电话、使用短信息服务（SMS）、播放媒体、使用智能手机的导航功能。因此，各种车辆相关数据可以存储在与IVI系统相连的智能手机中。因此，如果嫌疑人在连接车辆IVI系统的情况下使用智能手机，就有可能通过智能手机进行法医调查，获得数字证据。在本文中，我们提出了一种新的取证技术，用于收集和分析通过蓝牙与车辆IVI系统交互的Android手机上留下的Android日志消息以及蓝牙HCI窥探日志。Android日志消息存储在多个循环缓冲区中，由Android日志系统保存。蓝牙HCI窥探日志是一种日志文件，记录了Android设备上通过蓝牙传输的所有HCI （Host Controller Interface）命令和事件。从两个取证数据源中，我们识别出了大量的数字文物，包括连接车辆的MAC地址、车辆信息、连接和断开车辆的时间、电话记录等。我们还分析了从Android日志消息和蓝牙HCI数据包中获得的数字伪像的差异。最后，我们根据车辆取证构建了被检查驾驶员行为和车辆事件的时间轴。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.