Digital Evidence of...
 
Notifications
Clear all

Digital Evidence of Vehicles

9 Posts
9 Users
0 Likes
1,224 Views
(@bntrotter)
Posts: 63
Trusted Member
Topic starter
 

My Lab is looking into Digital Evidence of Vehicles. Mainly looking at onboard GPS data, media console data, wifi connectivity, Onstar connectivity, and any vehicle blackbox data (such as speedometer data, ignition times, airbag deployment times…). And came across Berlo and their products. Any feedback on their product?

Just curious, is there any success in getting data from vehicles into Encase or FTK, and it being decoded?

Are there any other forensic products on vehicle data extraction.

 
Posted : 29/01/2015 1:16 am
(@ashishsingh)
Posts: 29
Eminent Member
 

My Lab is looking into Digital Evidence of Vehicles. Mainly looking at onboard GPS data, media console data, wifi connectivity, Onstar connectivity, and any vehicle blackbox data (such as speedometer data, ignition times, airbag deployment times…). And came across Berlo and their products. Any feedback on their product?

Just curious, is there any success in getting data from vehicles into Encase or FTK, and it being decoded?

Are there any other forensic products on vehicle data extraction.

Hi,

After viewing your post, I felt too curious to have a discussion with you on the same.

As you are talking about extracting the "Digital Evidence of Vehicles", I guess we can find some independent solutions that may prove to be fruitful.

Let me mention one of them -

GPS Evidence - Theoretically, GPS evidence can be categorizedinto two main areas -
• System Level Info such as Trackpoint and Track Log.
• User Data such as Waypoint and Route.

The most common and preferable GPS devices that can be used are Automotive and Handheld (one of my favorite).

Coming to the second part of the discussion, so far, as much as I have used Encase and FTK imager tools, I believe that they are dedicated tools for Digital Investigations of digital devices. I am pretty sure that in respect to vehicles, we can make use of them in a limited fashion (or should I say negligible).
Please let me know if you find any detailed info related to this.

Thanks and Regards

 
Posted : 29/01/2015 10:00 am
CopyRight
(@copyright)
Posts: 184
Estimable Member
 

Car Forensics

I once opened a similar topic, you might find it useful..

 
Posted : 29/01/2015 10:58 am
(@unicron)
Posts: 36
Eminent Member
 

As you're based in the US, you may want to take a look at the Bosch CDR (Crash Data Retrieval) kit http//www.boschdiagnostics.com/testequipment/cdr/Pages/CDRHome.aspx

This kit can help you extract a lot of the 'Black Box' information you listed, such as airbag deployments, speedometer data etc. I believe there is also training available.

 
Posted : 29/01/2015 2:54 pm
(@cmcgee)
Posts: 2
New Member
 

Apologies for being "late to the party" as it were. I just wanted to let the OP and any other interested parties know that Berla's tools can recover most of the data mentioned.

For an embedded system, iVe (hardware/software forensic solution) can pull things like user data from connected devices, navigation data (including track logs, routes, waypoints, etc), and some vehicle event logs.

For handheld/maritime/aviation GPS devices, Blackthorn is extremely helpful. I just wanted to put that out there in case there are any more questions on the topic.

https://berla.co/products.html

 
Posted : 27/07/2015 11:09 pm
(@kbertens)
Posts: 88
Trusted Member
 

Indeed Berla should do the job for US cars, not much support for EU cars but they r working in it.

Another option you will find in JTAG / chipoff of navigation system. They mainly run a Filesystem not supported by Encase/FTK.
A common FS is QNX for example.

 
Posted : 28/07/2015 11:59 am
(@baywolf88)
Posts: 3
New Member
 

Got a request to look into auto forensics recently on an Audi A7. Berla currently does not support Audi. I reached out to Audi directly and received this reply

Thank you for the clarification in your inquiry. Ultimately you are seeking vehicle data information we do not have access to. The information you are seeking and any potential information that is stored with the vehicle would be proprietary information. Our center would not be able to further assist you with obtaining this information or offering suggestions for this type of assistance. I apologize I cannot assist you further.

Has anyone out there had recent success with auto forensics outside of Berla? They seem to be the go to brand years after this thread was started.

 
Posted : 13/01/2017 12:50 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

You might try CAN-Pick

https://cansecwest.com/slides/2017/CSW2017_MinruiYan-JianhaoLiu_A_visualization_tool_for_evaluating_CAN-bus_cybersecurity.pdf

 
Posted : 20/05/2017 2:55 pm
(@dthomas946)
Posts: 1
New Member
 

Bosch CDR handles certain models of the A7 and only certain events. But you can get at least some information.

https://www.boschdiagnostics.com/cdr/

Click on current release and the select the supported vehicle list

 
Posted : 24/05/2017 5:37 pm
Share: