Navigating the Sands of Cyber Time: Ensuring a Secure Future for Autonomous Vehicles with Digital Forensics!

In this exhilarating age of autonomous vehicles revolutionizing our daily lives, the crucial role of Advanced Digital Forensics in ensuring safety and security cannot be overstated.

The automotive industry has faced numerous challenges with connected & autonomous vehicle vulnerabilities, highlighting the urgency for brassbound cybersecurity measures.

As we navigate this dynamic landscape, the fusion of Digital Forensics and cutting-edge technology will drive a secure and reliable future for our highly Interconnected & Automated transportation systems!

For example

• A widely publicized SUV incident saw researchers exploiting a weakness in the infotainment system to remotely hijack control systems. This highlighted the potential for accidents, unauthorized access to sensitive information, and eroded consumer trust.
• The vulnerability of the South Korean Twin OEM’s vehicle theft scenarios demonstrated the importance of robust physical and digital security. The ease of theft due to design flaws may lead further to damages such as loss of personal belongings in the vehicle, increased insurance premiums for other customers of the OEM (?!), attempt towards Secondary criminal activities, and Brand reputation among others.
• In another case, a luxury electric car experienced a cyberattack targeting its onboard computer, granting unauthorized access to its control systems. This posed risks to passenger safety, privacy, and brand reputation.
• A study by the NCC Group revealed that various parking applications suffered from security vulnerabilities, including weak encryption and unsecured storage of user data. This potentially exposed sensitive user data, such as credit card details and passwords.

These incidents underscore Digital Forensics’ critical role in detecting, preventing, and responding to cyber threats in our interconnected automotive landscape.

As we continue to navigate this evolving era of transportation, Digital Forensics serves as a bridge between past experiences and future advancements, contributing to a safer and more secure world for autonomous vehicles and their passengers.

• What if you find a USB cable lying on the vehicle’s floor mat that we don’t recognize?
• What if an unknown USB stick is left connected to the in-vehicle infotainment system?
• What if the Security camera footage of the exact zone is missing for the same duration as the incident?
• How can we find electronic traces of external tools, that were previously connected with the vehicle network or systems?
• If the incident was the result of another Autonomous or Non-Autonomous Vehicle malfunctioning and our vehicle was the one that suffered, could the data gathered from our vehicle be useful if we don't have access to information about the surrounding environment from the scene?!

This is where Crime-scene & Digital Forensics Techniques can help us out!

Solving Crimes with Science: An Ancient Greek Goldsmith Case Study!

The field of forensic science has a long history dating back to the ancient Greeks and Egyptians, who used fingerprints and other physical evidence to solve crimes.

Let’s read through a very fascinating case from ancient Greece where forensic evidence played a critical role.

The story goes that the goldsmith was suspected of stealing some of the gold from the crown and replacing it with an equal weight of silver. The Hiero II of Syracuse approached Archimedes, who was known for his knowledge of mathematics and science, to help solve the problem!

Archimedes came up with a brilliant solution!

He realized that by using water displacement, he could determine the volume of the crown and therefore determine whether it was made entirely of gold or if some silver had been added!

He filled a container with water and placed the crown in it, measuring the amount of water that was displaced. He then repeated the process with a piece of gold that weighed the same as the crown and found that the amount of water displaced was less than that of the crown.

This proved that the Goldsmith had indeed cheated the king (Hiero II of Syracuse) by adding some silver to the crown!

This case is notable for several reasons!

• Firstly, it shows the importance of forensic evidence in solving crimes, even in ancient times.
• Secondly, it demonstrates the power of scientific methods in solving problems.
• And thirdly, it highlights the genius of Archimedes, who is considered one of the greatest mathematicians and scientists of all time!

“Give me a lever long enough and a fulcrum on which to place it, and I shall move the world” - Archimedes

Archimedes' quote about the lever and the fulcrum is often used to illustrate the power of tools and technology in solving problems, but it's important to remember that ‘Knowledge’ and ‘Critical thinking’ are just as important as these tools – Sometimes the evidence would be right under our nose or hidden in the plain sight & would be waiting for us to figure out!

Modern-day problems require modern solutions!

As vehicles become more sophisticated, Digital Forensics has become essential in addressing the unique challenges that connected and autonomous vehicles present!

This includes analysing data from various sources such as onboard computers, sensors, GPS, and communication systems to uncover crucial evidence for investigations.

Digital forensics experts must adapt their methods to effectively handle the complex and vast amounts of data generated by these vehicles.

By leveraging cutting-edge tools and techniques, digital forensic analysts can provide crucial insights to law enforcement and manufacturers, ensuring that cybersecurity threats are detected and mitigated and that safety and security remain a top priority in the rapidly evolving world of automotive technology.

Now let’s take a dive into how a Digital Forensic analysis of Modern Automotive Incidents may look like!

Forensic Analysis Steps for Modern Automotive Incidents (Just a tip of the iceberg!)

Step 1: Identify relevant evidence

"In God we trust, all others must bring data." - W. Edwards Deming (American Engineer, also known for PDSA, total quality management, quality control). They say faith can move mountains, but it's data that tells us which mountains to move in the first place!

Determine the type of incident (e.g., cybersecurity breach, software malfunction, or vehicle collision). Identify potential evidence sources:

• Cybersecurity breach: Examine network logs, intrusion detection system alerts, and vehicle communication data
• Software malfunction: Analyze software logs, diagnostic data, and firmware updates
• Vehicle collision: Review sensor data (e.g., cameras, LiDAR, radar), GPS data, and driver behaviour data

Look for patterns or anomalies in the collected data that may indicate the root cause of the incident.

Step 2: Capture and preserve identified evidence

• Create a forensic image of the vehicle's onboard storage, maintaining a proper chain of custody. Example: Use a write-blocking device to create a bitwise copy of the vehicle's various storage drives, preserving its original state
• Document the vehicle's network connections and communication logs, then "disconnect it from the network" to prevent remote tampering (Highly critical!)

It's important to be aware that the attacker may still be monitoring the vehicle using on-board cameras, so care must be taken when approaching the vehicle. This is because the attacker could potentially delete evidence from a remote location without being physically present.

Step 3: Evidence analysis

"The more data, the better. It's like having superpowers." - Matt Mullenweg (CEO, Automattic). We must also be mindful of the responsibility that comes with this power, as the decisions we make based on this data can have far-reaching consequences.

• Examine collected evidence, leveraging both manual and automated analysis techniques. Example: Use data visualization tools to identify patterns in sensor data during a collision, or employ machine learning algorithms to detect anomalies in software logs
• Correlate evidence across multiple sources to build a comprehensive understanding of the incident. Example: Cross-reference GPS data with other vehicle sensor data to validate the accuracy of reported events.
• Generate metadata, such as categorizing, indexing, and hashing evidence, to facilitate further analysis and reporting.

Step 4: Report visualization

"The purpose of visualization is insight, not pictures." - Ben Schneiderman (Founding Director: Human-Computer Interaction Lab). By using visualization techniques to gain a deeper understanding of cause-and-effect relationships, we may just be able to avoid falling into a parallel universe to catch the criminals!

• Summarize the findings, highlighting key evidence and drawing conclusions about the root cause of the incident. Example: Create a visual timeline of events leading up to a vehicle collision, indicating the role of each piece of evidence
• Present the results in a clear and concise format, ensuring that the report is accessible to both technical and non-technical audiences. Example: Use charts, graphs, and other visual aids to help convey complex data or relationships between evidence.

From Road to Bytes - The Crucial Role of Digital Forensics in Modern Automotive Incident Analysis

In some cases, the data collected by autonomous vehicles may not be sufficient to provide a complete understanding of a particular incident. This is where the power of forensic techniques can make a significant impact!

In investigating incidents involving connected and autonomous vehicles, a combination of crime-scene and digital forensics techniques is crucial!

These methods encompass vehicle inspection, component analysis, and accident reconstruction, as well as the examination of onboard computers, sensor data, GPS information, telematics, and software vulnerabilities. This comprehensive approach ensures a thorough understanding of the incident and identifies potential causes or contributing factors. Let’s uncover them in detail.

Crime-scene Forensics Techniques (and lots of other techniques exists!)?

• Vehicle inspection: Examine the exterior and interior of the vehicle for signs of damage or tampering. Are there any traces of having tools connected with the Vehicle’s OBD port, or USBs to in-vehicle entertainment or other electronic systems within the vehicle? Has the in-vehicle Wi-Fi hotspot been brute-forced?
• Tire marks analysis: Assess tire marks at the scene to determine vehicle dynamics and movement prior to an incident. These marks can be used to verify the integrity of collected GPS data from the vehicle to understand whether both routes match each other!
• Paint and glass analysis: Analyse paint and glass fragments to identify potential points of impact or collision. Have the safety systems within the Autonomous vehicle performed their function of safeguarding the people within?!
• Component failure analysis: Evaluate mechanical and electronic components for signs of failure, defects, or wear - both regular & also abnormal events!
• Accident reconstruction: Use collected physical evidence to recreate the sequence of events leading up to an incident. This is a fascinating domain, we will see more about this in further sections! What kind of accident we are looking for - Rear-end, Frontal collision, Side collision, T-bone collision, Rollover collision, Single-vehicle collision, or Multi-vehicle collision?

Digital Forensics Techniques (and lots of other techniques exists!)?

The classic instruction says that highest volatile data must be collected first! And the order of securing digital data shall be purely on the order of its volatility & retention capability!

• Onboard computer (ECU data traces) analysis: Examine the vehicle's onboard computer for logs, error messages, and diagnostic data related to the incident.
• Sensor data analysis: Review data from various sensors (e.g., cameras, LiDAR, radar) to determine the vehicle's environment and behaviour during the incident. Unless the vehicle boasts of Event Data Recorder, we must take it for granted that the records are disintegrated already!
• GPS data analysis: Analyse GPS data to determine the vehicle's location, speed, and route during the incident but with a multi-perspective analysis such as cross verifying the records with security cameras on the scene, telemetry data collected at the Mobility Cloud, or triangulation of vehicle position derived from vehicle’s mobile network connected with!
• Telematics and communication log analysis: Investigate logs from the vehicle's telematics system and communication records to uncover potential cyberattacks or data breaches. This shall be the heart of the vehicle’s connected bloodstream and probably a digital gateway for attackers!
• Software and firmware analysis: Assess software updates, firmware versions, and potential vulnerabilities to identify any software-related issues that may have contributed to the incident. Has the software or firmware been altered?

If so, are there any digital signatures of the attackers left behind unknowingly like IP address, malicious SW tool signatures (SW tool signatures are typically generated using a public key infrastructure (PKI) and may include information such as the software tool's name, version number, and publisher) and others?

A Look into the Future of Crime Scene Reconstruction with LiDAR-Like Technology!

As the world becomes increasingly reliant on autonomous vehicles, the need for innovative crime scene reconstruction techniques has become paramount.

In a futuristic city, a deadly accident involving an autonomous vehicle has occurred, leaving authorities grappling for answers. Fortunately, the advancement of 3D laser scanning technology has given crime scene investigators a powerful tool to aid them in their investigations.

The use of 3D laser scanners (can be also called technically short-range LiDAR) has expanded the role of geospatial technology in criminal investigations, enabling investigators to produce accurate and feature-rich visualizations of crime scenes.

With the ability to capture large amounts of data quickly, investigators can create a complete 360-degree image of the scene in a matter of minutes.

This allows them to collect precise dimensions, evidence, and features that can be recorded for later analysis, enabling them to rebuild and reconstruct the crime scene.

The use of 3D scanning systems provides a powerful investigative tool, especially as legal systems grow more comfortable with high-tech evidence in courtrooms.

By capturing accurate locations of evidence, investigators can look for patterns or anomalies in the collected data that may indicate the root cause of the incident. With this technology, they can produce accurate, feature-rich visualizations that recreate the scene of the crime and put complex evidence into context.?

One of the most significant advantages of 3D scanning technology is the ability to allocate a coordinate to almost any object the laser hits, from bodies to blood splatter to bullet holes!

This enables investigators to document, analyse, and process evidence later as needed, and allows for the discovery of missed evidence or the consideration of collected evidence in new ways!

As geospatial technology continues to advance, it will undoubtedly play an increasingly crucial role in the field of crime scene reconstruction. The adoption of 3D scanning solutions is likely to become a standard forensic practice, providing investigators with a valuable tool to reconstruct crime scenes methodically and build stronger cases.

Soon, Automotive Forensic Labs and even Courtrooms may utilize this technology to bring the crime scene directly to those involved in the case digitally!

The Conclusion - Autonomous Vehicles and Forensic Science: A Vital Partnership in future!

Thus, by combining the data collected from Autonomous vehicles with additional data obtained through forensic investigations, investigators can gain a more comprehensive understanding of the incident.

For instance, a forensic examination of physical evidence such as tire marks, debris patterns, and damage to the surrounding environment can help provide a more accurate reconstruction of the incident.

This, in turn, can help investigators identify the root cause of the accident and potentially prevent similar incidents from occurring in the future.

Thus, as the use of autonomous vehicles continues to expand, the integration of crime-scene and digital forensics will be increasingly vital in ensuring public safety and justice!?

Digital forensics has the power to unlock hidden clues and data that traditional investigations cannot, making it an essential tool in the modern age of technology.

Image Credits

Midjourney v5

References

Remotely controlling TESLA via a backdoor found in the in-car Web browser https://www.theverge.com/2016/9/19/12985120/tesla-model-s-hack-vulnerability-keen-labs

NCC Group: Car Parking applications vulnerable to hacks https://research.nccgroup.com/2015/12/11/car-parking-apps-vulnerable-to-hacks/

South Korean OEM suffers Risk of car theft attempts, where attackers use USB Cable https://www.youtube.com/watch?v=W1UITjvr3Zo

3D Laser Scanning Technology for Forensics And Investigations https://redlaserscanning.co.uk/2022/02/23/top-5-benefits-of-laser-scanning-for-crime-scene/

Disclaimer

This article is a non-fiction work grounded in facts and figures, with the intent to provide clear insights into the automotive and cyber-physical systems and their integrities. Any similarities to actual events or individuals are purely coincidental. The non-fiction nature of this work does not imply or endorse any person(s) or organization(s) mentioned in the references section, either directly or indirectly.