Abstract
As more and more complex IT systems, modern automobiles increasingly bare safety and security risks – and have a growing relevance as sources of potentially valuable traces or evidence. But existing procedures and tools, which have proven so far in the field of IT forensics, mostly focus on desktop IT systems. However, strategies and tools for IT forensic investigations on embedded systems such as automotive IT networks increasingly come into the research focus.
Alongside a process model from an IT-forensics guideline by the German BSI, this article examines how incident investigations could be performed with a focus on automotive IT systems, e.g. to close weaknesses/vulnerabilities and increase the dependability/trustworthiness of future systems. On the example of route reconstruction in a hit-and-run scenario, appropriate strategies and tools for selected process steps are proposed. These are exemplarily illustrated by practical tests on real vehicle IT (especially CAN field bus and navigation systems) and applicable ways to route reconstruction are shown.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
SPIEGEL Online International: Autopsy Shows Haider Was Intoxicated, Web Article from (October 15, 2008), http://www.spiegel.de/international/europe/0,1518,584382,00.html (last access: March 2, 2012)
Nilsson, D.K., Larson, U.E.: Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks. In: Networking and Telecommunications: Concepts, Methodologies, Tools and Applications, pp. 647–660. IGI Global (2010) ISBN 978-1-60566-986-1
Biermann, M., Hoppe, T., Dittmann, J., Vielhauer, C.: Vehicle Systems: Comfort & Security Enhancement of Face/Speech Fusion with Compensational Biometrics. In: MM&Sec 2008 - Proceedings of the Multimedia and Security Workshop 2008, Oxford, UK, September 22-23, pp. 185–194. ACM (2008) ISBN 978-1-60558-058-6
Dittmann, J., Hoppe, T., Kiltz, S., Tuchscheerer, T.: Elektronische Manipulation von Fahrzeug- und Infrastruktursystemen: Gefährdungspotentiale für die Straßenverkehrssicherheit; Wirtschaftsverlag N. W. Verlag für neue Wissenschaft (2011) ISBN 978-3869181158
Grance, T., Kent, K., Kim, B.: Computer incident handling guide, special publication 800-61. National Institute for Standards and Technology, NIST Special Publication 800-61 (2004)
Casey, E.: Digital Evidence and Computer Crime. Academic Press (2004) ISBN 0-12-1631044
Federal Office for Information Security: Leitfaden IT-Forensik, Version 1.0.1 (March 2011), http://www.bsi.bund.de/ContentBSI/Themen/Cyber-Sicherheit/ThemenCS/IT-Forensik/it-forensik.html
Kiltz, S., Hoppe, T., Dittmann, J., Vielhauer, C.: Video surveillance: A new forensic model for the forensically sound retrieval of picture content off a memory dump. In: Proceedings of Informatik 2009-Digitale Multimedia-Forensik, pp. 1619–1633 (2009)
Kiltz, S., Hildebrandt, M., Dittmann, J.: Forensische Datenarten und -analysen in automotiven Systemen. In: Horster, P., Schartner, P. (Hrsg.) D·A·CH Security 2009, Syssec, Bochum, May 19-20 (2009) ISBN: 978-3-00027-488-6
Hoppe, H., Holthusen, S., Tuchscheerer, S., Kiltz, S., Dittmann, J.: Sichere Datenhaltung im Automobil am Beispiel eines Konzepts zur forensisch sicheren Datenspeicherung. In: Sicherheit 2010. LNI P, vol. 170, pp. 153–164 (2010) ISBN 978-3-88579-264-2
Hoppe, T., Kiltz, S., Dittmann, J.: Applying Intrusion Detection to Automotive IT – Early Insights and Remaining Challenges. Journal of Information Assurance and Security (JIAS) 4(6), 226–235 (2009) ISSN: 1554-1010
Hoppe, T., Exler, F., Dittmann, J.: IDS-Signaturen für automotive CAN-Netzwerke. In: Schartner, P., Taeger, J. (Hrsg.) D·A·CH Security 2011, Syssec, pp. 55–66 (2011) ISBN: 978-3-00-034960-7
Müter, M., Hoppe, T., Dittmann, J.: Decision Model for Automotive Intrusion Detection Systems. In: Automotive - Safety & Security 2010, pp. 103–116. Shaker Verlag, Aachen (2010) ISBN 978-3-8322-9172-3
Working state of a community-created CAN-ID matrix; forum discussion in the www.CANhack.de internet community, http://www.CANhack.de/viewtopic.php?t=1017 , (last access: February 29, 2012)
Rehse, T.: Semantische Analyse von Navigationsgeräten und Abgleich von Daten aus dem Fahrzeugbussystem mit dem Ziel der Rekonstruktion von Fahrtrouten für den IT-forensischen Nachweis. Master thesis, Otto-von-Guericke-University of Magdeburg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hoppe, T., Kuhlmann, S., Kiltz, S., Dittmann, J. (2012). IT-Forensic Automotive Investigations on the Example of Route Reconstruction on Automotive System and Communication Data. In: Ortmeier, F., Daniel, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33678-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-33678-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33677-5
Online ISBN: 978-3-642-33678-2
eBook Packages: Computer ScienceComputer Science (R0)