- The collection and analysis of potential evidence in digital forensic investigations is a challenging task that made its arrival in the automotive domain. It is accompanied by increasingly complex in-vehicle components with high diversity in used technologies and a wide range of external interconnections — which raises the question of what sources of information in which formats are even available for any analysis.
The main contribution of this paper is an answer to this question as well as a cross-domain methodology to validate the completeness of the results in a structured way. We introduce a three-step process. It starts with a brainstorming session to create an initial basis of knowledge in a specific area of research. In a second step, system archaeology analyses are employed to establish an advanced knowledge base stemming from design documents and similar resources. The second step widens and deepens the knowledge and provides means to evaluate the quality of the brainstorming session results. The third step establishes expert analyses.
Relevant automotive digital forensics stakeholders (e.g., OEMs, suppliers, etc.) were interviewed to collect information from expert groups and evaluate both initial phases. Based on this analytical, syntactic, inductive, and systematic research method, we offer a complete perspective for a specific area of research.
The presented methodology is implemented to identify a complete set of data formats in automotive digital forensics. We conducted an online survey to evaluate data formats and tools in digital forensics with 56 experts participating and identified a total of 60 different data formats used in this domain.