This paper by NATO CCDCOE Researchers Lukas Bortnik and Artūrs Lavrenovs was presented at the 11th EAI International Conference on Digital Forensics & Cyber Crime (EAI ICDF2C 2020) in October 2020.
This paper introduces a non-intrusive analysis method which will extend the range of known techniques to determine a possible cause of driver distraction. The most common activities such as calling or texting can be identified directly via the user interface or from the traffic metadata acquired from the Internet Service Provider (ISP). However ‘offline activities’, such as a simple home button touch to wake up the screen, are invisible to the ISP and leave no trace at the user interface. A possible way to detect this type of activity could be analysis of system level data.
All Android dumpsys services are examined to identify the scope of evidence providers which can assist investigators in identifying the driver’s intentional interaction with the smartphone. The study demonstrates that it is possible to identify a driver’s activities without access to their personal content. The paper proposes a minimum set of requirements to construct a timeline of events which can clarify the accident circumstances. The analysis includes online activities such as interaction with social media, calling, texting, and offline activities such as user authentication, browsing the media, taking pictures, etc. The applicability of the method are demonstrated in a synthetic case study.
Published by Springer International Publishing in Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, the book of Digital Forensics and Cyber Crime, subtitled “11th EAI International Conference, ICDF2C 2020, Boston, MA, USA, October 15-16, 2020, Proceedings”.
Keywords: digital evidence, mobile forensics, car accident, driver’s distraction, Android dumpsys