Forensic investigation of vehicle-related data in Android phones connected to In-Vehicle Infotainment systems
Forensic investigation of vehicle-related data in Android phones connected to In-Vehicle Infotainment systems
As modern vehicles are popularly equipped with an In-Vehicle Infotainment (IVI) system, many drivers use the IVI system which provides various infotainment services to them while driving. In general, after connecting a driver’s smartphone to the IVI system via Bluetooth, WiFi, or USB, she or he can make phone calls, use short message service (SMS), perform media playback, and utilize navigation functions of the smartphone. As a result, various vehicle-related data can be stored in the smartphone linked to the IVI system. Therefore, it is possible to obtain digital evidence through forensic investigation of the smartphone if a suspect has used his or her smartphone while connected to a vehicle’s IVI system. In this paper, we propose a new forensic technique to collect and analyze Android log messages as well as Bluetooth HCI snoop log left on Android phones which have interacted with vehicles’ IVI system via Bluetooth. The Android log messages are stored in multiple circular buffers kept by the Android logging system. The Bluetooth HCI snoop log, a type of log file, is a record of all Host Controller Interface (HCI) commands and events transmitted through Bluetooth on an Android device. From the two forensic data sources, we have identified lots of digital artifacts including as MAC address of the connected vehicle, the vehicle information, the time when being connected and disconnected to a vehicle, phone call history, etc. We also analyze the differences of digital artifacts obtained from the Android log messages and the Bluetooth HCI packets. We finally construct a timeline of the examined driver’s behaviors and vehicle events in terms of vehicle forensics.
Android, Bluetooth HCI snoop log, Digital forensics, In-Vehicle Infotainment, Log message
Cho, Seongbin
2f6b0c5c-c1df-48a6-82d1-447a03e55203
Seong, Hojun
194ee632-8c66-44f3-8eca-a1bb7a7f88f2
Kang, Haein
397d442a-cd45-4f28-8220-d8d2056d6f01
Cho, Seong-je
1c127302-2036-439b-a3c3-f97b710d8ea6
Kang, Boojoong
cfccdccd-f57f-448e-9f3c-1c51134c48dd
28 May 2025
Cho, Seongbin
2f6b0c5c-c1df-48a6-82d1-447a03e55203
Seong, Hojun
194ee632-8c66-44f3-8eca-a1bb7a7f88f2
Kang, Haein
397d442a-cd45-4f28-8220-d8d2056d6f01
Cho, Seong-je
1c127302-2036-439b-a3c3-f97b710d8ea6
Kang, Boojoong
cfccdccd-f57f-448e-9f3c-1c51134c48dd
Cho, Seongbin, Seong, Hojun, Kang, Haein, Cho, Seong-je and Kang, Boojoong
(2025)
Forensic investigation of vehicle-related data in Android phones connected to In-Vehicle Infotainment systems.
Computer Networks, 268, [111370].
(doi:10.1016/j.comnet.2025.111370).
Abstract
As modern vehicles are popularly equipped with an In-Vehicle Infotainment (IVI) system, many drivers use the IVI system which provides various infotainment services to them while driving. In general, after connecting a driver’s smartphone to the IVI system via Bluetooth, WiFi, or USB, she or he can make phone calls, use short message service (SMS), perform media playback, and utilize navigation functions of the smartphone. As a result, various vehicle-related data can be stored in the smartphone linked to the IVI system. Therefore, it is possible to obtain digital evidence through forensic investigation of the smartphone if a suspect has used his or her smartphone while connected to a vehicle’s IVI system. In this paper, we propose a new forensic technique to collect and analyze Android log messages as well as Bluetooth HCI snoop log left on Android phones which have interacted with vehicles’ IVI system via Bluetooth. The Android log messages are stored in multiple circular buffers kept by the Android logging system. The Bluetooth HCI snoop log, a type of log file, is a record of all Host Controller Interface (HCI) commands and events transmitted through Bluetooth on an Android device. From the two forensic data sources, we have identified lots of digital artifacts including as MAC address of the connected vehicle, the vehicle information, the time when being connected and disconnected to a vehicle, phone call history, etc. We also analyze the differences of digital artifacts obtained from the Android log messages and the Bluetooth HCI packets. We finally construct a timeline of the examined driver’s behaviors and vehicle events in terms of vehicle forensics.
Text
Forensic investigation of Vehicle Data-v6
- Accepted Manuscript
Restricted to Repository staff only until 28 May 2027.
Request a copy
More information
Accepted/In Press date: 8 May 2025
e-pub ahead of print date: 24 May 2025
Published date: 28 May 2025
Keywords:
Android, Bluetooth HCI snoop log, Digital forensics, In-Vehicle Infotainment, Log message
Identifiers
Local EPrints ID: 503333
URI: http://eprints.soton.ac.uk/id/eprint/503333
ISSN: 1389-1286
PURE UUID: 46234fb2-5bc7-4cf1-a5b4-f906d0c9e235
Catalogue record
Date deposited: 29 Jul 2025 16:45
Last modified: 22 Aug 2025 02:31
Export record
Altmetrics
Contributors
Author:
Seongbin Cho
Author:
Hojun Seong
Author:
Haein Kang
Author:
Seong-je Cho
Author:
Boojoong Kang
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics