Mobile Phone Digital Evidence Providers to Investigate Driver’s Distraction

Lukáš Bortník
Police officers investigating car accidents have to consider driver’s interaction with mobile device as a possible cause of the accident. Unfortunately, mobile device artefacts which could help to prove driver’s distraction are volatile and can be purged either by user or the operating system itself. As currently available digital forensics frameworks do not allow uncovering driver’s behaviour thoroughly, the study analyses prospective evidence providers which could assist forensic practitioners to prove or disprove driver’s distraction. The focus is taken on analysis of Android operating system services’ data acquired by Android dumpsys. The study inspects the possibility to identify the interaction with mobile device applications without accessing user’s personal content. The research out- comes demonstrate the ability to distinguish events generated by operating system vital services and events originating from intentional driver’s interaction. The analyses involve specific driver’s activities such as interaction with social media, calling, texting, browsing offline content and possible anti-forensics activities to avoid being persecuted. In addition, the method can be used to discover system level activities, such as login activities, charging methods, changing device settings or switching between applications and in-app activities. Besides traditional telecom services, proposed method provides a solution to identify telephony activities conducted via cross-platform VoIP ap- plications, such as Viber, Messenger, WhatsApp, Signal or Telegram. Moreover, as drivers may conduct their phone calls via external handsfree kit, the thesis provides a solution how to identify individual call routing methods - either using device’s earpiece, wired kit, or Bluetooth connected car’s stereo. Furthermore, study also demonstrates possibility to retrieve the information about current and historical environment settings – e.g., connected wireless networks, bluetooth connections, paired devices and associated network artefacts. The thesis is finalized by case study analyses of simulated car accident. In addition to successfully identified driver’s interaction with mobile device, the case study analyses demonstrate how to apply researched method in the real-life examination, includes recommendations for targeted time and cost-effective investigation, and proposes the areas of future research.
Graduation Thesis language
Graduation Thesis type
Master - Cyber Security
Pavel Laptev, Satish Narayana Srirama
Defence year