Car Digital Forensic Training Bootcamp | Automotive Digital Forensic Training

Car Digital Forensic Training Bootcamp, Automotive Digital Forensic Training: A 3-day Training Course and Consulting Service

Car Digital Forensic Training Bootcamp, Automotive Digital Forensic Training is a 4-day combo training and consulting services for law enforcement, government agencies, military and organizations.

Automotive forensics or car forensics is a branch of digital forensics dealing with recovery of digital records, vehicle subsystem logs, evidence, data stored in automotive subsystems and modules, networks and messages sent across operating systems.

Vehicles with a CAN (Controller Area Network) bus network enable ECU (electronic control units) to communicate which each other without a host computer. Vehicle and automotive modules such as Black Box, ECM, ECU, EDR use CAN bus and other In-Vehicle Networks (IVNs) to operate on, send  broadcasted messages across these network and can be digitally recovered under forensically sound conditions.

Participants in the Car Digital Forensic Training Bootcamp will learn about complete Vehicle Forensics: Identify, acquire, and analyze data from vehicle systems to Investigate different conditions and predict events.

Protocols such the CAN are very useful for investigators. CAN protocol is a vehicle bus protocol standard which allows ECUs or vehicle microcontrollers to communicate with each other. CAN is a message-based protocol, a copper-based voltage differentiated network, designed originally for multiplex electrical wiring within cars, trucks, buses and autonomous automobiles.

Participants will learn how to conduct forensic analysis on cars and automotive systems and become certified and specializes in the analysis and forensic examination of ECU’s. Clusters, Keys and built-in OEM GPS Satellite Navigation systems, WiFi, Bluetooth, Infotainment or Telematics systems: solid and robust method to recover and analyze forensic data from all vehicle modules and ECUs using simple hardware, software and other tools such as Wireshark.

Tonex Car Digital Forensics Training solutions and Services:

• Vehicle Systems Forensics
• Car Digital Forensics
• Complete Vehicle Forensics
• Dashboard and Infotainment Systems
• Mobile Phone Forensics
• WiFi and Bluetooth Network Forensics
• Infotainment Forensics
• CAN (Controller Area Network) Bus Protocol Pentesting and Forensics
• CAN Bus, ECU (Electronic Control Units) and Computer Forensics
• Black Box, ECM, ECU, EDR: ECM (Engine Control Module) or Electronic Control Module, EDR (Event Data Recorder) or Electronic Data Recorder.
• Collecting EDR Data for Crash Investigations
• Other sophisticated onboard computer systems
• Tools to record a wide variety of information about the Diesel engines including: performance, efficiency, idle shutdown, Trip activity, Speed vs. RPM, Engine load vs. RPM, Daily engine usage, Hard Stop information, hard braking events and more.

Hands-on Activities and Labs

Students will learn how to setup a simple lab, their future forensic laboratory, to recover identification data, crash data, historic faults and errors from all types of vehicles. We examine vehicles.

Acquisition and Decoding

Labs – computer forensics utilizes tools to directly interfaces with vehicle systems via specially designed hardware.

• Infotainment Forensics
• ECU Identification
• Crash Data Recovery

It can acquire a full or partial binary image and decode the data. It can recover deleted information from either image type. Black Swan can decode and parse data such as:

Examples of digital forensic data extraction:

• Many historic details
• Vehicle/System Information
• Serial Number
• Part Number
• Original VIN Number
• Build Number
• Bluetooth ID from paired & non-paired phones
• All Call logs / Incoming / Outgoing / Missed
• last GPS fixes (last locations driven)
• Entered routes
• Other Driver information
• RDS info
• Media files
• Music files with forensic detail
• Pictures

Infotainment Forensics

Students conduct forensic analysis on automotive GPS systems for Law Enforcement Agencies and testing for OEM’s. Examination of built-in OEM GPS Satellite Navigation systems, known as Infotainment or Telematics systems.

ECU Identification

Recovering deleted forensic data from coded parts. Recover deleted KM, VIN and Serial numbers from flash and memory chips using a method known as chip-off forensics.

• Chip-off forensics
• Recovered Identities
• Recovered Deleted Data
• Recovered KM data

Installed Application Data

• Weather
• Traffic
• Facebook
• Twitter

Connected Devices

• Phones
• Media Players
• USB Drives
• SD Cards
• Wireless Access Points

Navigation Data

• Tracklogs and Trackpoints
• Saved Locations
• Previous Destinations
• Active and Inactive Routes

Device Information

• Device IDs
• Calls
• Contacts
• SMS
• Audio
• Video
• Images
• Access Point Information

Events

• Doors Opening/Closing
• Acceleration/Braking
• Speed & Directional Information
• Lights On/Off
• Bluetooth Connections
• Wi-Fi Connections
• USB Connections
• System Reboots
• GPS Time Syncs
• Odometer Readings
• Gear Indications

GPS Forensics

Recover evidence from the systems installed in many vehicle brands.

Recovery of Deleted Digital VIN and KM data

Recovery of deleted KM, VIN and Serial numbers from all types of coded ECU’s. ABS. Airbag modules, Instrument clusters (dashboards), Keys and Navigation units.

• KM reading
• VIN & Serial numbers
• History and faults with times and KM
• Crash data, events and historic faults.

Key Forensics

• Recovery of data from Keys – Transponder Chip Forensics
• Vehicle Identification Number (VIN)
• Transponder ID
• How many keys are coded to the vehicle, which key is it
• The last KM reading
• The Fuel status
• Vehicle data paired with the last entry

Crash Data

• Crash Data Recovery
• Recovery of crash data from airbag modules

WORKSHOPS

1) VEHICLE EVENTS ACQUISITION

• Access event logs associated with activity
• Door opens, gear shifts, odometer reads, ignition cycles, speed logs etc.

2) LOCATION DATA

• Location data and navigation information
• Track logs, saved locations, active routes and previous destinations

3) CONNECTED DEVICES

Devices that have been connected via the USB ports, over Bluetooth or wireless network and  data associated with those device.

4) INVESTIGATION

• Analysis of vehicle data
• Investigation
• Insight on the sequence of events
• Patterns of life and unusual events
• Timelines of activity and establish a chain of significant events
• Historical data to show where a vehicle was at specific times
• Routes and areas frequently visited, new locations traveled
• Unique identifiers
• Known associates and establish communication patterns

LAB: MANAGEMENT OF A DIGITAL FORENSICS LABORATORY

Setting up a Car Digital Forensics Practice

• Understanding electronic evidence
• Principle of electronic evidence
• guidelines for digital forensics laboratories P
• Conducting a plan
• Physical Security
• Size and Layout
• Facility
• Equipment
• Software
• Hardware

LAB: MANAGEMENT OF DIGITAL FORENSIC CASE

• Receiving a request
• Registering a case
• Registering an exhibit
• Photographing an exhibit
• Conducting analysis
• Computer
• Types of Data Acquisition
• Write Blocker
• Imaging Tools
• Imaging Format
• Process Flow
• Mobile Devices
• Types of Data Extraction
• Extraction Tool
• Extraction File Format
• Process Flow
• Examination
• Triage
• Methods for Computer Examination
• Examination on “Dead System”
• Examination on “Live System”
• Automated Processing
• Data Recovery
• Filtering
• Methods for Mobile Device Examination
• Automated Processing
• Filtering
• Analyzing Computers and ECUs
• Categories of digital traces
• Procedures for different traces
• Virtualization
• Process for handling mass data
• Visualization aids
• Analyzing Mobile Devices
• Categories of digital traces
• Procedures for different traces
• Presentation
• Admissibility of Electronic Evidence
• Report Writing
• Expert Witness
• Quality assurance component
• Accreditation