The Automotive BlackBox: Towards a Standardization of Automotive Digital Forensics

Paper in proceeding, 2023

There is a trend toward increased cyberattacks on vehicles. Aligned, forensics requirements and standards are emerging. Digital forensics refers to identifying, preserving, verifying, analyzing, documenting, and finally presenting digital evidence with high confidence in its admissibility, thus ensuring forensics soundness. However, current automotive regulations and standards, such as the United Nations Regulation No. 155 and the International Organization for Standardization standard 21434, provide no details or guidelines. Vehicular data is often extracted using tools unsuitable for digital forensics, thus lacking forensics soundness. The data storage is generally not resistant to tampering and often lacks adequate cybersecurity mechanisms. Digital forensics is a relatively new field within the automotive domain, where most of the existing self-monitoring and diagnostic systems only monitor safety-related events. To support a forensic investigation, automotive systems must be extended to securely log and store additional information, especially those related to security events. There is no standardization for automotive digital forensics that defines requirements, needed components, and techniques for the automotive domain. In this paper, we identify and propose requirements for automotive digital forensics and present the Automotive BlackBox, an architecture guiding the design of an automotive diaital forensic-enabled vehicle.