IT-Forensic Automotive Investigations on the Example of Route Reconstruction on Automotive System and Communication Data

  • Tobias Hoppe
  • Sven Kuhlmann
  • Stefan Kiltz
  • Jana Dittmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7612)


As more and more complex IT systems, modern automobiles increasingly bare safety and security risks – and have a growing relevance as sources of potentially valuable traces or evidence. But existing procedures and tools, which have proven so far in the field of IT forensics, mostly focus on desktop IT systems. However, strategies and tools for IT forensic investigations on embedded systems such as automotive IT networks increasingly come into the research focus.

Alongside a process model from an IT-forensics guideline by the German BSI, this article examines how incident investigations could be performed with a focus on automotive IT systems, e.g. to close weaknesses/vulnerabilities and increase the dependability/trustworthiness of future systems. On the example of route reconstruction in a hit-and-run scenario, appropriate strategies and tools for selected process steps are proposed. These are exemplarily illustrated by practical tests on real vehicle IT (especially CAN field bus and navigation systems) and applicable ways to route reconstruction are shown.


Automotive security and safety interplay automotive IT forensics forensic process models investigation and treatment of safety/security incidents 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    SPIEGEL Online International: Autopsy Shows Haider Was Intoxicated, Web Article from (October 15, 2008),,1518,584382,00.html (last access: March 2, 2012)
  2. 2.
    Nilsson, D.K., Larson, U.E.: Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks. In: Networking and Telecommunications: Concepts, Methodologies, Tools and Applications, pp. 647–660. IGI Global (2010) ISBN 978-1-60566-986-1Google Scholar
  3. 3.
    Biermann, M., Hoppe, T., Dittmann, J., Vielhauer, C.: Vehicle Systems: Comfort & Security Enhancement of Face/Speech Fusion with Compensational Biometrics. In: MM&Sec 2008 - Proceedings of the Multimedia and Security Workshop 2008, Oxford, UK, September 22-23, pp. 185–194. ACM (2008) ISBN 978-1-60558-058-6Google Scholar
  4. 4.
    Dittmann, J., Hoppe, T., Kiltz, S., Tuchscheerer, T.: Elektronische Manipulation von Fahrzeug- und Infrastruktursystemen: Gefährdungspotentiale für die Straßenverkehrssicherheit; Wirtschaftsverlag N. W. Verlag für neue Wissenschaft (2011) ISBN 978-3869181158Google Scholar
  5. 5.
    Grance, T., Kent, K., Kim, B.: Computer incident handling guide, special publication 800-61. National Institute for Standards and Technology, NIST Special Publication 800-61 (2004)Google Scholar
  6. 6.
    Casey, E.: Digital Evidence and Computer Crime. Academic Press (2004) ISBN 0-12-1631044Google Scholar
  7. 7.
    Federal Office for Information Security: Leitfaden IT-Forensik, Version 1.0.1 (March 2011),
  8. 8.
    Kiltz, S., Hoppe, T., Dittmann, J., Vielhauer, C.: Video surveillance: A new forensic model for the forensically sound retrieval of picture content off a memory dump. In: Proceedings of Informatik 2009-Digitale Multimedia-Forensik, pp. 1619–1633 (2009)Google Scholar
  9. 9.
    Kiltz, S., Hildebrandt, M., Dittmann, J.: Forensische Datenarten und -analysen in automotiven Systemen. In: Horster, P., Schartner, P. (Hrsg.) D·A·CH Security 2009, Syssec, Bochum, May 19-20 (2009) ISBN: 978-3-00027-488-6Google Scholar
  10. 10.
    Hoppe, H., Holthusen, S., Tuchscheerer, S., Kiltz, S., Dittmann, J.: Sichere Datenhaltung im Automobil am Beispiel eines Konzepts zur forensisch sicheren Datenspeicherung. In: Sicherheit 2010. LNI P, vol. 170, pp. 153–164 (2010) ISBN 978-3-88579-264-2 Google Scholar
  11. 11.
    Hoppe, T., Kiltz, S., Dittmann, J.: Applying Intrusion Detection to Automotive IT – Early Insights and Remaining Challenges. Journal of Information Assurance and Security (JIAS) 4(6), 226–235 (2009) ISSN: 1554-1010Google Scholar
  12. 12.
    Hoppe, T., Exler, F., Dittmann, J.: IDS-Signaturen für automotive CAN-Netzwerke. In: Schartner, P., Taeger, J. (Hrsg.) D·A·CH Security 2011, Syssec, pp. 55–66 (2011) ISBN: 978-3-00-034960-7Google Scholar
  13. 13.
    Müter, M., Hoppe, T., Dittmann, J.: Decision Model for Automotive Intrusion Detection Systems. In: Automotive - Safety & Security 2010, pp. 103–116. Shaker Verlag, Aachen (2010) ISBN 978-3-8322-9172-3Google Scholar
  14. 14.
    Working state of a community-created CAN-ID matrix; forum discussion in the internet community,, (last access: February 29, 2012)
  15. 15.
    Rehse, T.: Semantische Analyse von Navigationsgeräten und Abgleich von Daten aus dem Fahrzeugbussystem mit dem Ziel der Rekonstruktion von Fahrtrouten für den IT-forensischen Nachweis. Master thesis, Otto-von-Guericke-University of Magdeburg (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Tobias Hoppe
    • 1
  • Sven Kuhlmann
    • 1
  • Stefan Kiltz
    • 1
  • Jana Dittmann
    • 1
  1. 1.Otto-von-Guericke UniversityMagdeburgGermany

Personalised recommendations