Share on Facebook0Tweet about this on TwitterShare on LinkedIn0Share on Google+0

by Giselle Morales

Vehicle Forensics Brings Another Data Source to Light

In the Internet of Things, digital forensics has another data source to analyze – your car. Infotainment and telematics systems data is being captured by vehicles.  At a glance, this type of data source may seem exclusively useful in criminal cases or in cases where crash reconstruction is relevant.  However, with the demand for users to have their data sync across devices and constant connection to the internet, new data sources are becoming more relevant in civil cases as well.

We can forensically acquire a vehicle’s infotainment and telematics systems and provide some illuminating information. While the data points vary based on make, model, and trim of the vehicle, items from a phone such as contacts, SMS, call logs, and GPS are often automatically synced to the vehicle.

Obviously, one requirement is that the vehicle have an infotainment unit installed in the car.  Infotainment systems are common in newer makes of vehicles, where information and entertainment systems come together on the dashboard. Once the user’s mobile phone is synced with the on-board unit, the infotainment system’s native data points and the phone’s data are correlated together.  This makes infotainment system data quite rich and helpful in digital forensic examinations.  This is particularly important when there is no mobile phone to examine.


Now that you’re scared about your car (especially rental cars), how does this apply to civil lawsuits? 

In any lawsuit, whether civil or criminal, data is used as evidence.  In the past, evidence of a person’s whereabouts may be limited to eye witness accounts.  With mobile phones and infotainment systems, we essentially have tracking devices that not only tell us location, but give us insight into the actual activities taking place.  This has changed evidence as we know it.

For example, there are companies that provide employees with company cars for business use.  For example, health care workers visiting patients at their residence may use a company vehicle.  If that employee sues the employer for unpaid overtime, the vehicle’s trackpoints from the GPS become relevant.  Trackpoints are created automatically when the GPS is turned on and acquiring satellite signals.  These Trackpoints can then be used to correlate back to time keeping records to determine whether that employee was actually working and due overtime, or using the car for personal use.

Another data source are vehicle event logs.  These logs track numerous events such as when a door was open or closed, vehicle lights turning on or off and when the ignition was turned on or off.  The correlation with Trackpoints and event logs along with other data sources of an examination can lead to building a clearer picture of the user’s activity at specific times of interest even with the absence of a mobile phone.

These, and many other interesting artifacts, leave a trail of evidence a computer forensics examiner can find for you.

If you have questions about what a computer forensics examiner can find, shoot us a note at or a comment below.


Giselle A. Morales, EnCE, GCFE, Senior Director, Digital Forensics 

Giselle Morales is a Senior Director of Digital Forensics with Precision Discovery.  She has over 13 years of experience in computer forensics and eDiscovery disciplines.  She has concentrated in corporate intellectual property theft and investigations.  She leads forensic teams in preparing for and responding to complex investigation matters. She is a graduate of the University of Los Angeles California (UCLA) and certified in computer forensics.



Share on Facebook0Tweet about this on TwitterShare on LinkedIn0Share on Google+0

Leave a Reply

Your email address will not be published. Required fields are marked *