Browse Publications Technical Papers 2014-01-0495

On the Digital Forensics of Heavy Truck Electronic Control Modules 2014-01-0495

Concepts of forensic soundness as they are currently understood in the field of digital forensics are related to the digital data on heavy vehicle electronic control modules (ECMs). An assessment for forensic soundness addresses: 1) the integrity of the data, 2) the meaning of the data, 3) the processes for detecting or predicting errors, 4) transparency of the operation, and 5) the expertise of the practitioners. The integrity of the data can be verified using cryptographic hash functions. Interpreting and understanding the meaning of the data is based on standards or manufacturer software. Comparison of interpreted ECM data to external reference measurements is reviewed from the current literature. Meaning is also extracted from interpreting hexadecimal data based on the J1939 and J1587 standards. Error detection and mitigation strategies are discussed in the form of sensor simulators to eliminate artificial fault codes. A transparent process for data gathering and handling is discussed.
The needs for improved techniques are motivated through examples of manipulated data and an analysis of potential opportunities that exist to alter the data. As an example, a step by step process of changing the records of a DDEC Reports. XTR file is provided. A detailed examination of resetting the ECM clock is also presented, which motivates a design of a hardware write-blocking device.
Some recommendation to provide more forensically sound records of ECM data is outlined. The strategy records and hashes network traffic to create a verification technique for later use. The data is then used in a replay algorithm so the diagnostic software can recreate the information from the forensic copy of the network traffic. Finally, application of the digital forensics beyond accident reconstruction is noted.


Subscribers can view annotate, and download all of SAE's content. Learn More »


Members save up to 16% off list price.
Login to see discount.
We also recommend:

Extracting Event Data from Memory Chips within a Detroit Diesel DDEC V


View Details


Timing and Synchronization of the Event Data Recorded by the Electronic Control Modules of Commercial Motor Vehicles - DDEC V


View Details


Recovery of Partial Caterpillar Snapshot Event Data Resulting from Power Loss


View Details