
Research Article
Android Dumpsys Analysis to Indicate Driver Distraction
@INPROCEEDINGS{10.1007/978-3-030-68734-2_8, author={Lukas Bortnik and Arturs Lavrenovs}, title={Android Dumpsys Analysis to Indicate Driver Distraction}, proceedings={Digital Forensics and Cyber Crime. 11th EAI International Conference, ICDF2C 2020, Boston, MA, USA, October 15-16, 2020, Proceedings}, proceedings_a={ICDF2C}, year={2021}, month={2}, keywords={Digital evidence Mobile forensics Car accident Driver’s distraction Android dumpsys}, doi={10.1007/978-3-030-68734-2_8} }
- Lukas Bortnik
Arturs Lavrenovs
Year: 2021
Android Dumpsys Analysis to Indicate Driver Distraction
ICDF2C
Springer
DOI: 10.1007/978-3-030-68734-2_8
Abstract
Police officers investigating car accidents have to consider the driver’s interaction with a mobile device as a possible cause. The most common activities such as calling or texting can be identified directly via the user interface or from the traffic metadata acquired from the Internet Service Provider (ISP). However, ‘offline activities’, such as a simple home button touch to wake up the screen, are invisible to the ISP and leave no trace at the user interface. A possible way to detect this type of activity could be analysis of system level data. However, security countermeasures may limit the scope of the acquired artefacts.
This paper introduces a non-intrusive analysis method which will extend the range of known techniques to determine a possible cause of driver distraction. All Androiddumpsysservices are examined to identify the scope of evidence providers which can assist investigators in identifying the driver’s intentional interaction with the smartphone. The study demonstrates that it is possible to identify a driver’s activities without access to their personal content. The paper proposes a minimum set of requirements to construct a timeline of events which can clarify the accident circumstances. The analysis includes online activities such as interaction with social media, calling, texting, and offline activities such as user authentication, browsing the media, taking pictures, etc. The applicability of the method are demonstrated in a synthetic case study.