Authors: Jung-Hwan Lee, Bum-Su Hyeon, Oc-Yeub Jeon, Nam In Park
DFRWS EU 2023
Abstract
The vehicles we use daily record enormous information via the embedded system that is installed. This recorded information identifies traffic accidents and might reveal the truth of crimes committed using the vehicle. However, as the embedded systems mounted on vehicles must maintain real-time performance, they often have a real-time operating system (RTOS)-dedicated file system structure. Analysis of such systems is becoming a new challenge for digital forensics. This study analyzed the real-time operating system-dedicated file system of a vehicle’s built-in camera. When the built-in camera of the vehicle operates normally, there are various ways to acquire video data. However, when the built-in cam circuit is damaged, the only available method is to extract the onboard memory. To analyze the dedicated file system, we analyzed the driver file in the system area using the reverse engineering technique. We could analyze various log files and user-setting files in multiple partitions stored in the analyzed memory. In addition, we proved that more video frames can be restored by extracting the unallocated area of the video storage partition. In the future, this method can be applied to analyze various RTOS and dedicated file systems installed in the vehicle.