Authors: Abdur Rahman Onik, Trevor T. Spinosa, Abdulla M. Asad, Ibrahim Baggili

DFRWS USA 2024

Abstract

Driving Insurance Applications (DIAs) have emerged as a valuable resource in the ever-evolving digital landscape. Automobile owners are storing extensive data on driving behaviors and patterns. This study pioneers the forensic analysis of Progressive’s Snapshot application, focusing on the extraction and potential forensic use of data that remains inaccessible through the mobile application’s interface. In our approach we focused on four research questions: How accurate is location and speed data collected by Progressive Snapshot?, What forensically relevant data can we extract from the Progressive Cloud that is unavailable to the user from the mobile application interface?, Can we employ anti-forensics techniques, specifically fake location data, to create false trip details?, Can we reconstruct a hit-and-run scenario from trip event details? To answer these questions, we developed PyShot, a Python-based open-source tool, to extract data from the Progressive cloud. Our tests confirmed Snapshot’s accuracy in recording speed and location. Despite efforts to fake the Global Positioning System (GPS) location, the cloud still maintained accurate records. PyShot revealed more detailed driving data, like dangerous maneuvers and distracted driving, compared to the mobile application. This study also explores the forensic reconstruction of hit-and-run incidents, using a mannequin and focusing on Progressive’s server data. Analyzing event categories, geographical coordinates, and timestamps provides insights into the capabilities and constraints of this application in forensic investigations. The findings offer valuable insights into the forensic capability of data retained by DIAs, contributing to their potential use in forensic investigations.

Downloads