Android Dumpsys Analysis to Indicate Driver Distraction

446 1

DFIR Resources

Research and Documentation
White Papers & Journals
Analysis - Devices & OSs
Police officers investigating car accidents have to consider the driver’s interaction with a mobile device as a possible cause. The most common activities such as calling or texting can be identified directly via the user interface or from the traffic metadata acquired from the Internet Service Provider (ISP). However, ‘offline activities’, such as a simple home button touch to wake up the screen, are invisible to the ISP and leave no trace at the user interface. A possible way to detect this type of activity could be analysis of system level data. However, security countermeasures may limit the scope of the acquired artefacts. This paper introduces a non-intrusive analysis method which will extend the range of known techniques to determine a possible cause of driver distraction.

All Android dumpsys services are examined to identify the scope of evidence providers which can assist investigators in identifying the driver’s intentional interaction with the smartphone. The study demonstrates that it is possible to identify a driver’s activities without access to their personal content. The paper proposes a minimum set of requirements to construct a timeline of events which can clarify the accident circumstances. The analysis includes online activities such as interaction with social media, calling, texting, and offline activities such as user authentication, browsing the media, taking pictures, etc. The applicability of the method are demonstrated in a synthetic case study.


  • File Description
    File Size
    File Type
  • Android-Dumpsys-Analysis-to-Indicate-Driver-Distraction
    2 MB

User comments

There are no user comments for this listing.