Drone forensics is a term that refers to forensic processing, examination, and analysis of unmanned air vehicles (UAVs). It involves extracting and securing evidence in a forensically sound manner on drones(UAVs).
Generally, it’s often referred to as UAV forensics, the objective is to recover the footage recorded by the drone, as well as other variables pertaining to its flight history, geo locations, unique ID, etc.
By learning about:
- The dangers associated with unlawful use of drones
- What data can be recovered from them
- The correct methodology to secure evidence from them
- The practical examples and scenarios that will be of interest to you
You’ll get a great general overview of what the field of drone forensics covers.
Below, you’ll find the most important points to keep in mind about drone forensics and the science that goes along with it, as well as how to solve the common challenges a forensic digital examiner may encounter along the way.
- The basic premise and popularity of drones
- Potential illegal activities and dangers drones could represent
- Drone forensics application
- What data can be recovered from drones?
- The proper drone forensics methodology
- Challenges faced in drone forensics
- Conclusion
The basic premise and popularity of drones
Drones are unmanned aerial vehicles (or UAVs for short) that can be used for all sorts of purposes, recreational and corporate alike.
Since their inception, drones have come a long way, and even the very basic models are capable of taking pictures and recording videos. The consumer-grade models are priced as low as a couple of hundred dollars, thus making them accessible almost to anyone. There are also tiny models suitable for kids – these small toys often go for even less than that.
To control them, the operator can issue commands via a radio controller, which is a practical handheld device with a wide range of coverage. Most modern and more expensive models also come with a smartphone app for issuing advanced commands and tweaking their settings to the user’s liking.
Unfortunately, these handy aerial devices can also be used for all sorts of nefarious purposes like voyeurism, smuggling, physical attacks, and other illegal activities we’ve covered below. This is where drone forensics comes in. In essence, this is a sub-category of mobile and wireless forensics. After all, in its purest form, you can think of a drone as a smart device with sensors attached to it.
Since these devices are so easily affordable, controllable, and accessible, the number of drone-related criminal activities is on an upward trend. Therefore, drone forensics is gaining an increasing role when it comes to solving urban and corporate crime.
Potential illegal activities and dangers drones could represent
As harmless and cute as they may look, don’t be fooled by their appearance!
In fact, criminals often use these modern devices to conduct a myriad of illegal activities, including:
- Piloting them to smuggle drugs, mobile phones, guns, knives, and other weapons, illegal substances, and objects into prisons
- Using them as a tool to conduct terrorism by planting explosives into stadiums and other public venues
- Corporate and government espionage, unauthorized monitoring and intelligence gathering
- Voyeurism and invasion of people’s privacy by trespassing on private property
- Disrupting the workflow of airports and distracting air traffic
- International espionage and unauthorized trans-border supervision
- Stalking, harassment, and invasion of privacy by paparazzi or unethical journalists and reporters
- War crimes such as launching aerial missile attacks
- Physical attacks on unsuspecting citizens
- Smuggling of contraband items between minors
- Property vandalism
- Violation of no-fly zones
The above-listed examples paint a clear picture that drones can be a potent national safety and security threat when placed in the wrong hands. Everyone could become a target, both individuals and organizations alike.
Drone forensics application
Drone forensics play an important role in today’s society and cover a wide range of applications, including those in the commercial, civil, recreational, educational, law enforcement, and national security domain.
With the right equipment and training, a forensic data analyst can extract a wealth of data from one of these devices, make it suitable for analysis, and collect vital digital evidence that can bring the truth into the light (that includes identifying the device’s rightful owner).
This is possible even in case the drone has crashed during flight.
In many ways, a drone functions like a computer. Apart from having a data storage unit such an SD card, USB ports, and a CPU, it can also be equipped with a video camera and other sensors. This allows a digital forensic video analyst to use sophisticated industry tools like VIP 2.0 to extract the missing pieces of the story and find out what happened by looking at the footage captured during the flight.
To make the evidence extracted from drones admissible in court, a digital forensic examiner is required to adhere to strict legal guidelines and industry standards. To that end, the proper drone forensics methodology needs to be followed (more on that below).
What data can be recovered from drones?
As stated above, drones, just like computers and smart devices, contain a wealth of data that can be recovered by a trained and certified digital forensics examiner, from the device itself and the servers it communicated with while operational.
This includes:
- Data about the drone’s operator
- Photos taken
- Video footage captured
- Landing, launch, returning and home locations (including common and preferred flying locations)
- Flight history (including the exact locations and the routes taken)
- Flight plans and purpose
- The altitude of the unit at every point of its travel
- Payload weights
- Protected zone activity logs
- Paired devices
- Atmospheric conditions that were in effect during each stage of the flight
In addition, the digital forensics investigation can uncover several technical details such as:
- Dates and timestamps (pertaining to both geo locations, photos, and videos)
- Controller ID
- EXIF metadata
- GPS status during flight
- Drone’s serial number
- Internal components (MAC, IMEI, IMSI)
- SSID
- WiFi data
- IP
- Bluetooth
- 3G and 4G connectivity status
- Firmware version
- Pilot control input
- Pilot-configured settings
- File system data
- Registry entries
A skilled forensic data analyst can also recover deleted records and analyze the interaction between the drone and the server it communicates and exchanges data with.
The proper drone forensics methodology
The objective of drone forensics and analysis is to uncover the data listed above.
The entire drone forensics can be summarized in three phases:
- Acquisition
- Analysis
- Reporting
- Before beginning the investigation, the evidence needs to be secured and transported to the digital forensics lab for further analysis. To make sure the integrity of the evidence is preserved at all times, one of the first steps in the investigation is to make a forensic image of the data that acts as a digital copy.
- We also need to make sure to eliminate the possibility of remote tampering with the data. In case the drone is still operational, it’s important to power it down before proceeding with the investigation.
Not only can drones be controlled remotely, certain models also allow you to perform a factory reset from afar, which can be a handy tool in the cunning hands of a criminal.
- Then, we proceed with the technical aspects of the digital forensics investigation that involves advanced techniques such as file carving, a technique performed during the forensic analysis. Note that each and every step of the investigation needs to be properly documented so the evidence stands in court.
- After determining the operating system and firmware, we can access the file system and see what files we can recover from the storage media. If there is EXIF optimal sensor metadata to be found, we proceed with the extraction. During the process, we also check the confiscated UAV aircraft for telemetry information, GPS data, and flight path data.
We also attempt to establish the identity of the drone’s owner. In case the device is powered by Android OS, a unique identifier is assigned to the device, which can help a digital forensics examiner unmask the true owner of the device by collaborating with the appropriate legal authorities.
Keep in mind there are traditional forensic methods to be applied during the investigation as well. This includes taking DNA and fingerprint samples off the device and making sure they are preserved in accordance with modern forensic standards.
The final stage of drone forensics involves writing a detailed digital forensics report. Traditionally, this is quite a time-consuming and labor-intensive process. But thanks to the digital forensic lab, it’s possible to completely automate this part of the process which allows a forensic data analyst to commit more time and energy to crack the case and discover the truth of what happened.
Challenges faced in drone forensics
Unfortunately, a drone forensics investigation doesn’t always go as planned and there are several challenges and roadblocks a forensic digital examiner can face down the road.
Damage to the storage media and scattered components
If the drone has been damaged during flight or landing, pieces of it may be scattered across the terrain. Not only do they have to be found, collected, and assembled, the damage sustained during the fall can shake up the storage media, thus making it harder to recover data from it.
A lack of GPS data
If the GPS signal was turned off during the flight or if there were some sort of connectivity issues, the EXIF data will not contain any geographic coordinates. This can make it harder to pinpoint its exact whereabouts during flight.
Establishing ownership
As already stated, the drone likely contains some form of unique serial number or ID that can be traced back to the original owner. However, due to legal intricacies, this can be a tricky process with several delays that can get in the way of the investigation.
A lack of proper digital forensics tools
Since drone forensics is a very specific and often challenging field, you need a comprehensive all-in-one solution like Digital Forensic Lab by SalvationDATA. This will help you bypass any technical roadblocks you might bump into during the investigation such as encryption or software incompatibility, all while knowing that the integrity of the digital evidence will remain untouched.
When your job is done, you will be able to generate a complete digital forensics report at the click of a button without spending long hours typing it.
Connecting to the drone’s USB
On some occasions, you’ll run into trouble when trying to connect to the drone’s USB port. This will make forensic imaging next to impossible. In case you encounter this during the drone forensics process, the only solution is to conduct a wireless imaging sequence.
File system incompatibilities
Did you know that a single drone can have upwards of five different file systems? This can result in incompatibilities when trying to access data that’s stored inside. In some cases, you’ll have no other option but to attack the problem from multiple different angles by using different digital forensics tools.
If, however, time is a valuable asset to you, be sure to check out VIP 2.0 which not only allows you to access a myriad of file systems without issues but also has no problem playing and repairing the video footage extracted no matter what codec it would otherwise require to play.
Standardization issues
Since drones are a relatively new technology, there is hardly any standardization in place when it comes to software, hardware, and firmware used in their production. The same applies to flight controllers.
This means that different manufacturers are free to take a different approach in how they choose to design their products.
Access permission
To access flight data, a drone forensics analyst often needs permission from the drone’s owner. In case the latter is guilty of a crime, expecting any kind of collaboration from them would be futile. Since the flight data can be encrypted, this adds another layer of complexity to the forensic investigation.
On top of that, access to flight data, the device contains can vanish if the battery runs out.
Remote tampering
The owner of the drone could deliberately try to obstruct the investigation by trying to tamper with the drone’s recorded data from a remote location.
This includes trying to wipe the data, altering it, or performing a factory reset.
Cloud storage
In some cases, the data might not be stored locally on the confiscated aircraft device, but be uploaded to a cloud or a private server instead.
In cases like these, gaining access to it and presents a massive challenge, because it’s much easier to break or bypass passwords and encryption if the drone forensics examiner has physical access to the device.
Conclusion
Since drones haven’t been along for long, the science of drone forensics can be a difficult beast to tame.
Fortunately, with the right digital forensics tools, methodology, approach, and dedication, a lot can be done. As new challenges arise, so do the corresponding solutions, thus allowing the law enforcement agencies to stay on top of their game.
0 Comments
Refer to a specific part of their comment that you appreciate. Relate to them if you can.