security surveillance, computer forensics

Unmanned aerial vehicle (UAV) or drone, which in aviation and in space is termed as unpiloted aircraft or spacecraft, have gained popularity in recent times. Drone is a broad term that covers it all. These robot-like aircraft have applications in both the commercial as well as military domains. Drones come in a range of sizes. Broadly, they can be categorised into the following types:

⦁ Multi-Rotor Drones
⦁ Fixed-Wing Drones
⦁ Single-Rotor Drones
⦁ Fixed-Wing Hybrid VTOL

Drones can be used to carry out tasks ranging from the mundane to ultra-dangerous, and that too, without a pilot on board. These robot-like aircraft can fly as long as there is fuel in the craft and there are no mechanical snags. Because of the safety and secrecy that these crafts provide to their operators, they are gaining popularity among national agencies as well as anti-national and criminal groups.

A drone’s autonomy level can range from remotely piloted to advanced autonomy, which means that it relies on a system of sensors and LiDAR (Light Detection and Ranging) detectors to calculate its movement.

Dedrone provides a list and account of drone incidents across the globe:

There have been cases where drones have been used in the smuggling of drugs and weapons inside India. And incidents like this are a security threat to the country. So, the government of India has taken some stringent measures to prevent the unregulated use of drones. India’s Directorate General of Civil Aviation (DGCA) has issued regulations for the operation of civil drones. That has put restrictions not only on the usage but has also made registration, licensing, and training mandatory for the operator. This is a great measure to keep track of all registered drones in India, but it has limitations for those that come in illegally or are flown into India by rogue states to cause cross-border disruption. So, there is a critical need for effective anti-drone solutions as well as for investigating the downed ones. That would dramatically reduce the crime involving drones but will also help our agencies get a detailed insight into the device’s memory.

But investigating such a technology is not as easy as it seems to be and requires special solutions that have been designed and developed specifically for such purposes. Also, it needs to be taken care of that the sanctity of the device is maintained. Answers to such complex scenarios can be found in forensics that has a dedicated branch i.e., digital forensics, which focuses on identifying, acquiring, processing, analyzing, and reporting on data stored electronically. Digital Forensics carefully addresses investigations when it comes to drones. Drone Forensics, a subtype of digital forensics, is concerned with processing, examination, and analysis of unmanned air vehicles (UAVs), but is less well-understood or recognized till date.

This blog aims to determine precisely what drone forensics is and how information can be gleaned from UAVs (drones), the value of this information, the challenges faced by the investigators, and tools that can be used.

What is Drone Forensics?

Drone forensics is a term that refers to forensic processing, examination, and analysis of unmanned air vehicles (UAVs). The aim is to extract and secure evidence safely from the drones, including the footage recorded by the drone, as well as other variables pertaining to its flight history, Geo locations, unique ID, etc.

What data can be recovered from drones?

Drones hold a lot of data that can be retrieved from the device itself and the servers it communicates with while operating, by a qualified and certified digital forensics examiner, just like PCs and smart devices.

This includes:
⦁ Data about the drone’s operator
⦁ Pictures taken
⦁ Video footage captured
⦁ Landing, launch, return and base locations (including common and preferred flying locations)
⦁ Flight history (including the exact locations and the routes taken)
⦁ Flight plans and purposes
⦁ The unit’s altitude at every point of travel
⦁ Payload weights
⦁ Protected zone activity logs
⦁ Paired devices
⦁ The prevailing weather conditions at each leg of the flight.
In addition, the digital forensics investigation can uncover several technical details such as:
⦁ Serial number of Drone
⦁ Dates and timestamps (pertaining to both geo locations, photos, and videos)
⦁ GPS status during flight
⦁ Controller ID
⦁ MAC, IMEI, IMSI
⦁ SSID
⦁ WiFi data
⦁ IP
⦁ EXIF metadata
⦁ Bluetooth
⦁ 3G and 4G connectivity status
⦁ Firmware version
⦁ Pilot control input
⦁ Pilot-configured settings
⦁ File system data

A proficient forensic data analyst can also restore lost files and examine how the drone connects with the server with which it shares data.

The Ideal Drone Forensics Process:

Each drone manufacturer adds uniqueness to their models, which makes the data extraction process tricky. According to Forensic Focus, there is no single standard method to store digital data on drones. Some drones allow data extraction while being intact. Other drones require disassembly of a complete device down to its chips. While many requires only components of the UAV to be disassembled.

The best approach is to obtain a forensic image containing a complete extraction of the drone data.

The entire forensics procedure can be summed up in the following steps to make it easier to understand:

⦁ Acquisition
⦁ Analysis
⦁ Reporting
⦁ The process of gathering data for the first phase starts with the seizure, imaging, or collecting of digital evidence to record media, network activity, and records. The target digital evidence consists of information, data, and EXIF information found in recorded media files saved on the drone. An exact replica (forensic) image of the original media evidence is made and verified when digital media is gathered.
⦁ The analysis starts in the second phase after a forensic image of the evidence has been prepared. At this phase, the data is decoded and contains numerous types of information such as flight time, flight path logs, images, videos, mobile control applications, storage, and file system of the drone, among others. Evidence is gathered to reconstruct events or actions and present facts after it has been gathered and examined.
⦁ A detailed report on the key forensic findings are presented, together with an explanation of the technique used to derive the findings.

Challenges Faced in Drone Forensics

Unfortunately, a drone forensics investigation doesn’t always go as planned, and for the following key reasons, doing a full forensic investigation on drones might be a challenging task for digital forensic investigators:

⦁ GPS coordinates help in understanding the location of the device during flight. But for digital forensic investigators, this may be a difficult process. The EXIF data won’t have any geographic coordinates if the GPS signal was disrupted or had connectivity issues throughout. This may make it more challenging to determine its precise location.

⦁ In the event that the user wants to change or delete the data, it is simple to do. The drone’s user could intentionally try to obstruct it by attempting to alter the data that was captured by the drone. It can be difficult to undertake a thorough forensic investigation.

⦁ The drone is probably equipped with a special serial number or ID that can be used to identify the original owner. But because of legal complexities, this can be a challenging process with numerous delays that can obstruct the investigation.

⦁ The investigator sometimes needs authorization from the drone’s user in order to obtain the data. The possibility of encryption in the data adds complexity to the forensic investigation. Additionally, if the battery dies, the device’s ease of accessing data may be erased.

⦁ In some instances, the data might not be kept on the device that was seized but rather uploaded to the cloud or a private server. In situations like these, getting access to the device presents a significant issue because passwords and encryption are much simpler to crack or overcome if the drone forensics analyst has physical access to the device.

Drone Forensics Tools

Since drones haven’t been around for very long, drone forensics can be a great challenge to comprehend. Fortunately, a lot can be done with the correct digital forensics tools. Law enforcement agencies are able to keep on top of their investigations when new challenges and associated solutions emerge.

MD–DRONE

MD-DRONE is a single End-to-End Drone Forensic software solution to Extract & Analyze data stored in Drone & its associated devices. MD-DRONE supports Drone models of major global manufacturers such as DJI, Parrot, Pixhawk etc. Various data extraction methods including via USB, SD card, from cloud, Chip memory etc. is supported. MD-DRONE does the Integrated analysis of Flight logs, media files, mobile App data, and its analysis results displayed in a single window. The required evidences can be exported as Forensic Report along with Multimedia files in different formats such as PDF, Excel.

Product Highlights

⦁ Provides various extraction methods for wide range of drone devices
⦁ Timeline-based integrated flight data analysis
⦁ Supports flight log and its corresponding multimedia files view in the same screen
⦁ Instant major activity log notification
⦁ Export/Generate Forensic report along with Multimedia files
⦁ Provides list of supported drone models and FCC
⦁ Drone accident analysis by AI & Machine Learning
⦁ Drone App data can be extracted with MD-NEXT & MD-RED and use the result in MD-DRONE to link with Flight data logs

XRY Drone

With XRY Drone, data can be recovered from the drone’s “black box,” from memory files, and from smartphones used to control the drone. XRY Drone helps investigators to extract, decode and view the data quickly – to get actionable intelligence on flight paths, launch locations, images, video, operational logs and other critical data. XRY Drone extracts and decodes data fast. Its proprietary file-format ensures integrity in the chain of evidence, a critical factor if the investigation or case may lead to prosecution and trial.

Product Highlights:

⦁ Acquire and analyze flight paths, power usage & speed per engine, images, videos, identifying serial numbers and more.
⦁ Activate across the MSAB product range of extraction tools

Conclusion:

This blog has outlined drones and forensics and discussed the problems with and potential solutions for them. By concluding the blog, it is understood that drone forensics is where mobile device forensics was ten years ago, and it is expected to continue on a similar path, with advances in knowledge and capabilities being counterbalanced by the development of security measures that limit our access to and understanding of the data. Drones will undoubtedly play a significant role in our society, but they will never be as common as mobile devices.

It is critical that law enforcement, security, and defense professionals increase their levels of knowledge and preparedness regarding drone threats, including the art and science of drone forensics, as drone capabilities continue to advance and come into ever-wider use by both common people and malicious attackers.

With the right equipment and training, the agencies can extract a wealth of data from one of these devices, make it suitable for analysis, and collect vital digital evidence that can bring the truth into the light (that includes identifying the device’s rightful owner).

The answer lies in the technology, but it is up to us to explore the possibilities.

Leave a Reply

Your email address will not be published. Required fields are marked *