- UNMANNED AERIAL VEHICLE FORENSICINVESTIGATION PROCESS: DJI PHANTOM 3 DRONE AS A CASE STUDY
However, existing UAV/drone forensics generally rely on conventional digital forensic investigation guidelines such as those ofACPO and NIST, which may not be entirely fit-for-purpose.
4.2 Proposed process
In our process, there are three main stages, namely: preparation, examination and analysis/report.The first stage includes Steps 1 to 6. Steps 7 to 17 are part of the second stage, and the final stage includes Steps 18 to 20
Step 1 -Identify and determine the chain of command
Step 2 -Have conventionalforensic practices(e.g. DNA, fingerprints, and ballistic)already been implemented?
Step 3–Identify the role of the device in conducting the offence(Offence analysis)
Step 4-Photographs
Step 5-Identify the make and model
Step 6-Open source investigation to identifydevice characteristics, potential data storage locations, and availableforensic/non-forensic tools
Step 7-Identify capabilities (Video/Audio recording, carrying capacity and technique)
Step 8 -Identify potential modifications
Step 9 -Identify data storage locations.
Step 10 -Identify ports
Step 11 -Extract removable data storage mediums
Step 12 -Preserve evidence –Clone/forensic copy of storage medium
Step 13 -Traditional interrogation of storage medium -use certified forensic tools
Step 14 -Extended interrogation of storage medium
This step is somewhat unique to UAV forensics. Typical digital forensic analysis is normally conducted using commercial forensic tool, which will usually have a proven record for accuracy.Any examination using non-validated toolsis considered a risk. However, until commercial forensic tools for all UAVs are available, we may have little choicebut to rely on open source tools to extract data of forensic interest
Step 15 -Interrogation of the UAV/drone -Potentially using a clone of any storage medium identified
Step 16 -Interrogation of peripheral devices: flight controller, mobile device, etc
Step 17 -Extract removable data storage mediums (Destructive
Step 18–Initial reviewof extracted data
Step 19 –Interpreting and translating of data -Into a human readable and evidential format
Step 20 –Report/Statement
Besides, UAV could be integrated with radio communicationservicesin the future. Hence, forensic acquisition and analysis of artefacts from radio-communication services[28]can alsobe explored
https://arxiv.org/ftp/arxiv/papers/1804/1804.08649.pdf
No comments:
Post a Comment