Tuesday, January 5, 2021

UAV Drone Forensics

  •  UNMANNED AERIAL VEHICLE FORENSICINVESTIGATION PROCESS: DJI PHANTOM 3 DRONE AS A CASE STUDY

However, existing UAV/drone forensics generally  rely  on  conventional  digital  forensic  investigation  guidelines  such  as  those  ofACPO  and  NIST, which  may  not  be  entirely  fit-for-purpose. 


4.2 Proposed process

In  our  process,  there  are  three  main stages,    namely:    preparation,    examination    and analysis/report.The first stage includes Steps 1 to 6. Steps 7 to  17  are  part of  the  second  stage,  and  the final stage includes Steps 18 to 20

Step   1 -Identify   and determine the   chain   of command

Step  2 -Have conventionalforensic  practices(e.g. DNA, fingerprints, and   ballistic)already   been implemented?

Step 3–Identify the role of the device in conducting the offence(Offence analysis)

Step 4-Photographs

Step 5-Identify the make and model

Step 6-Open source investigation to identifydevice characteristics,  potential  data  storage  locations, and availableforensic/non-forensic tools


Step    7-Identify capabilities    (Video/Audio recording, carrying capacity and technique)

Step 8 -Identify potential modifications

Step 9 -Identify data storage locations.

Step 10 -Identify ports

Step 11 -Extract removable data storage mediums

Step 12 -Preserve evidence –Clone/forensic copy of storage medium

Step   13 -Traditional   interrogation   of   storage medium -use certified forensic tools

Step 14 -Extended interrogation of storage medium

This  step  is somewhat unique  to  UAV  forensics.  Typical    digital    forensic analysis    is    normally conducted  using commercial forensic  tool,  which will usually have a proven record for accuracy.Any examination using non-validated toolsis considered a risk. However, until commercial forensic tools for all UAVs are available, we may have little choicebut to  rely  on  open  source  tools  to  extract  data  of forensic interest

Step  15 -Interrogation  of  the  UAV/drone -Potentially  using  a  clone  of  any  storage  medium identified

Step 16 -Interrogation of peripheral devices: flight controller, mobile device, etc

Step  17 -Extract  removable  data  storage  mediums (Destructive


Step 18–Initial reviewof extracted data

Step 19 –Interpreting and translating of data -Into a human readable and evidential format

Step 20 –Report/Statement


Besides,  UAV  could  be  integrated with  radio  communicationservicesin  the  future. Hence, forensic acquisition and analysis of artefacts from radio-communication services[28]can alsobe explored


https://arxiv.org/ftp/arxiv/papers/1804/1804.08649.pdf

at No comments:
Labels: ,
Subscribe to: Posts (Atom)