A comprehensive micro unmanned aerial vehicle (UAV/Drone) forensic framework

doi:10.1016/j.diin.2019.07.002

Digital Investigation

Volume 30, September 2019, Pages 52-72

https://doi.org/10.1016/j.diin.2019.07.002 Get rights and content

Abstract

In the early 1990s, unmanned aerial vehicles (UAV) were used exclusively in military applications by various developed countries. Now with its ease of availability and affordability in the electronic device market, this aerial vehicular technology has augmented its familiarity in public and has expanded its usage to countries all over the world. However, expanded use of UAVs, colloquially known as drones, is raising understandable security concerns. With the increasing possibility of drones' misuse and their abilities to get close to critical targets, drones are prone to potentially committing crimes and, therefore, investigation of such activities is a much-needed facet. This motivated us to devise a comprehensive drone forensic framework that includes hardware/physical and digital forensics, proficient enough for the post-flight investigation of drone's activity. For hardware/physical forensics, we propose a model for investigating drone components at the crime scene. Additionally, we propose a robust digital drone forensic application with a primary focus on analyzing the essential log parameters of drones through a graphical user interface (GUI) developed using JavaFX 8.0. This application interface would allow users to extract and examine onboard flight information. It also includes a file converter created for easy and effective 3D flight trajectory visualization. We used two popular drones for conducting this research; namely, DJI Phantom 4 and Yuneec Typhoon H. The interface also provides a visual representation of the sensor recordings from which pieces of evidence could be acquired. Our research is intended to offer the forensic science community a powerful approach for investigating drone-related crimes effectively.

Introduction

Unmanned aerial vehicles (UAVs), or colloquially known as drones, are pilot-less aircraft controlled either remotely or autonomously through predefined software-controlled flight paths that work simultaneously with GPS devices and sensors installed onboard. Drones are available for many purposes and can be deployed to perform rescue assessments like wildlife surveillance, flooding inspection, border patrolling (Nuwer, 2017; Gallucci, 2017; Boyd, 2016), and other life-saving missions such as delivering life jackets or medical aids in emergency cases (Mezzofiore, 2018). Advancement in technology has made drones easily affordable. This technology has significantly captivated commercial organizations and has, therefore undergone a noticeable growth in recent years. According to the Federal Aviation Administration (FAA), sales of non-model drones (i.e., commercial) and model drones (i.e., personal) are expected to reach seven million by 2020 (Federal Aviation Administration, 2016). While non-model drone registrations are expected to increase four times by 2022, model drone registrations already reached 878,000 as of early 2018. Another forecast claims that non-model drone usage by recognized domains such as construction, utility inspection, and industrial total to 28 $%$ , while aerial photography, real estate photography, and data collection usage make up to 48 $%$ . Agriculture inspection & use counts for 17 $%$ and the rest includes the usage by state and local governments for search and rescue operations (Aerospace Forecast Fiscal, 2018). According to PwC (Audit and assurance, consulting, and tax services), the drone industry is expected to achieve a value of 127 billion by the end of 2020 (Guy, 2018). The majority of the drone market share is held by Chinese companies, DJI, and Yuneec. In 2017, DJI had 75 $%$ of the civilian-market share (Wikipedia, 2019). The development in drone technology and falling prices have attracted many e-commerce companies to invest in drone package delivery. Medical companies, for example, have started using drones to deliver medicine very quickly to its destination. Organizational domains like logistics, supply chain, transport, cargo, automobiles, and airports have also started using drones for surveillance and delivery.

Despite the continuously mandated FAA regulations (in the USA), the pace at which drone technology is proliferating has also led to their use in undesired, and at times, unlawful settings, thereby elevating security concerns. Though drone technology affords great benefits, there has always been a constant increase in media reports stating the illegal use of drones. Drones are often used in criminal acts spanning from delivering drugs and cellphones into prisons to drug trafficking and illicit flight around a football stadium (Smith, 2017; Woody, 2016; Tail, 2016). People are exploring this technology and attempting to challenge the limits in a disputable manner, exploiting the not-so-strict privacy laws. These actions trigger the necessity for a digital solution that tracks a drone's conduct when used in criminal activities. A review conducted on several ways of using UAVs during the investigation at the crime scene is in (Mendis et al., 2016).

An increase in the abusive use of drone technology risks the safety and security of data, infrastructure, and the public; Fig. 1 depicts a few methods of illegal usage of drones. Hence, the question arises as to how to stop, or at least reduce the potential threats illustrated in Fig. 1. Drone forensics, in our terms, can be defined as collecting, preserving, and analyzing the drone's digital and hardware related evidence during a criminal investigation. A clear and concise report based on the examination of hardware evidence and interpretation of the data can bear testimony for or against the accused in any drone-related crime. The first part of this research introduces a general process of examining the hardware components found at the crime scene. The other part of this work presents a platform for investigating drones' digital information through flight logs produced by the drones from two major drone manufacturers. This platform is a standalone Java-based application. We chose to develop a desktop application to maintain the confidentiality of the information and protect it from being accessed over remote servers.

One way to apply drone forensics is to analyze the flight information using the log files stored onboard. These log files are generated dynamically as soon as the flight time starts and ends when it is complete. These files give real-time sensor recordings of all the sensors equipped to the drone. However, there are a large variety of drones, and the logging system used on each platform has a proprietary nature and thus do not follow any universally recognized standard. To address this challenge, we aim to visualize a drone's flight information and provide a 3D representation of the path followed by the drone using Google maps. The gathering of several sensor readings, even for short flight times, would help in forensic analysis and provide evidence that could lead to a conviction or prevent a potential crime. This novel approach will help investigators apprehend and analyze the unabridged flight plan of a drone, determining whether or not it was flown in compliance with regulations. Before proceeding to the literature survey, the sections below introduce a few necessary concepts that are widely used in this research.

In 2015, UK police reported that 257 out of 352 cases of drone-related crimes were aimed at disrupting public safety (Yeung, 2016), while the number of crimes tripled in 2016 (Daily Mail, 2017). This data shows that there is an increase in crimes in recent years, and it is only expected to increase in the coming years. The rate at which drone technology is proliferating will eventually sync with the rate of occurrences of such crimes. In 2015, a DJI Phantom drone suddenly and unexpectedly crashed on the lawn of the White House. Although it was later determined to be mere negligence by the flyer, this incident showed that drones could penetrate even the most secure infrastructures (Shear and Schmidt, 2015).

Below is a brief outline of our approach:

•
Collect sensor readings of every flight at various places and times.
•
Extract all the system log files from external/internal memory.
•
Create a unified file formatting technique to be used for visualization.
•
Upload the necessary log files to the application and extract data for visualization.

•
Propose a forensic model for examining hardware/physical components of a drone.
•
Provide a digital forensic platform for analyzing and visualizing flight logs of the two popular drones.

The remaining part of this paper is organized as follows: Section 2 discusses a few concepts used in the field of digital forensics of drones, followed by a literature survey in section 3. Section 4 introduces the drone forensic framework used in performing hardware/physical and digital forensics. Using the proposed techniques, section 5 elaborates on the experimental setup needed for our research while the results of the proposed application are discussed in section 6. Finally, section 7 concludes with the discussion on the analysis of the work done, limitations, and possible future work.

Section snippets

Drone forensics

Continuous dependence of modern society on communication-related technologies, like the Internet of Things (IoT), has grown substantially and has led to a corresponding increase in digital security threats. Since security has always been a major enabling factor for any emerging communication technology, there is a need for constant evaluation. Drone forensics can be subdivided into two categories; namely, Digital forensics and Hardware/Physical vehicle forensics. Digital forensics include: 1)

Literature survey

There are several studies performed on drone forensics. As mentioned in the introduction section, commercially available drones are highly customized, and every drone has its own set of policies. It will be a challenge to create a single platform for performing digital drone forensics on every commercial drone unless a standard is set.

Drone forensics framework

This section focuses on the discussion of the proposed forensic approach. Fig. 3 shows a block diagram of the proposed drone forensic methodology.

The entire approach of drone forensics is divided into three phases. These three phases are explained below:

Hardware/physical setup

Our hardware setup included two popular drones along with a laptop running windows 10. The drones were flown over an open space at the university away from the public. Drone batteries, as well as the ground controllers, were required to be charged after every flight. The Phantom 4 had two spare batteries while the Typhoon H had one spare battery. The Phantom 4 can also be controlled through a smartphone that acts as a real-time flight controller and visualizer through an app. Additionally, an

Results

Based on the discussion so far, this section elaborates on the key findings and shows how the application can be used to extract evidence from the acquired data. It analyzed the crime scene results for hardware forensics and processed data from the DIGON Forensic App for digital forensics.

Analysis

The objective of this research was to show the technique of performing a complete drone forensic analysis. The primary task was to preserve all of the collected information throughout the process. Hardware forensics is primarily used for user identification and component analysis. An instance of component analysis includes noting the DJI battery's serial number, which is written in reverse order.

Digital forensics is the interpretation and analysis of sensor recordings along with any multimedia

Funding

This research was not supported by any grant funding from agencies in the public, commercial, or not-for-profit sectors. Support was completely provided by the College of Engineering at the University of Toledo.

Resources

Source Code: The open source drone forensics software proposed in this work is available at GitHub. Version 1: https://github.com/ankitrlps/DroneForensicsSoftware. Version 2: https://github.com/ankitrlps/digital-drone-forensics-spring-boot-maven-javafx

KML files: THe KML files used for visualization in our software and Google Earth are also available at Github at the following link: https://github.com/ankitrlps/KML-Files.

Google Earth Visualization: Video demonstration of Google Earth

Acknowledgements

The authors are thankful to Paul A. Hotmer Family Cybersecurity and Teaming Research Laboratory and the Electrical Engineering and Commuter Science Department at the University of Toledo for supporting the students involved and allowing the use of facilities to complete this project. The authors are also thankful to Allen R. Williams for his assistance in proofreading the document.

References (55)

G. Horsman
Unmanned aerial vehicles: a preliminary analysis of forensic challenges
Digit. Invest.
(2016)
Qassim A. Abdullah
Classification of the Unmanned Aerial Systems
Federal Aviation Administration
FAA Releases 2016 to 2036 Aerospace Forecast
Federal Aviation Administration
Airspace Restrictions
M. Azhar et al.
Drone forensic analysis using open source tools
Journal of Digital Forensics, Security and Law
(2018)
T.E.A. Barton et al.
Forensic analysis of popular uav systems
Battelle
Battelle DroneDefender counter-UAS device
Aaron Boyd
Border Patrol Calls on Silicon Valley for Advice on Small Drones
(July 2016)
D.R. Clark et al.
Drop (drone open source parser) your drone: forensic analysis of the dji phantom iii
Digit. Invest.
(2017)
J. Claude
Euler Angle

Monroe Conner

NASA/NOAA Team Deploy Global Hawk to Track Hurricane Matthew

J. Cook

Save the Special Rule for Model Aircraft Faa Section 336

Brierley Craig

Drones Used to Analyse Ash Clouds from Guatemalan Volcano

DJI, DJI Assistant 2

Flight Controller Data Analysis

DroneViewer DroneViewer

FAA Aerospace Forecast Fiscal Years 2018-2038

Maria Gallucci

Insane Drone Footage Shows Widespread Damage and Flooding at California's Oroville Dam

Bill Gaylord

HealthyDrones Is Now Airdata UAV!

Cherni Guy

Why Drone Use for Security Will Increase Significantly in 2018

F. I. H Bouafif, F Kamoun, A. Marrington, Drone Forensics: Challenges and New Insights, 2018 9th IFIP International...

InteractiveMeshOrg

JavaFX 3D Model Importers

U. Jain et al.

Drone forensic framework: sensor and data identification and verification

Jos Pereda

Leap Motion Controller and JavaFX: A New Touch-Less Approach

Flynt Joseph

How much weight can a drone carry?

Flynt Joseph

5 best heavy lift drones [2019]- large drones that have high lift capacity

D. Kovar, Uav (Aka Drone) Forensics, SANS DFIR...

M. Maarse, J. Ginkel, Digital Forensics on a Dji Phantom 2 Vision+ Uav, Computer Crime and...

Cited by (41)

Secure communication in IOT-based UAV networks: A systematic survey
2023, Internet of Things (Netherlands)
IoT (Internet of Things) has revolutionized the world with its applications like home automation, transportation, agriculture, etc. IoT-based Unmanned Aerial Vehicle (UAV) networks are an emerging field that introduces the UAV network with the power of the Internet.IoT-based UAV networks are a network of interconnected UAVs which are then equipped with sensors, a microcontroller to exchange collected data with each other, and a GCS (Ground Control Station) over the internet. IoT-based UAV network system is used for surveillance, monitoring, payload delivery, and much more which generate a plethora of sensitive information which can be obtained by adversaries in the middle. The communication between UAVs and GCS is vulnerable to security threats using jamming and eavesdropping attacks. The message between UAV and GCS is not enciphered which makes them error-prone. Attacks like GPS (Global Positioning System) spoofing can be possible by sending fake coordinates to trick UAV’s control. Although much effort has been made toward UAV security. However, there is a dearth of descriptive reviews on secure communication in IoT-based UAV networks. The purpose of this paper is to find and examine peer-reviewed literature that discusses previous six-year established papers with existing attacks such as physical, and logical attacks with suggested solutions such as trajectory planning, lightweight schemes, solutions based on blockchain, quantum cryptography, etc. This paper analyzes the secure communication network between UAVs by systematically answering research questions based on the research methodology for the relevant study. Finally, the paper addresses several issues and guidelines for future research.
Unmanned Aerial Vehicle (UAV) Forensics: The Good, The Bad, and the Unaddressed
2023, Computers and Security
Unmanned Aerial Vehicles (UAVs) have been used for a variety of purposes including taking photographs and videos of large areas, undertaking environmental surveys, as well as conducting military operations. The growing use and functionality of UAVs increases the chances that a digital forensics investigation of a UAV could be required to investigate an accident, incident or just the appearance of a UAV in a specific geographical location. As a result, both industry and academia have published a number of guidelines and publications concerning the forensic investigation of UAV systems. The focus of this paper is the academic perspective of UAV forensics. Specifically, we present a systematic survey of the UAV forensics literature, with the purpose of identifying and documenting research trends describing the digital forensic investigation of UAV incidents, accidents and crimes. The findings from the survey identify the need for an enhanced digital forensics framework to help guide future UAV investigations, as well as a number of research themes that are currently unaddressed in the literature. The research contributions are three-fold. First, the paper categorizes, through a taxonomy, previous UAV forensics literature concerning UAV forensics artifacts, frameworks and models for undertaking UAV forensic investigations, forensic readiness for UAVs, and tools that have been used to conduct UAV forensic investigations. Second, using the findings from the literature, we propose and describe the Conceptual Drone Forensic Framework (CDFF), which attempts to address shortcomings in previous UAV forensics models and frameworks. Third, the paper sets the foundation for future research in UAV forensics by proposing three unaddressed research themes that could help enhance future UAV forensic investigations.
The drone delivery services: An innovative application in an emerging economy
2023, Asian Journal of Shipping and Logistics
The rapid development of the Internet of Things (IoT) devices led to new era in the maritime and road transportation industry and research. This article studies the critical determinants of Drone delivery services (personal innovativeness, outcome expectancy, positive anticipated emotions, and perceived risk) on customer willingness to use Drone in an emerging economy. The article employs correlation analysis and structural equation modeling (SEM) to analyze the data of 602 valid observations collected in the structured questionnaire survey in Vietnam. Empirical results indicate that outcome expectancy and personal innovativeness positively impact customer attitude and anticipated emotion, while outcome expectancy has the strongest influence. These findings also show that outcome expectancy and personal innovativeness have an effect on customer willingness to use Drone through their positive attitude and positive anticipated emotions. Interestingly, the perceived risk of Drone is considered a moderator in reducing the relationship between customer attitude and willingness to use Drone while it has an insignificant impact on customer emotion and willingness to use.
Internet of drones security: Taxonomies, open issues, and future directions
2023, Vehicular Communications
Citation Excerpt :
However, this work is limited to only DJI drones. Renduchintala et al. [245] proposed a more comprehensive forensic framework. The authors first divided drone forensics into two categories: digital forensics and hardware/physical vehicle forensics.
Drones have recently become one of the most important technological breakthroughs. They have opened the horizon for a vast array of applications and paved the way for a diversity of innovative solutions. Integrating drones with the Internet has led to the emergence of a new paradigm named the Internet of Drones (IoD). Several works dealt with the security of the IoD, and various surveys have been published on this topic over the past few years. The existing surveys either have limited scope or offer partial coverage of cybersecurity countermeasures. To address these gaps, in this paper, we provide a comprehensive survey related to the cyber and physical security of IoD. Differently from many surveys that only provide a classification of attacks/threats, we also propose three taxonomies that are related to (1) the assets of drones, (2) attacks, and (3) countermeasures. The first taxonomy is a two-level classification of the assets in the IoD. The first level considers the coarse-grained assets, which refer to the IoD's tangible elements, and the second level considers the fine-grained assets, which refer to the elements composing the coarse-grained assets. Based on the asset classification, we propose a taxonomy of attacks targeting the coarse and fine-grained assets, which allows a finer level of granularity to identify threats, and thus ensure better security. Also, we evaluate the risk of cyber and physical attacks by introducing a novel concept, named Chain of Impact, which connects four types of impacts, namely, Direct, Mission, Drone, and Environment. We propose a taxonomy of technical and non-technical countermeasures according to two implementation phases: Pre-incident, and Post-incident (or recovery). The pre-incident countermeasures are further classified as: preventive and detective. In addition, we present the countermeasures along with their performance and limitations. Finally, open research challenges are identified and ranked according to the level of attention they should receive from the research community. Also, future research directions and suggestions are presented for the security of the IoD.
An investigation into Unmanned Aerial System (UAS) forensics: Data extraction & analysis
2022, Forensic Science International: Digital Investigation
Citation Excerpt :
The proposed framework allows the investigator to complete these practices in a different order if necessary. The proposed framework also provides more practical tasks for how to handle and analyse devices than the framework suggested by Renduchintala et al. (2019), as detailed suggestions are provided for the best practices while handling devices, what data is likely to be recoverable and how this data can be used in an investigation. The suggested framework also provides guidance on how to perform a forensic analysis of the controller used to operate the drone, which was not included in the framework created by Renduchintala et al. (2019).
Recent developments of drone technologies have shown a surge of commercial sales of drone devices, which have found use in many industries. However, the technology has been misused to commit crimes such as drug trafficking, robberies, and terror attacks. The digital forensics industry must match the speed of development with forensic tools and techniques. However, it has been identified that there is a lack of an agreed framework for the extraction and analysis of drone devices and a lack of support in commercial digital forensics tools available. In this research, an investigation into the extraction tools available for drone devices and analysis techniques has been performed to identify best practices for handling drone devices in a forensically sound manner. A new framework to perform a full forensic analysis of small to medium sized commercial drone devices and their controllers has been proposed to give investigators a plan of action to perform forensic analysis on these devices. The proposed framework overcomes some limitations of other drone forensics investigation frameworks presented in the literature.
Laser scanner and drone photogrammetry: A statistical comparison between 3-dimensional models and its impacts on outdoor crime scene registration
2022, Forensic Science International
Citation Excerpt :
Although it is a powerful tool in many aspects, creating point clouds on a million-point scale, this technology is still expensive and can be considered time-consuming. On the other hand, unmanned aerial vehicles (UAVs), also referred to as drones, have gained popularity regarding forensic registration when access can be considered difficult or even dangerous [8]. Recent literature presents worldwide usages of UAVs for outdoor forensic purposes, surpassing general topography, with environmental protection [9,10], such as waste management [11], mining sites [12,13], post-mass disasters such as landslides [14,15], floods [16], dam breaches [17], forest fires [18], and highway traffic accidents [19].
This work evaluated the accuracy of 3D models generated by a DJI Mavic Pro drone with 3DF Zephyr software photogrammetry. The models were compared to models generated by a Trimble X7 laser scanner. The tests were performed in the outdoor area of a vehicle parking inbound to simulate the characteristics of a crime scene. Ground control points (GCPs) were distributed in ten positions within the surroundings. In manual flight, the drone performed nadiral photographs from one side to the other side and with an elliptical 45° center pointed. Three altitudes where tested: 10 m, 20 m and 40 m. The Trimble X7 laser scanner performed six scans and generated one set of point clouds. Drone photogrammetry returned eligible data for distances of 20 m and 40 m with errors of ~0.25 mm. To increase the overlay in the photogrammetry procedure, all photographs from distances of 10–40 m were processed, returning an error of ~0.53 mm. The results of the measured distances, which were manually picked from the GCPs, from the 3D-scanned model and photogrammetric 3D models were then statistically analyzed. The Trimble X7 laser scanner showed an average error of 3 cm, which was approximately equivalent to the results obtained with all images or when using a known scale value for the drone photographs, presenting no significant differences among the evaluated methods.

View all citing articles on Scopus

View full text