By | Mohamad Firham Efendy bin Md Senan, Nazri bin Ahmad Zamani, Yasmin binti Jeffry, Nur Afifah binti Mohd Saupi & Muhamad Zuhairi bin Abdullah
What is a Drone
Unmanned Aerial Vehicle (UAV), better known as a drone, can be defined as an airplane that is controlled by a remote or computer programme. It is an airplane that functions without a human pilot on board. Drones have been replacing manned airplanes and are revolutionizing the world. In the past, drones were often used for military purposes as they eliminate the risk of pilots losing their life in combat zones. Nowadays, the world has come to a point where there are more civilian drones flying compared to military drones, which is a profound moment in history.
Drones are often equipped with different technologies, such as infrared cameras, GPS and laser. In terms of the variety of sizes, for example the Predator Drone is one of the largest drones that has been used for military purposes. Since the sensors and processors are getting smaller through research and development, drones are coming to have many new uses in industry. These new developments have helped enhance human life.
As drones have become easily available and affordable, their popularity has been rising rapidly among civilians and professionals.
The recent growth in digital devices like smartwatches, smart TVs and drones has brought forth more advanced technology that helps ease daily life. But this growth has also raised security concerns including the misuse of drones for conducting illegal activities. Therefore, investigating these devices is now something relevant in the field of digital forensics. The multitude of drone types created makes data extraction complex because there are no specific procedures and tools that can be used for all types of drone. This creates a new set of challenges in the field of digital forensics.
Types of Drone
“The different types of drone can be differentiated in terms of the type, degree of autonomy, size and weight, and power source” [7]. According to a study [7], these different technical characteristics are crucial, since drone applications are decided based on these characteristics. In order to satisfy specific applications that consumers need, comparisons between drone characteristics are important. Therefore, the differences between Multi-Rotor, Fixed-Wing, Single-Rotor and Fixed-Wing Hybrid are studied [8]. A summary of these drone types is simplified in the following table:
Drones and Digital Forensics
Digital forensics play an important part in assisting law enforcement agencies when it comes to drone forensics. For example, if a drone is found to have crashed in a crime scene area, that drone would contain the information of its owner, flight path, launch location and landing destination. This information enables investigators to pinpoint a suspect. Hence, a digital forensic analyst extracts data from these complex devices in order to obtain clues. Data extraction includes determining the drone’s owner, how it got there, its location before crashing and other important details. Information can also be extracted from physical devices like the drone’s battery, storage, sensors and remote controller. The data inside the devices could lead to answers in the investigation.
There are several storage elements in a drone that record data on its activity. For example, the DJI Inspire 1 has an internal storage located at the nose of the drone. The internal storage of this disassembled drone is shown in Figure 2. Other potential storage is an SD card that could be acquired from the camera attached to the drone as in Figure 3. Different types of drone have different storage locations, which makes data extraction more difficult.
When extracting data, some things that need to be taken into consideration are the type of device including the operating system, the type of physical device such as memory card, the file type (e.g. logical file data), etc. In order to extract these data, certain forensic tools can be used, for instance Encase, Cellebrite UFED Physical Analyzer and Micro Systemation AB (MSAB) products such as XRY and XAMN. Research also suggests that drone data such as flight logs can be viewed using open source-tools like DatCon [1]. Most investigators usually work with primary log sources like the drone itself and mobile devices that are usually used as the ground control station. Some data can be extracted while the drone is intact, whereas in other cases the drone needs to be disassembled first to get the required data.
In today’s day and age, physically acquiring devices is not enough to obtain evidence. There are cases where the drone has been damaged and extraction from the device fails. In addition, since drones are now made with applications that support use on smartphones and tablets, some data is stored on the drone manufacturer’s cloud. Therefore, drone forensics also utilizes cloud forensics to obtain evidence and information on suspects when the physical acquisition of devices is insufficient. Furthermore, since there are applications that support drones, information can be extracted from the control application on the user’s tablet as well. For example, the Phantom DJI series can be connected via an app called DJI Go 4 and data could be extracted from there.
Quite a few studies have been done in the field of drone forensic. The author in [1] conducted a study on the effectiveness of existing forensic guidelines for drone forensics and proposed a new set of guidelines for drone investigation. The proposed guidelines were then demonstrated on DJI Phantom 3. In 2017, researchers [2] designed a forensic framework and proposed techniques of examining drone activities. The paper compares various types of data from three different drones using a software the authors developed. Likewise, [4] presented a forensic analysis of two different types of drone using an open-source tool and [3] presented their analysis of DJI Phantom 3. The research in [5] suggests that a standard forensic investigation procedure could be used in drone forensics and supported the findings with forensic investigation results for a Parrot AR 2.0 drone. In [6], identifying pilot behaviour using machine learning techniques by classifying the radio-control signals was discussed.
No-Fly Zone (NFZ)
A no-fly zone is a territory or area over which aircraft are not permitted to fly. No-fly zones exist to reduce the impact drones have on airspace. All drones are equipped with no-fly zone technology, which is set during firmware installation. This technology is meant to prevent drones from entering restricted airspace. No-fly zone are divided into airports and restricted areas. Airports include major airports and flying fields where manned aircraft operate, while restricted areas include borders between countries or sensitive sites [8].
GPS used by drones serve to warn users if they are about to fly into a no-fly zone, which is within 5 miles of a restricted area. The drone will descend to a lower height if the user continues to fly into a no-fly zone. DJI denotes a one-and-a-half-mile restricted zone as the centre around large airports from where drones are not allowed to take off or enter. In addition to the rules and regulations set by drone manufacturers, every country has their own rules and regulations on the no-fly zone. For example, other than the places set by the manufacturer, there are several other no-fly zones in Malaysia, such as Putrajaya, Istana Negara, KLCC and the Parliament. Flying activity in regions like Putrajaya requires approvals from the Ministry of Home Affairs and is only allowed heights of 400 feet maximum [9].
Conclusion
Drone forensics is currently an emerging field in digital forensics. With the rise of drone security problems, it is crucial for law enforcement agencies worldwide to have ways of countering such problems. There are numerous tools for use in investigations and the digital forensics methodology alone is not enough for drone investigations. As new drones are created every day, available forensic tools should also be upgraded to suit the emerging technology.
