Skip to main content

Drone Forensics: The Impact and Challenges

  • Chapter
  • First Online:
Digital Forensic Investigation of Internet of Things (IoT) Devices

Abstract

Unmanned aerial vehicles (UAV) have surged in popularity over the last few years. With this, crime involving drones has also dramatically increased. Therefore, there is a dire need of successful Drone programmes that significantly would lower the amount of crime being committed involving Drone devices. Drone forensics is a concept that is less well known or documented. Research has shown that there have been Drone Forensic programmes to support the forensics investigations, however, many have failed for a few reasons such as the lack of understanding of the technology or other limited resources. It is also known within the Digital Forensics community that Anti-Forensics techniques are constant threats and hinder investigations, resulting in less convictions. This study aims to ascertain exactly what data can be extracted from UAV devices (Drones), the usefulness of this data, and whether consumers are able to obfuscate the data in efforts to evade detection (i.e. Anti-forensics techniques). A number of primary and secondary datasets have been utilised in this research. Primary data includes carrying out a flight using a UAV device and consequently analysing the resulting data and an interview with a qualified Digital Forensic Analyst. Secondary data was gained from VTO Labs, recommended by NIST which was able to be interrogated in order to deliver interesting results. This study found that Drones have the ability to hold a wealth of evidence that could potentially be very useful to assist forensics investigations. This included the flight path of the Drone, date and time of flight, altitude, home-point and alerts to inform whether the Drone was near restricted airspace such as airports (No Fly Zones). Moreover, it was found that it is possible for the manufacturers to build in Anti-Forensics software into their devices, but it would not be possible for a consumer to utilise such techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Admin (2017) Drone Components_Quick list of it’s parts. https://grinddrone.com/drone-features/drone-components

  2. Association of Chief Police Officers (2012) ACPO good practice guide for digital evidence. https://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf

  3. Barton TEA, Hannan Bin Azhar MA (2017) Forensic analysis of popular UAV systems. IEEE. https://doi.org/10.1109/EST.2017.8090405

  4. BBC (2019). Drone no-fly zone to be widened after Gatwick chaos. www.bbc.co.uk: https://www.bbc.co.uk/news/business-47299805, 20 Feb 2019

  5. Bouafif H, Kamoun F, Iqbal F, Marrington A (2018) Drone forensics: challenges and new insights. In: 2018 9th IFIP international conference on new technologies, mobility and security (NTMS). IEEE, Paris, France

    Google Scholar 

  6. Brown R (2018) Fears burglars are using drones to case homes—as drone reports to police rocket. The Cambridgeshire Live. https://www.cambridge-news.co.uk/news/cambridge-news/burglars-drones-homes-reports-rocket-14785783

  7. CAA, NATS (2019) The drone code. Drone Safe UK: https://dronesafe.uk/wp-content/uploads/2019/02/Drone-Code_March19.pdf, 19 Feb 2019

  8. CAA, NATS (n.d) Drone Safe UK: https://dronesafe.uk/

  9. Canis B (2015) Unmanned aircraft systems (UAS): commercial outlook for a new industry. Congressional Research Service. https://goodtimesweb.org/industrial-policy/2015/R44192.pdf

  10. Conti M, Dehghantanha A, Franke K, Watson S (2018) Internet of things security and forensics: Challenges and opportunities. Future Gener Comput Syst 78:544–546. https://doi.org/10.1016/j.future.2017.07.060

  11. CopterSafe (n.d) NFZ mod for Phantom 4 (not for PRO). CopterSafe: https://www.coptersafe.com/product/nfz-mod-phantom-4/

  12. Crawford J (2018). 10 crimes committed using a drone. https://listverse.com/2018/07/26/10-crimes-committed-using-a-drone/

  13. DJI (n.d.) FlySafe. DJI website: https://www.dji.com/uk/flysafe

  14. DJI (2019) Matric 600. https://www.dji.com/uk/matrice600

  15. DJI (2018) Phantom 4. https://www.dji.com/uk/phantom-4/info

  16. Dormehl L (2018) The history of drones in 10 milestones. https://www.digitaltrends.com/cool-tech/history-of-drones/

  17. Flynt J (2017) 21 types of drones. https://3dinsider.com/types-of-drones/

  18. Fussell S (2018) Who will police drones? https://gizmodo.com/who-will-police-police-drones-1826891119

  19. Haylen A (2019) Civilian drones. (Briefing Paper No. CBP 7734). www.parliament.uk/commons-library

  20. Hegarty R, Lamb DJ, Attwood A (2014) Digital evidence challenges in the internet of things. Paper presented at the INC, pp 163–172

    Google Scholar 

  21. Horsman G (2016) Unmanned aerial vehicles: a preliminary analysis of forensic challenges. Digit Investig 16:1–11. https://doi.org/10.1016/j.diin.2015.11.002

    Article  Google Scholar 

  22. HM Government (2000) Regulation of investigatory. Legislation.gov: https://www.legislation.gov.uk/ukpga/2000/23/pdfs/ukpga_20000023_en.pdf, 1 Aug 2000

  23. HM Government (1978) Protection of Children Act 1978. Legislation.gov: https://www.legislation.gov.uk/ukpga/1978/37/pdfs/ukpga_19780037_en.pdf

  24. HM Government (2003) Sexual Offences Act 2003. Legislation.gov: https://www.legislation.gov.uk/ukpga/2003/42/pdfs/ukpga_20030042_en.pdf

  25. House of Commons—Science and Technology Committee (2019) Commercial and recreational drone use in the UK. https://publications.parliament.uk/pa/cm201719/cmselect/cmsctech/2021/2021.pdf

  26. Jain A, Chhabra G (2014) Anti-forensics techniques: an analytical review. In: 2014 seventh international conference on contemporary computing (IC3). IEEE, India, p 7

    Google Scholar 

  27. James H (n.d.) No Fly Drones: https://www.noflydrones.co.uk/

  28. James H (n.d.) Contact. No Fly Drones: https://www.noflydrones.co.uk/contact

  29. Liao S (2017) DJI drones can get past no-fly zones thanks to this Russian software company. The Verge: https://www.theverge.com/2017/6/21/15848344/drones-russian-software-hack-dji-jailbreak, June 2017

  30. Kessler GC (2007) Anti-forensics and the digital investigator. In: Proceedings of the 5th Australian digital forensics conference. Edith Cowan University, Perth Western Australia, p 8

    Google Scholar 

  31. Kovar D (2016) UVA (aka drone) forensics. [Slide Presentation] Cyber Security Summit. https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1492184184.pdf

  32. Kovar D, Bollo J (2018) Drone forensics. Digit Forensics Mag 34:14–19

    Google Scholar 

  33. Maarse M, Sangers L, van Ginkel J, Pouw M (2016) Digital forensics on a DJI phantom 2 vision UAV. University of Amsterdam

    Google Scholar 

  34. Mercer D (2019) Revealed: drones used for stalking and filming cash machines in the UK. https://news.sky.com/story/police-warn-drone-users-after-incidents-soar-by-40-in-two-years-11637695

  35. NIST (2018) Drone forensics gets a boost with new data on NIST website. NIST: https://www.nist.gov/news-events/news/2018/06/drone-forensics-gets-boost-new-data-nist-website, 6 June 2018

  36. NLD (n.d) NLD MOD client license key. No Limit Dronez: https://nolimitdronez.com/activation-key-for-nld-mod-client

  37. PWC (2018) Skies without limits. https://www.pwc.co.uk/intelligent-digital/drones/Drones-impact-on-the-UK-economy-FINAL.pdf

  38. Roder A, Choo K-K, Le-Khac N-A (n.d) Unmanned aerial vehicle forensic investigation, p 14

    Google Scholar 

  39. Roder A, Choo KR, Le-Khac N (2018) Unmanned aerial vehicle forensic investigation process: Dji phantom 3 drone as A case study

    Google Scholar 

  40. Rouse M (2018) Drone (unmanned aerial vehicle, UAV). https://internetofthingsagenda.techtarget.com/definition/drone

  41. Rubens T (2018) Drug-smuggling drones: how prisons are responding to the airborne security threat. https://www.ifsecglobal.com/drones/drug-smuggling-drones-prisons-airborne-security-threat/

  42. SmashingDrones.com (2019) Best camera drones for sale UK 2019. https://smashingdrones.com/

  43. The Civil Aviation Authority (n.d) Safety apps. DroneSafeUK: https://dronesafe.uk/safety-apps/

  44. The Daily Mail (2017) Ten drone crimes a day: surge in popularity sees police report for 12-fold jump in offences linked to the gadgets. https://www.dailymail.co.uk/news/article-4373806/Police-report-12-fold-jump-drone-offences.html

  45. The Office of the General Counsel (2016) The air navigation order 2016 and regulations. The Civil Aviation Authority. https://publicapps.caa.co.uk/docs/33/CAP393_Fifth_edition_Amendment_13_March_2019.pdf, Aug 2016

  46. UK Civil Aviation Authority (2019) Drone code. https://dronesafe.uk/drone-code/

  47. Uleski M (2017) The top 6 reasons police UAV programs fail [Blog]. https://www.dartdrones.com/blog/top-police-uav-fails/

  48. Waddell K (2017) The invisible fence that keeps drones away from the President. The Atlantic: https://www.theatlantic.com/technology/archive/2017/03/drones-invisible-fence-president/518361/, 2 Mar 2017

  49. Watson A (2019) 5 ways commercial drones are pushing the boundaries of crime [Blog]. https://www.cellebrite.com/en/blog/5-ways-commercial-drones-are-pushing-the-boundaries-of-crime/

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to S. Zargari .

Editor information

Editors and Affiliations

Appendices

Appendix 1

figure a

Appendix 2

When using EnCase to acquire the data from the mobile device used to control the UAV device, issues were encountered. The data had previously been extracted using Cellebrite and a ‘.UFD’ dump file created. EnCase is able to read the dump file in order to acquire the data. However, it was found that the software was unable to read the data; the error message stating that the task was not possible whilst being run in a Virtual Machine. As the EnCase software is not available outside of the designated Virtual Machine, it is not known whether or not EnCase is able to read and acquire the dump data from the iOS device used to control the UAV device.

figure b
figure c
figure d

The following screenshots note the process and error messages displayed when attempting to carry out this task.

Appendix 3

figure e

Signals used to present controller connection

figure f

Signals used to present altitude

figure g

Root folder of external SD Card

figure h

100Media Folder stored in DCIM Folder

figure i

Images and videos stored within 100Media Folder

Appendix 4

Question

Response

• Could you please state your official job title?

• Digital Forensic Analyst

• How long have you been working in forensics and within your current role?

• Placement year in Wales and then worked there over the summer in the last two years of university

• Then worked there for 1 year before moving to SYP

• Total of around 2 ½ years at SYP

• Do you have an area of forensics that you find more interesting than the rest, or a specialism?

• Computers more than phones are his specialism, centring around the operating system, Internet artefacts etc.

• Phones are very interesting but change too often. Skills gained may change two years after you’ve learned them. Also there are skills/methods that are specific for one particular phone model

• Not disinterested in any part of forensics, but the file system and operating system is where the interest lies

• How often would you say that you get Drone devices in your forensic department?

            – What are the types of crimes associated with these cases?

• Very rarely get a device in. Maybe one a year on average

• The very few they have had have been drug related cases flying drugs into prisons

• One example was a drone that had crashed in the vicinity of a prison and it had to be examined to see whether or not it had been used for the drug delivery purpose or had the drone just happen to have been flying around the prison. The outcome was the latter

• The second case was also drug related and the suspects had been caught and the drone device seized. The investigation wanted to know where it had been used. Didn’t directly work on the case but was aware of the process and outcome as the department personnel get ‘excited’ whenever a drone comes in. Drone was traced back to Manchester where it was being used to drop drugs to prisons

• You worked at a Welsh constabulary before SYP, were Drone devices more popular there?

• The Welsh constabulary cases were drug related. Wanting to know the flight path etc.

• Do you see the field of Drone forensics expanding?

• Yes. Criminal cases involving drones are rare. Mainly civil cases. See it staying that way for now, staying fairly rare

• Foresees new laws surrounding drones coming in regarding videos and images with the new laws coming in regarding upskirting. Thinks in the future that flying a drone over a beach for example and capturing images of people sunbathing will be an illegal act

• Thought there would be a massive increase in the use of drone devices when they were commercially available. However, there wasn’t really any surge in the use of them in criminal acts. Thinks that it comes down to people still delivering/exchanging drugs by hand and using technology such as burner phones to suddenly buy and start flying drones to deliver goods

• What are the current protocols that must be followed when extracting evidence from a Drone device? Are they similar to Mobile protocols?

• Pretty similar to mobile devices. Essentially just remove the SD Card and forensically image it, following the same procedures as dealing with other mobile devices and removable media. Write blocker, make an E01 etc.

• If it a more serious case, a chip off could be called for. But that takes a long time to carry out and all drones are different. It will probably land to someone with expertise in mobile phones to try and work out which pins to utilise etc.

• Drones are at the minute a bit of an unknown

• Normal procedure is to analyse the SD card and if the officer is satisfied with the evidence located, it probably wouldn’t go any further. Especially if nothing can be gained from the SD Card. The more data that can be gained from the SD Card, the more likely it is that the officer will request further analysis of the device, i.e. chip off and apps on phones. As drones can be expensive, you have to justify taking it apart and risk damaging the device

• Tend to get more information off the phone app

• Some drone controllers store data also. colleagues in Derbyshire informed me, they have a specialist drone unit

• Not getting enough devices in at the minute to warrant a specialised set of procedures

• Could outsource the extraction of data if required e.g. chip offs. Never outsourced any though

• Do you think that the ACPO principles need to be updated to be more inclusive of Drone devices as well as mobile devices?

            – Do you think there should be a separate set of principles solely for Drone devices?

• Don’t think they are as outdated as they could be considering how old they are. The first principle of ‘don’t change data’ can be an issue, especially with phones as you change data as soon as it is powered on. However, the second rule of ‘if you are competent to change data, you can’ is a good cover as if you are working in forensics you will generally be competent

• If I were to change ACPO principles, it wouldn’t be any of the first three. It would be point four. Maybe re-word it or something similar

• Generally points 1, 2 and 3 are still very valid in current times. They have aged very well

• Even relevant for drone work

• Don’t think drones justify getting their own set of principles, as then there would be a different set of principles for a lot of other types of devices and would end up with ACPO Principle 99, 125 etc.

• Do you know anything about the current legislation on Drone devices?

• Do not know very much about current drone legislation, only that it is an illegal act to fly them in the vicinity of the airport

• It isn’t a requirement of the job role to be aware of current legislation

• Generally if crimes involving breaking legislation rules were committed, the CAA would take the investigation not the police. It is thought that they will have their own team of forensic experts/investigators to analyse devices

• Does your forensics department send its staff on regular training courses regarding new methods of extracting data and changes/additions to legislation?

• Not required to attend any courses or read new legislation on a regular basis

• Investigators get to know a lot of the legislation whilst they are working on devices

• Legislation is mentioned within other courses on forensics

• Normally the process of dealing with legislation is dealt with before the artefact gets to us. We usually only have to worry about working within RIPA

• Have you encountered any Anti-Forensics techniques when examining devices?

• Do you think that Anti-Forensics techniques could be used on a Drone device?

            – If so, which ones?

            – How difficult do you think it could be to do this, i.e. could a novice user do it or would it have to be a highly skilled technically minded user?

• Yes. It is a big issue that can cover a lot. Tools such as BitLocker and CCleaner are classed as Anti-Forensics tools. CCleaner forensically wipes (i.e. 0 s everything) and encrypts and can do so on schedule. BitBleach, Eraser are also classed as Anti-Forensic tools. Tend to comment of their instillation within the final forensic report. Encryption is also seen as Anti-Forensics. BitLocker, VeraCrypt etc. Section 49 of RIPA allows officers to force suspects to disclose their password depending on the case. It is very difficult to get a RIPA 49 order. It has to go through a judge to be signed off and has to be proved that you have tried to get into the evidence

• It depends on whether the user or the manufacturer implemented them. For example, fairly easy for the manufacturer to make every bit of data encrypted on the board. More difficult for a user of the drone to implement. Maybe set up a schedule on an Android to wipe the content of the app if it hasn’t been opened in x amount of days. Standard users would find it difficult to carry out anti-forensics techniques on drone devices

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Atkinson, S., Carr, G., Shaw, C., Zargari, S. (2021). Drone Forensics: The Impact and Challenges. In: Montasari, R., Jahankhani, H., Hill, R., Parkinson, S. (eds) Digital Forensic Investigation of Internet of Things (IoT) Devices. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-60425-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-60425-7_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-60424-0

  • Online ISBN: 978-3-030-60425-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics