Unmanned Aerial Vehicles, better known as Drones, have become a new fixture on the American landscape. Their rate of adoption has been climbing steadily for the past three years, from roughly 32,800 in the U.S. in 2016 to 196,000 this year, and this rate is projected to ramp up even faster in the next two years. The Federal Aviation Administration estimates there will be more than 500,000 drones in use in the U.S. by 2020.
This trend should be monitored by federal government officials and law enforcement professionals at the federal, state and local levels because drones are being used for more than taking fun pictures and deliver packages to doorsteps. Unfortunately, they are also becoming an increasingly prevalent tool in the criminal world.
For example, in some prisons, drones have been spotted delivering cell phones and dropping other contraband over prison walls. Earlier this year, a U.S. citizen was sentenced to 12 years in prison for using a drone to smuggle methamphetamine from Mexico into San Diego. Drones have been used to conduct targeted attacks on Wi-Fi and mobile data networks in the U.S. Perhaps most disturbing, the risk of drones being used in terror attacks is real and ominous.
Digital forensics investigators have an important role to play in assisting law enforcement agencies when it comes to the emerging world of drone forensics. When a drone is captured, investigators need to extract data from these complex technological devices so they can develop a trail of clues that might lead them to a suspect.
For example, if a drone is found on the front yard of a penitentiary, investigators will spring into action to try to determine who owns it, how it got there, where it was before crashing, where it was going and what its purpose was. Forensics professionals may be the best hope for extracting and analyzing the crucial data inside the devices that can help answer those kinds of questions.
As with other emergent devices that we’ve been forced to master for this purpose, there are many types of drones and a number of technical factors that can make data extraction very tricky. Here are the four key stages of drone forensics to try to get to the extraction objective:
- Collection Considerations (Apple, Android or a bespoke operating system?)
- Physical Device Collections (memory card accessibility, internal memory?)
- File System Extraction (mounted volumes?)
- Files (logical file data)
The good news for forensics professionals is that most forensic software allows collections from mobile devices, so the basic collection tools should already be in your toolbox. For example, using AccessData technology (a Carahsoft partner), data can be extracted from the drone and then used in FTK to perform a comprehensive investigation.
Once the the data has been collected from the drone, storage media and controller application, forensics professionals can begin their analysis. Reviewing the application data controlling the drone will provide detailed insights in the history of the aircraft, an internal flash memory containing flight logs, and an external SD card for images and videos taken during the drone flights. If you locate memory cards with these types of files, you can employ traditional digital forensics techniques to image the media and help investigators review its content. Also, look for batteries associated with the drones, as they may yield useful information, such as serial numbers, to help trace the device to its origins.
These are some of the topics that we addressed recently in a special educational program that was part of AccessData’s “Supercharge Fridays” webinar series. The webinar introduced digital forensics professionals to the world of drone forensics and offered insights into the types of evidence that examiners are likely to encounter. We reviewed how drones are used in criminal activities and explored the types of data that can be collected from the aircraft and associated controller applications. To listen to the free webinar recording on demand, please click here.