Performing Digital Forensic on Suspected Drones
Performing digital forensic on a drone equipped with Snoopy software or a WASP drone requires tackling the drone components and analyzing their payloads. In a case of WASP, the BackTrack Linux operating system would be one of the main places where digital evidence can be found. As discussed earlier, the BackTrack operating system offers penetration testing tools as well as full suite of digital forensics tools. The filesystem of the BackTrack would need to be collected, imaged and analyzed following the standard procedure of digital forensic examination, just like any other devices that’s going through a digital forensic investigation process. This way, the findings of the analysis could be used to determine what information the drone contained such as how much data it collected, the type of device it collected from, the location of the device and the time it was collected or accessed.
Likewise, a Snoopy drone would go through a similar procedure. Other parts or devices that associated with the drone would also need to go thorough examination. These can include laptop, cell phone, handheld devices of any kind, storage devices attached or unattached to the drone, camera, Wi-Fi range extender, battery, and radio controller. All of these components can
potentially contain digital evidence that relates to the investigation of a drone due their association or linked to the actual drone. For example, the ground station which often are handheld devices such as laptops, cell phones, or tablets combined with a radio controller can be used to determine launch point evidence. This can be accomplished by examining the default settings, launch points/dates, owner name and account, which could trace back to operator of the drone.
Time, date, and location of where the drone took-off from and the area it was flying through could all be found from the ground station devices (Kovar, 2015). The EXIF metadata from the camera also contains valuable evidence as it stores date, time, location, camera type information of any image takes. Therefore, none of them should be excluded from the examination process.
As drone usage continues to grow, so does criminals who plans to take the advantage of the opportunity drone provide. This also means the need of forensic examiners with knowledge and experience of conducting drone forensics. During this research, there were few sources found that directly related to the process of Digital Forensic on SUAS. One exception being
David Kovar who publicly laid out a general overview of where to look for evidence when performing forensic examination on drones is one of the few IT professionals found doing forensics on drone. “..As far as I can tell, I am the only person doing this at the moment. My best advice is to break the UAV down into components and apply your normal forensic process to each component.” (Personal communication, May 14, 2015) The other IT professional found is Anuraag Singh- who publicly laid out a general overview of where to look for evidence when performing forensic examination on drones and discussed similar tactics.
Summary The focus of the literature review section of this research paper reviewed scholarly and popular literature relevant to the research questions. The goal was to gather as much data and high-quality information as possible to provide background information about the smallunmanned aerial systems as well as to find supporting and opposing evidence answers to why drones are becoming a cybersecurity problem. Additionally it was examined, why digital forensics on drones is important, in what situations drones become useful and beneficial, who benefits from the opportunities drones provide, and why would drones be targeted for cyberattacks. The literature was broken down into three sections and explored. The sections were: the history of small-unmanned aerial systems, the types of drones, the use of modern smallunmanned aerial systems and the criminal activities involving drones.
In the history section, it was noted that drones have been used by the Unites States for years, dating back to 1900s. Drones’ development in technology, first used by the Germans during WWII as weapons was discussed. Germany is known to be the country that laid the groundwork for U.S to begin developing drones for combat use as surveillance platforms during the Vietnam War. The advantage and disadvantages of drone usage in the War on Terrorism were explored as well as the services drones provide such as tracking and monitoring of animal populations, locating missing persons in search and rescue operations, and imagery collections during WWII.
Next, the types of drones were reviewed, mainly their sizes and capabilities by the standard classification which was provided by the international UAV community. The three main UAV classifications discussed were micro and mini UAVs, tactical UAVs, and strategic UAVs. Micro and mini drones are among the smallest, Tactical drones being the medium size and a little heavier than Mini and Micro and Strategic drones being the heavies out of them all.
In the use of modern small-unmanned aerial systems section, three different areas where drones are used were discussed: the public sector, where uses range from federal, local, municipal authorities and law enforcement agencies. The private sector, where drones are used similarly as in the public sector including research organizations, mineral exploration, agricultural, telecommunication companies, private media organizations, as well as film and television production industry instead of law enforcements. Lastly, the individual citizens or hobbyist, where drone applications are used the same way in the public and private sector, and one of the main reasons is only for recreational purposes, such as photography or political activism.
However, that recreational purpose also led to criminal activities involving drones, where drones are used to conduct cyber-attacks. Potential cyber-attacks noted were spoofing and jamming aircraft systems to take control of drones. Other attacks noted were the WASP drone and drones equipped with the Snoopy software. Both of these attacks were purpose built drones to fly around and collect wireless communication passwords and things of that nature. The WASP capabilities was also discussed due to its BackTrack Linux operating system that offers penetration testing tools as well as full suite of digital forensics tools, which makes it easy for attackers to crack passwords and sniff wireless communication packets. This concludes the literature review section of this research paper. The next section focuses on the discussion of findings, where information in the statement of the problem and the literature review of this research paper formulate findings that directly related define research questions that were mentioned above.