A Conceptual Digital Forensic Investigation Model Applicable to the Drone Forensics Field
Received: 13 July 2023 | Revised: 7 August 2023 | Accepted: 5 October 2023 | Online: 13 October 2023
Corresponding author: Arafat Al-Dhaqm
Abstract
Although there is a considerable amount of studies in drone forensics that describe numerous practical and technical perspectives, there is a lack of a comprehensive investigation framework. This study used design science research methodology to design a conceptual model for the comprehensive investigation of Unmanned Aerial Vehicles (UAVs) under forensic conditions. This model can identify, capture, preserve, analyze, and document UAV incidents. The proposed model consists of four stages: preparation, data collection, analysis, and documentation. In the preparation stage, data are collected and analyzed about UAV-related resources, including the origin and model of the aircraft, any software or hardware installed onboard, and the legal framework and regulations in place. The data collection stage involves the completion of the collection process, where participants gather parts of the UAV and the data needed, such as the flight controller, flight log, and memory cards. The analysis stage involves analyzing the collected evidence. Lastly, the documentation stage involves documenting relevant evidence, analysis results, and any conclusions derived. This model provides a comprehensive process to forensically investigate UAV incidents and provides an efficient and effective approach to the analysis of UAV evidence, ensuring that evidence was collected and analyzed according to accepted forensic techniques. The proposed model can be applied to any UAV type and legal framework.
Keywords:
drone forensics, digital forensics, design science research, unmanned aerial vehiclesDownloads
References
V. R. Kebande and I. Ray, "A Generic Digital Forensic Investigation Framework for Internet of Things (IoT)," in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), Vienna, Austria, Dec. 2016, pp. 356–362.
V. R. Kebande, "Industrial internet of things (IIoT) forensics: The forgotten concept in the race towards industry 4.0," Forensic Science International: Reports, vol. 5, Jul. 2022, Art. no. 100257.
S. M. Makura, H. S. Venter, R. A. Ikuesan, V. R. Kebande, and N. M. Karie, "Proactive Forensics: Keystroke Logging from the Cloud as Potential Digital Evidence for Forensic Readiness Purposes," in 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), Doha, Qatar, Oct. 2020, pp. 200–205.
V. R. Kebande and H. S. Venter, "Requirements for Achieving Digital Forensic Readiness in the Cloud Environment using an NMB Solution," presented at the 11th International Conference on Cyber Warfare and Security ICCWS, Boston, MA, USA, Mar. 2016.
V. R. Kebande, N. M. Karie, R. A. Ikuesan, and H. S. Venter, "Ontology-driven perspective of CFRaaS," WIREs Forensic Science, vol. 2, no. 5, 2020, Art. no. e1372.
V. R. Kebande and H. S. Venter, "A comparative analysis of digital forensic readiness models using CFRaaS as a baseline," WIREs Forensic Science, vol. 1, no. 6, 2019, Art. no. e1350.
A. Valjarevic and H. S. Venter, "Harmonised digital forensic investigation process model," in 2012 Information Security for South Africa, Johannesberg, South Africa, Dec. 2012, pp. 1–10.
V. R. Kebande, N. M. Karie, and H. S. Venter, "Adding digital forensic readiness as a security component to the IoT domain," International Journal on Advanced Science Engineering Information Technology, vol. 8, no. 1, 2018.
H. Munkhondya, A. Ikuesan, and H. Venter, "Digital Forensic Readiness Approach for Potential Evidence Preservation in Software-Defined Networks," in Proceedings of the 14th International Conference on Cyber Warfare and Security, Stellenbosch, South Africa, Feb. 2019, pp. 268–276.
A. R. Ikuesan, S. Abd Razak, M. Salleh, and H. S. Venter, "Leveraging Human Thinking Style for User Attribution in Digital Forensic Process," International Journal on Advanced Science, Engineering and Information Technology, vol. 7, no. 1, pp. 198–206, 2017.
A. Singh, A. R. Ikuesan, and H. S. Venter, "Digital Forensic Readiness Framework for Ransomware Investigation," in Digital Forensics and Cyber Crime, New Orleans, LA, USA, 2019, pp. 91–105.
S. Makura, H. S. Venter, V. R. Kebande, N. M. Karie, R. A. Ikuesan, and S. Alawadi, "Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring," Security and Privacy, vol. 4, no. 3, 2021, Art. no. e149.
V. R. Kebande, N. M. Karie, K.-K. R. Choo, and S. Alawadi, "Digital forensic readiness intelligence crime repository," Security and Privacy, vol. 4, no. 3, 2021, Art. no. e151.
A. Ali, S. A. Razak, S. H. Othman, and A. Mohammed, "Extraction of Common Concepts for the Mobile Forensics Domain," in Recent Trends in Information and Communication Technology, 2018, pp. 141–154.
F. M. Alotaibi, A. Al-Dhaqm, and Y. D. Al-Otaibi, "A Novel Forensic Readiness Framework Applicable to the Drone Forensics Field," Computational Intelligence and Neuroscience, vol. 2022, Feb. 2022, Art. no. e8002963.
S. O. Baror, H. S. Venter, and V. R. Kebande, "Conceptual Model for Crowd-Sourcing Digital Forensic Evidence," in Innovations in Smart Cities Applications Volume 5, 2022, pp. 1085–1099.
T. Hungwe, Hein. S. Venter, and V. R. Kebande, "Scenario-Based Digital Forensic Investigation of Compromised MySQL Database," in 2019 IST-Africa Week Conference (IST-Africa), Nairobi, Kenya, Feb. 2019, pp. 1–11.
A. A. Alhussan, A. Al-Dhaqm, W. M. S. Yafooz, S. B. A. Razak, A.-H. M. Emara, and D. S. Khafaga, "Towards Development of a High Abstract Model for Drone Forensic Domain," Electronics, vol. 11, no. 8, Jan. 2022, Art. no. 1168.
V. R. Kebande and H. S. Venter, "CFRaaS : architectural design of a Cloud Forensic Readiness as-a-Service Model using NMB solution as a forensic agent," African Journal of Science, Technology, Innovation and Development, vol. 11, no. 6, pp. 749–769, Oct. 2019.
F. M. Alotaibi, A. Al-Dhaqm, Y. D. Al-Otaibi, and A. A. Alsewari, "A Comprehensive Collection and Analysis Model for the Drone Forensics Field," Sensors, vol. 22, no. 17, Jan. 2022, Art. no. 6486.
V. R. Kebande and R. A. Ikuesan, "Virtual sensor forensics," in Proceedings of the 2nd International Conference on Intelligent and Innovative Computing Applications, Jun. 2020, pp. 1–6.
V. R. Kebande, H. S. Ntsamo, and H. S. Venter, "Towards a prototype for Achieving Digital Forensic Readiness in the Cloud using a Distributed NMB Solution," presented at the 15th European Conference on Cyber Warfare and Security, Munich, Germany, 2016.
A. Ali et al., "Financial Fraud Detection Based on Machine Learning: A Systematic Literature Review," Applied Sciences, vol. 12, no. 19, Jan. 2022, Art. no. 9637.
N. M. Karie and V. R. Kebande, "Knowledge Management as a Strategic Asset in Digital Forensic Investigations," International Journal of Cyber-Security and Digital Forensics, vol. 7, no. 1, pp. 10–21, Jan. 2018.
A. Al-Dhaqm, R. A. Ikuesan, V. R. Kebande, S. Razak, and F. M. Ghabban, "Research Challenges and Opportunities in Drone Forensics Models," Electronics, vol. 10, no. 13, Jan. 2021, Art. no. 1519.
S. O. Baror, H. S. Venter, and V. R. Kebande, "A Framework for Concurrent Contact-Tracing and Digital Evidence Analysis in Heterogeneous Environments," in Innovations in Smart Cities Applications Volume 4, 2021, pp. 1183–1196.
H. Bouafif, F. Kamoun, F. Iqbal, and A. Marrington, "Drone Forensics: Challenges and New Insights," in 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, France, Oct. 2018, pp. 1–6.
David Kovar, Greg Dominguez, and Cindy Murphy, "UAV (aka drone) Forensics," presented at the SANS DFIR Summit, Austin, TX, USA, Jun. 2016.
V. Mhatre, S. Chavan, A. Samuel, A. Patil, A. Chittimilla, and N. Kumar, "Embedded video processing and data acquisition for unmanned aerial vehicle," in 2015 International Conference on Computers, Communications, and Systems (ICCCS), Kanyakumari, India, Aug. 2015, pp. 141–145.
A. Roder, K.-K. R. Choo, and N.-A. Le-Khac, "Unmanned Aerial Vehicle Forensic Investigation Process: Dji Phantom 3 Drone As A Case Study." arXiv, Apr. 23, 2018.
G. Horsman, "Unmanned aerial vehicles: A preliminary analysis of forensic challenges," Digital Investigation, vol. 16, pp. 1–11, Mar. 2016.
T. Procházka, "Capturing, Visualizing, and Analyzing Data from Drones," BSc Thesis, Charles University, Prague, Czech Republic, 2016.
M. Mohan, "Cybersecurity in drones," MSc Thesis, Utica College, New York, NY, USA, 2016.
U. Jain, M. Rogers, and E. T. Matson, "Drone forensic framework: Sensor and data identification and verification," in 2017 IEEE Sensors Applications Symposium (SAS), Glassboro, NJ, USA, Mar. 2017, pp. 1–6.
D. R. Clark, C. Meffert, I. Baggili, and F. Breitinger, "DROP (DRone Open source Parser) your drone: Forensic analysis of the DJI Phantom III," Digital Investigation, vol. 22, pp. S3–S14, Aug. 2017.
S. E. Prastya, I. Riadi, and A. Luthfi, "Forensic Analysis of Unmanned Aerial Vehicle to Obtain GPS Log Data as Digital Evidence," International Journal of Computer Science and Information Security, vol. 15, no. 3, pp. 280–285, Mar. 2017.
M. Llewellyn, "DJI Phantom 3 – Drone Forensic data exploration.," Edith Cowan University, Perth, Australia, 2017.
A. L. P. S. Renduchintala, A. Albehadili, and A. Y. Javaid, "Drone Forensics: Digital Flight Log Examination Framework for Micro Drones," in 2017 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, Sep. 2017, pp. 91–96.
T. E. A. Barton and M. A. Hannan Bin Azhar, "Forensic analysis of popular UAV systems," in 2017 Seventh International Conference on Emerging Security Technologies (EST), Canterbury, UK, Sep. 2017, pp. 91–96.
R. L. Fairbrother, "A project completed as part of the requirements for the BSc (Hons) Computer Forensics and Security," University of Derby, Derby, UK, 2018.
S. Benzarti, B. Triki, and O. Korbaa, "Privacy Preservation and Drone Authentication Using ID-Based Signcryption," in New Trends in Intelligent Software Methodologies, Tools and Techniques - Proceedings of the 17th International Conference SoMeT_18, 2018, pp. 226–239.
A. Renduchintala, F. Jahan, R. Khanna, and A. Y. Javaid, "A comprehensive micro unmanned aerial vehicle (UAV/Drone) forensic framework," Digital Investigation, vol. 30, pp. 52–72, Sep. 2019.
E. S. Dawam, X. Feng, and D. Li, "Autonomous Arial Vehicles in Smart Cities: Potential Cyber-Physical Threats," in 2018 IEEE 20th International Conference on High Performance Computing and Communications, Exeter, UK, Jun. 2018, pp. 1497–1505.
J. L. Esteves, E. Cottais, and C. Kasmi, "Unlocking the Access to the Effects Induced by IEMI on a Civilian UAV," in 2018 International Symposium on Electromagnetic Compatibility (EMC EUROPE), Amsterdam, Netherlands, Dec. 2018, pp. 48–52.
A. Fitwi, Y. Chen, and N. Zhou, "An agent-administrator-based security mechanism for distributed sensors and drones for smart grid monitoring," in Signal Processing, Sensor/Information Fusion, and Target Recognition XXVIII, May 2019, vol. 11018, pp. 173–188.
Z. V. Jones, C. Gwinnett, and A. R. W. Jackson, "The effect of tape type, taping method and tape storage temperature on the retrieval rate of fibres from various surfaces: An example of data generation and analysis to facilitate trace evidence recovery validation and optimisation," Science & Justice, vol. 59, no. 3, pp. 268–291, May 2019.
F. E. Salamh, U. Karabiyik, M. Rogers, and F. Al-Hazemi, "Drone Disrupted Denial of Service Attack (3DOS): Towards an Incident Response and Forensic Analysis of Remotely Piloted Aerial Systems (RPASs)," in 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC), Tangier, Morocco, Jun. 2019, pp. 704–710.
S. T. March and G. F. Smith, "Design and natural science research on information technology," Decision Support Systems, vol. 15, no. 4, pp. 251–266, Dec. 1995.
A. Al-dhaqm, S. Razak, S. H. Othman, A. Ngadi, M. N. Ahmed, and A. A. Mohammed, "Development and validation of a Database Forensic Metamodel (DBFM)," PLOS ONE, vol. 12, no. 2, 2017, Art. no. e0170793.
A. Al-Dhaqm et al., "CDBFIP: Common Database Forensic Investigation Processes for Internet of Things," IEEE Access, vol. 5, pp. 24401–24416, 2017.
N. Mei, "An Approach to Unmanned Aircraft Systems Forensics Framework," Ph.D. dissertation, Capitol Technology University, South Laurel, MD, USA, 2019.
F. Le Roy, C. Roland, D. Le Jeune, and J.-P. Diguet, "Risk assessment of SDR-based attacks with UAVs," in 2019 16th International Symposium on Wireless Communication Systems (ISWCS), Oulu, Finland, Dec. 2019, pp. 222–226.
S. Sciancalepore, O. A. Ibrahim, G. Oligeri, and R. Di Pietro, "Detecting Drones Status via Encrypted Traffic Analysis," in Proceedings of the ACM Workshop on Wireless Security and Machine Learning, Feb. 2019, pp. 67–72.
F. Lakew Yihunie, A. K. Singh, and S. Bhatia, "Assessing and Exploiting Security Vulnerabilities of Unmanned Aerial Vehicles," in Smart Systems and IoT: Innovations in Computing, Singapore, 2020, pp. 701–710.
C. C. Yang, H. Chuang, and D. Y. Kao, "Drone Forensic Analysis Using Relational Flight Data: A Case Study of DJI Spark and Mavic Air," Procedia Computer Science, vol. 192, pp. 1359–1368, Jan. 2021.
S. Silalahi, T. Ahmad, and H. Studiawan, "Transformer-Based Named Entity Recognition on Drone Flight Logs to Support Forensic Investigation," IEEE Access, vol. 11, pp. 3257–3274, 2023.
A. Al-Dhaqm, S. A. Razak, K. Siddique, R. A. Ikuesan, and V. R. Kebande, "Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field," IEEE Access, vol. 8, pp. 145018–145032, 2020.
Downloads
How to Cite
License
Copyright (c) 2023 Arafat Al-dhaqm, Fahad Alotaibi, Yasser D. Al-Otaibi
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.