Big Boost for Drone Forensics

Thursday, June 14, 2018 @ 01:06 PM gHale

Kaitlyn Fox, a laboratory assistant at VTO labs, inspects an aerial drone while VTO chief technology officer Steve Watson reviews data from the drone.
Photo courtesy of VTO labs

Drones have the potential for an endless amount of positive activities, but like the Internet, if used properly it will be good, but used for nefarious purposes, there could be negative consequences.

In some cases, drones have been spotted flying drugs, cell phones and other contraband over prison walls, and in several cases, drug traffickers have used drones to ferry narcotics across the border.

RELATED STORIES
Software Tool Can View Wastewater Plant Overload
Laser Sensor Can Smell Gases
Bubble Knowledge can make Nuclear Reactors Safer
Aerial Robot that Changes in Flight

If and when those types of drones end up captured, investigators will try to extract data from them that might point to a suspect.

But there are many types of drones, each with its own quirks, and that can make data extraction tricky. It would help if investigators could instantly conjure another drone of the same type to practice on first, and while that may not be possible, they can now do the next best thing: Download a “forensic image” of that type of drone.

A forensic image is a complete data extraction from a digital device, and National Institute of Standards and Technology (NIST) maintains a repository of images made from personal computers, mobile phones, tablets, hard drives and other storage media.

The images in NIST’s Computer Forensic Reference Datasets, or CFReDS, contain simulated digital evidence and are available to download for free. NIST just opened a section of CFReDS dedicated to drones, where forensic experts can find images of 14 popular makes and models, a number that is expected to grow to 30 by December.
https://www.cfreds.nist.gov

“The drone images will allow investigators to do a dry run before working on high-profile cases,” said Barbara Guttman, manager of digital forensic research at NIST. “You don’t want to practice on evidence.”

The drone images were created by VTO Labs, a Colorado-based digital forensics and cybersecurity firm.

NIST added the images to CFReDS because that website is known within the digital forensics community.

“Listing the drone images there is the fastest way to get them out to experts in the field,” Guttman said.

Work on the drone images began in May of last year, when VTO Labs received a contract from the Department of Homeland Security’s (DHS) Science and Technology Directorate.

“When we proposed this project, there was little existing research in this space,” said Steve Watson, chief technology officer at VTO. The drone research was needed not only to combat drug smuggling, but also to allow officials to respond more quickly should a drone ever be used as a weapon inside the United States.

For each make and model of drone he studied for this DHS-funded project, Watson purchased three and flew them until they accumulated a baseline of data. He then extracted data from one while leaving it intact. He disassembled a second and extracted data from its circuit board and onboard cameras. With the third, he removed all the chips and extracted data from them directly. He also disassembled and extracted data from the pilot controls and other remotely connected devices.

“The forensic images contain all the 1s and 0s we recovered from each model,” Watson said. The images were created using industry standard data formats so investigators can connect to them using forensic software tools and inspect their contents. The images for each model also come with step-by-step, photo-illustrated teardown instructions.

Watson was able to retrieve serial numbers, flight paths, launch and landing locations, photos and videos. On one model, he found a database that stores a user’s credit card information.

Investigators can use the images to practice recovering data, including deleted files. Universities and forensic labs can use them for training, proficiency testing and research. And application developers can use the images to test their software.

“If you’re writing tools for drone forensics, you need a lot of drones to test them on,” Guttman said.



Leave a Reply

You must be logged in to post a comment.