Abstract:
The Unmanned Aerial Vehicle (UAV) technology is a rapidly emerging technology and
it has found widespread usage. While UAVs are still in their development phase without
any existing commonly accepted standards for their underlying technologies and their
forensic investigation, they have an increasing record of criminal usage. This urges the
research community to develop techniques to detect and prevent illegal usage of UAVs.
With this work, a seven-phase UAV digital forensics investigation framework is
proposed to standardize the investigation process for UAVs. The framework was tested
on the DJI Phantom III Professional UAV which is one of the most popular commercial
UAVs in the market. Three kinds of forensic artifacts are found on the sample UAV and
these artifacts are examined deeply. Two of these artifacts are log files stored as binary
files and the other artifact is the EXIF header of the images that are captured by UAV's
onboard camera. The log files of the UAV has a proprietary data structure. By reverse
engineering this data structure, the flight paths for all the flights taken by the
investigated UAV, could be derived. At the end of the whole investigation process, it is
observed that the proposed seven-phased investigation framework works successfully
and significantly helps with the forensic investigation of UASs in a systematic manner.
