Abstract The {DJI} Phantom {III} drone has already been used for malicious activities (to drop bombs, remote surveillance and plane watching) in 2016 and 2017. At the time of writing, {DJI} was the drone manufacturer with the largest market share. Our work presents the primary thorough forensic analysis of the {DJI} Phantom {III} drone, and the primary account for proprietary file structures stored by the examined drone. It also presents the forensically sound open source tool {DRone} Open source Parser (DROP) that parses proprietary {DAT} files extracted from the drone’s nonvolatile internal storage. These {DAT} files are encrypted and encoded. The work also shares preliminary findings on {TXT} files, which are also proprietary, encrypted, encoded, files found on the mobile device controlling the drone. These files provided a slew of data such as {GPS} locations, battery, flight time, etc. By extracting data from the controlling mobile device, and the drone, we were able to correlate data and link the user to a specific device based on extracted metadata. Furthermore, results showed that the best mechanism to forensically acquire data from the tested drone is to manually extract the {SD} card by disassembling the drone. Our findings illustrated that the drone should not be turned on as turning it on changes data on the drone by creating a new {DAT} file, but may also delete stored data if the drone’s internal storage is full.