DROP (DRone Open source Parser) your drone: Forensic analysis of the DJI Phantom III

Details

Serval ID
serval:BIB_2A49E18209E9
Type
Article: article from journal or magazin.
Collection
Publications
Title
DROP (DRone Open source Parser) your drone: Forensic analysis of the DJI Phantom III
Journal
Digital Investigation
Author(s)
Clark Devon R., Meffert Christopher, Baggili Ibrahim, Breitinger Frank
ISSN
1742-2876
Publication state
Published
Issued date
08/2017
Volume
22
Pages
S3-S14
Language
english
Abstract
Abstract The {DJI} Phantom {III} drone has already been used for malicious activities (to drop bombs, remote surveillance and plane watching) in 2016 and 2017. At the time of writing, {DJI} was the drone manufacturer with the largest market share. Our work presents the primary thorough forensic analysis of the {DJI} Phantom {III} drone, and the primary account for proprietary file structures stored by the examined drone. It also presents the forensically sound open source tool {DRone} Open source Parser (DROP) that parses proprietary {DAT} files extracted from the drone’s nonvolatile internal storage. These {DAT} files are encrypted and encoded. The work also shares preliminary findings on {TXT} files, which are also proprietary, encrypted, encoded, files found on the mobile device controlling the drone. These files provided a slew of data such as {GPS} locations, battery, flight time, etc. By extracting data from the controlling mobile device, and the drone, we were able to correlate data and link the user to a specific device based on extracted metadata. Furthermore, results showed that the best mechanism to forensically acquire data from the tested drone is to manually extract the {SD} card by disassembling the drone. Our findings illustrated that the drone should not be turned on as turning it on changes data on the drone by creating a new {DAT} file, but may also delete stored data if the drone’s internal storage is full.
Keywords
TXT file structure
Web of science
Open Access
Yes
Create date
06/05/2021 11:01
Last modification date
06/05/2021 11:36
Usage data