DROP (DRone Open source Parser) Your Drone: Forensic Analysis of the DJI Phantom III

Authors

Devon R. Clark, University of New Haven
Christopher S. Meffert, University of New Haven
Ibrahim Baggili, University of New HavenFollow
Frank Breitinger, University of New HavenFollow

Author URLs

Professor Breitinger's Faculty Profile

Professor Breitinger's web page

Professor Breitinger's Full Bibliography

Professor Baggili's Faculty Profile

Professor Baggili's web page

UNHcFREG (UNH Cyber Forensics Research & Education Group / Lab)

Document Type

Article

Publication Date

2017

Subject: LCSH

Computer crimes--Investigation, Drone aircraft

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security

Abstract

The DJI Phantom III drone has already been used for malicious activities (to drop bombs, remote surveillance and plane watching) in 2016 and 2017. At the time of writing, DJI was the drone manufacturer with the largest market share. Our work presents the primary thorough forensic analysis of the DJI Phantom III drone, and the primary account for proprietary file structures stored by the examined drone. It also presents the forensically sound open source tool DRone Open source Parser (DROP) that parses proprietary DAT files extracted from the drone's nonvolatile internal storage. These DAT files are encrypted and encoded. The work also shares preliminary findings on TXT files, which are also proprietary, encrypted, encoded, files found on the mobile device controlling the drone. These files provided a slew of data such as GPS locations, battery, flight time, etc. By extracting data from the controlling mobile device, and the drone, we were able to correlate data and link the user to a specific device based on extracted metadata. Furthermore, results showed that the best mechanism to forensically acquire data from the tested drone is to manually extract the SD card by disassembling the drone. Our findings illustrated that the drone should not be turned on as turning it on changes data on the drone by creating a new DAT file, but may also delete stored data if the drone's internal storage is full.

Comments

© 2017 The Author(s). Published by Elsevier Ltd. on behalf of DFRWS. This is an open access article under CC-BY-NC-ND 4.0

Dr. Baggili was appointed to the University of New Haven’s Elder Family Endowed Chair in 2015.

DOI

10.1016/j.diin.2017.06.013

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Repository Citation

Clark, Devon R.; Meffert, Christopher S.; Baggili, Ibrahim; and Breitinger, Frank, "DROP (DRone Open source Parser) Your Drone: Forensic Analysis of the DJI Phantom III" (2017). Electrical & Computer Engineering and Computer Science Faculty Publications. 71.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/71

Publisher Citation

Clark, D. R., Meffert, C., Baggili, I., & Breitinger, F. (2017). DROP (DRone Open source Parser) your drone: Forensic analysis of the DJI Phantom III. Digital Investigation, 22, S3-S14.