UAV Response Strategy and Forensics
This course has been built through first-hand law enforcement experience, supported by academic research. The workshop will involve a UAV investigation from start to finish, building your confidence and knowledge in this field of digital forensics.
Small UAVs have increased in popularity significantly in recent years, but with this increase in availability, affordability and ease of use a nefarious underworld has formed. UAVs have provided the criminal element with a new tool to their arsenal and it is up to forensic examiners to see what data can be extracted.
This course is designed to provide law enforcement agencies, their partners, forensic specialists, and first responders awareness and training sufficient to build or enhance their strategy to deal with UAV related incidents. This course will provide an introduction to UAVs before covering the types of criminal acts UAVs can be used in, first responder, seizure and examination guidelines, along with evidence presentation.
What skills will you gain?
- You will learn how to manage and respond to a UAV related incident in a safe and structured manner.
- You will learn how to extract data from a range of UAVs currently on the market, and how to use tools to interpret and analysis that data.
- You will learn how to present UAV related data evidentially.
- After this course you will be better equipped to deal with a UAV related incident, which is a skillset in high demand around the world.
What will you learn about?
- You will learn what a UAV, UAS and drone are and what their key components consist of.
- During this course you will learn what criminal activities can and/or have been completed through the use of a UAV.
- Students will be taught guidelines and framework necessary to cover scene first responders, seizure advice and forensic examination structure.
- Students will be guided through a fictional UAV examination (Start to finish), which will cover the extraction and interpretation of data.
What tools will you use?
- Yuneec Log Reader
- Google Maps
COURSE IS SELF-PACED, AVAILABLE ON DEMAND
DURATION: 18 hours
CPE POINTS: On completion you get a certificate granting you 18 CPE points.
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What should you know before you join?
- Students are expected to have a reasonable knowledge of technology, specifically in the field of digital forensics. Ideally they would have experience as a practitioner or manager within the digital forensic industry.
- No specific knowledge or skill set is necessary, and every effort will be made to explain each section of the course, however it is anticipated that students will be ‘tech savvy’.
What will you need?
- A computer running a Windows Operating system (7 or 10)
- Internet connection
- Web Browser (Ideally Chrome)
- Microsoft Word (or similar)
- Screen capture tool (Snipping Tool or similar)
You instructor: Alan Roder
I have been a Police Officer in the United Kingdom since 2008 and have worked on investigation teams and as a Digital Media Investigator; I currently work within the Digital Forensics Unit as a Forensic Officer analysing digital devices such as computers, storage mediums and UAVs.
I graduated from the University College Dublin with a Master of Science degree in Computer Forensics and Cybercrime Investigation. I co-authored my first paper in 2018 entitled ‘Unmanned Aerial Vehicle Forensic Investigation Process: DJI Phantom 3 Drone as a Case Study’. In 2019 I co-authored a follow-up paper entitled Unmanned Aerial Vehicles (UAVs) Threat Analysis and a Routine Activity Theory Based Mitigation Approach.
I am currently continuing my research and development in regards to UAV Forensics.
Module 1: Introduction to UAVs, Criminal activities and Scene First Responder and seizure guidelines.
In this module students will be introduced to UAVs, including components and flight guidance. The module will then detail nefarious and criminal activities involving UAVs before moving onto cover UAV scene first responder and seizure guidelines.
- Today’s UAVs
- History of UAVs
- What the term ‘Drone’ encompasses.
- What constitutes a UAS.
- What constitutes a UAV.
- UK UAV flight law
- General flight advice
- Useful websites
- Domestic criminal activity.
- Terrorist activity.
- Initial Response
- Scene preservation
- Scene assessment
- Audits and logs
- Common practices and procedures
- Evidence gathering best practices
- Consideration towards IEDs
- Lithium Polymer (LiPo) batteries
- Firearms and explosives
- Propeller blades and other hazards
Module 1 Assessment:
Multiple choice questions (50) – Pass mark is 80%
- Lectures - 4 hours
- Assignment – 1 hour
Module 2: Guidelines for extracting data from a UAV
In this module students will be introduced to the basics of computer based evidence, before delving into the guidelines necessary for extracting data from a UAV. Students will be familiarised with free forensic tools, at which point they will be shown how to extract data from three common UAVs.
The scenario will be a UAV incursion into a restricted area.
- Forensic images (E01)
- Carving data
- Fundamental UAV forensic guidelines with a systematic approach.
- Evidence integrity and standard forensic practices.
- Evidence continuity.
- DNA, Fingerprints and Ballistic reports.
- Identifying makes and models.
- Initial examination and case review.
- UAV capabilities.
- Identifying damage.
- UAV adaptability and modifications.
- Evidence data locations.
- Extracting removable storage mediums
- Preservation of evidence
- Forensic tool review (Cellebrite, MSAB, X-Ways, FTK, EnCase etc)
- Physical vs software
- Interrogation of peripheral devices.
- Destructive extraction methods
- DJI Phantom
- Yuneec Typhoon
- DJI Mavic
Extract flight log data from a forensic image, using the tools and techniques taught in this module.
Lectures - 4 hours
Assignment – 1 hour
Module 3: Interpreting extracted UAV data
Following on from the previous module, students will be shown what types of data can be extracted from a UAV, along with free tools which can view the data in a simple format.
- What data can be identified
- GPS data and how accurate it can be.
- Confirming data accuracy.
- Open source investigation techniques.
- Open source tools review
- Review of example flight logs.
- Identifying investigative leads
- Introduction to DatCon.
- Introduction to Yuneec flight log reader.
- Download and install free flight data analysis software, then answer questions on logs from both the Yuneec and DJI UAV platforms.
- Open book exam (20 questions) – Pass mark is 90%
- Lectures - 2 hours
- Assignment – 3 hour
Module 4: Evidential presentation and reports
In the final module, students will learn how to complete a UAV examination report in an evidentially credible and impartial manner. Additionally they will identify further lines of enquiry which may prove beneficial in an investigation. Finally this module will discuss future considerations and touch on methods to counter criminal UAV activity.
- Report layout and display.
- How best to display telemetry data.
- Google maps and other tools.
- Identifying potential lines of enquiry.
- Forecasting defence and prosecution questions
- Advances in technology.
- Proliferation of UAV usage (Business and Personal).
- Challenges in identifying and monitoring UAVs.
- Counter UAV strategies.
- ISO considerations.
Continue from the scenario in assignment 2 and using the flight log data interpreted in assignment 3, write a report suitable for court.
The report will be graded on;
- Layout (Is the statement easy to read and does the content flow)
- Content (Is the content factually correct)
- Impartiality (Students should refrain from assumptions)
70% pass mark.
This assessment will be considered the final exam for this workshop.
Lectures - 3 hours
Assignment – 3 hour
If you have questions, feel free to contact our course coordinator Marta at [email protected]