Home » News » Drone Forensics: An Unrevealed Dome

Drone Forensics: An Unrevealed Dome

Published By Ashwani Tiwari
Aswin Vijayan
Approved By Aswin Vijayan
Published On April 19th, 2022
Reading Time 6 Minutes Reading
Category News

“Drone technologies used in Crime” this idea has cloaked the minds of the US government since the involvement of drones has been encountered in an illegal panorama. That can be killing of humans, unlawful video and/or image capturing or haulage of biological and/or chemical destructive weapons. So, an increase in criminal cases involving drones or we can say UAVs (Unmanned Aerial Vehicles) draws the attention of Forensic evangelists. The arena called Drone Forensics is a subsystem of Wireless Forensics (Wi-Fi Forensics) which is a part of Digital Forensics. So we can say Drone forensics is a category of Digital forensics.

What is a Drone?

An aircraft with no pilot on board or a remotely controlled aircraft is known as a UAV ( an acronym for Unmanned Aerial Vehicle) often called Drone. Federal Aviation Administration (FAA) is a US body that controls and sets the drone rules and regulations. Basically, to fly a UAV in the US for non-recreational purposes a Certificate of Authorization (COA) is needed from FAA.


What is Drone Camera?

A drone deployed with a camera in its aerial system structure. That is used to capture video or image of the targeted area is referred to as a drone camera. A drone camera is a kind of flying quad-copter with a camera that can be remotely or automatically controlled by a tablet or a mobile (specifically by a handheld device). In technical terms work of a drone is to collect the data and transfer it to a centralized server for storage.

  • System Components

In this section, outward airframe structure is not elaborated on as from the forensic point of view outward airframe is not an important domain. The inside airframe of the drone camera is the part used to recover evidence and artefacts. Major System Components are mentioned below.

  1. Imaging Sensors and Data Collection
  2. Antenna Tracking System
  3. Detectors, Spectrometers, and Spectrophotometers
  4. Autopilot Navigation
  5. UAV Engines
  6. Ground Stations
  7. Launch System
  8. Auto landing Recovery
  • Hardware Configuration In Drone Camera

The Hardware configuration for the Wireless drone Camera is composed of the wireless router which consists of a wireless chipset that operates at 802.11 frequency set according to the specifications.

For collecting and forwarding the data a high power CPU is equipped. Front and vertical HD cameras are being deployed to provide full range coverage.

Various sensors such as image sensors, and embedded inertial sensors (gyro meters and accelerometers). And velocity sensors or absolute position (such as GPS) are used mostly depending on the type and purpose.

A remote Device and USB are used to save the data.

  • Software configuration In Drone Camera

Software configuration for the Wireless drone camera is composed of an embedded OS (operating system) and window sniffer to acquire traffic. So, mostly Linux is preferred as OS for drones and for 802.11 wireless network detection, intrusion detection and sniffers Kismet System is used.

Why Drone Forensics?

Mainly Drone was invented with a mindset that the system will be used for recreational activities. At the time of disasters, for ecosystem monitoring and for other activities which will be helpful for education, inventions, entertainment, and security surveillance services. But unfortunately, technology can be harmful if it is not used for good deeds. The same is the case with drone devices as the evolvement of drone devices in illegal actions. Such as at the time of wars drone cameras are used for keeping a spy on opponents, and drones deployed with weapons are used for mass devastation. So the evolvement of drones in crime has sought the attention of forensic researchers in Drone Forensics.

What is Drone Forensics and its Ontology?

A branch of digital forensics encircling the recovery and investigation of drone devices found in crimes is referred to as Drone forensics. Basically, the drone is a wireless device so its forensic is subsystem included in the wireless forensic model. As a server is also involved in the operation, the drone is being controlled by the Server at the ground level. So It involves the forensics of the server present at ground level where information is being transferred and stored and the forensics of the drone device. Here the prime focus is to discuss the Forensic Ontology of drone cameras. Drone Forensics is the amalgamation of various forensics done on an individual component of the drone. Some sectors are mentioned below which comprise the basic drone ontology.

OS Forensics: – Operating system can be a good source to gather information. Servers on the ground to which Drone is connected and the drone itself need an OS to operate. LINUX is the one that is the most preferred one and deployed at both ends. LINUX file system can be a great source to have artefacts and evidence. The data in the Kernel file system is valuable in the investigation. Root file systems (Ext2, Ext3, Ext4), JFS, Reiser FS and XFS file systems of LINUX can be a great help in file carving.

SNIFFER APPLICATION FORENSICS: – The sniffer application used at both ends is a great source of artefacts and evidence. ”Kismet” is the most preferred application system used in drones. The log files of the Kismet are stored in /var/log/kismet directory and support dump, CSV, network, XML, Cisco, weak, GPS are the File type supported in Log of kismet. So artefacts can be drawn from these file types.


Drone Image forensics can be done on the bases of the below-mentioned categories:-

  1. Format-Based Forensics: – In this, the type of format supported by the camera used is important. Mostly the latest drones are supporting digital HD camera which supports JPEG file. So performing file carving on JPEG file structure can help to get useful artefacts. The JPEG image structure consists of the header at the beginning with “FFD8FFEO” and the trailer at the end with “FFD9” and the rest is the image text itself. The header consists of the thumbnail version of the image and three components of the camera signature can be collected from the thumbnail. Similar artefacts can be gathered by performing file carving on any image format. Depending on the format supported by the drone device and the server on the ground.
  1. Camera-Based Forensics: – Single sensors with conjugation of colour filters are used to capture Color images by the digital camera. The recorded image by pixels consisting of noise can be used for forensics.
  1. Geometric-Based Forensics:- The coordinates used by the camera can be used for forensic purposes. And the coordinates of the device are also helpful.
  1. Video Forensics:-Motion, Re-projected, Projectile are some areas or we can say domain which is used for video forensics.

So doing the file carving on all the above-mentioned categories can be beneficial in drone forensics.


Altogether, it can be summarized that drone forensics ontology is based on separate forensics. Or can say file carving of OS supported by the device, Image, and Application used for sniffing at drone device and server-side separately. The OS, IMAGE and SNIFFER APPLICATION are a rich source of artefacts and evidence in the case of Drone Forensics.