Drone Forensic Analysisby Spyder Forensics
This class is offered in partnership with Spyder Forensics.
About Our Advanced Drone Forensic Training
This three-day advanced level course will equip you with the practical skills and competencies required to identify and extract various sources of data recoverable from Unmanned Aircraft Systems (UAS), also known as Drones, including their associated control devices in line with approved best practices.
Using leading research and development from Spyder Forensics, this course will introduce you to the world of UAV’s and instruct you how to fly a Drone followed by best practices in conducting forensically sound extractions and analysis of UAS data for use as evidence or intelligence gathering. Attendees will learn how to collect data from within the aircraft using non-destructive processes utilizing industry-standard tools to create forensic collections of storage media that include flight logs, aircraft data, photo, and video files without the need to disassemble the aircraft or controller. Students will then learn procedures in the acquisition of application data found on the mobile device.
Once data has been acquired, attendees will master how to analyze the flight logs and user data using software originally designed to work with these types of structures, gaining knowledge on workflows to connect data between the drone application and the flight data recovered from the aircraft.
This course uses non-destructive processes to extract and analyze the data from all hardware in the UAS including the handheld device, mobile application, and drone. All software used in class can be used in the DFIR lab free of charge and without the need to purchase additional applications to conduct a Drone examination.
To get the most out of this class, you should have minimal experience in forensic examinations.
Class Materials & Software
You will receive a student manual, lab exercises, software for UAV analysis, a Drone and other hardware
Students will have the ability to learn how to fly a UAV and collect data from the handset and aircraft.
- Course Code: AT-DRONE
- Duration: 3 Days
- Laptop Required?: Yes
- This class is open to all forensic professionals.
- *Please Note: Due to the sensitive nature of our curriculum, and industry, all potential students are subject to vetting prior to enrollment. We reserve the right to refuse registration to any person that does not meet our established criteria.
What Will I Learn?
Become proficient in the extraction of UAV controller data from mobile devices and UAV’s using industry-recognized forensic software. Recognize types of data available from drones, their linked devices and third-party sources. Conduct forensic extractions of data from the leading drone devices, analyze extracted data effectively to produce reports fit for use in criminal justice proceedings.
- Interpretation of Data
- Advanced Techniques
- Evidence, Reporting & Final Exam
Introduction to UAV Forensics
- Introduction to sUAS
- Criminal use of UAV’s
- Manufacturers variables
- Attack vectors – risks to public safety
- Drone adaptation
- Capacity & Capability of drones
- Health & Safety – Handling & Seizure
- Health & Safety – LiPo Batteries
- Linked devices – Controller Considerations
- Digital vs. Physical Evidence
- Packaging / Storage & Continuity
- Understanding how flight logs are created & updated
- Aircraft power on a flowchart.
Components of sUAS
- Components and features of small unmanned aircraft systems(sUAS)
- Controller options
- Mobile and Tablet Devices
- Bespoke flight controllers
- Integrated displays
- FPV controllers
- Autonomous flights
- Return-to-home feature
- WiFi controls
- Signal interception.
Learning to Fly
- Unpack ‘your’ aircraft
- Recognizing components within the box
- Basic instruction on flying the drone
- Practical exercises in flying your drone
- Collection techniques.
- Extraction of data from the aircraft
- Extraction of data from the mobile \ tablet device
- Extraction of controller data
- Disassembling techniques
- Arguments for and against
Interpretation of Data
- Techniques in using open source and commercial forensic tools to review the data
- Interpretation of data contained on the UAV
- File System considerations
- Registered user information
- Aircraft details
- Flight log analysis techniques
- Interpretation of data from portable devices
- Default folder structures of the controlling app from an Android and iOS device
- Synchronized logs vs. local logs
- Error log analysis
- Media file examination (geolocations and dates & times)
- Workflows in combining offline files for further analysis
- Interpretation of data contained on the UAV
- Techniques in the interpretation of additional data on other devices.
Advanced Analysis Techniques
- Flight recorder“Blackbox”
- Advanced examination workflows
- Additional App & Controller considerations
- Linking hardware devices within the sUAS
- Simplification of data – graphical representation
- Mapping of flight paths.
Presentation of Evidence in court
- Discussion on courtroom preparation & presentation
- Glossary of terms
- Overview of UAV report considerations
- Report writing practical
- Student knowledge assessment.
We prefer students bring their own laptops whenever possible. If this is not possible, Teel Tech Canada will provide one for you. If you are unable to bring your own laptop, please indicate so on the registration page.
For students bringing a laptop to class, please ensure they meet the following minimum requirements:
- Windows 7
- Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
- macOS with Bootcamp Windows 7
- macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
- macOS alone will not work (No Virtual Machines)
- 8GB RAM (minimum)
- 100GB storage (minimum)
- You must have Admin rights or have the admin password for software installation.
- NOTE: ALL Windows updates should be done prior to class.