Drone Forensics and Analysis
The 5-day Drone Forensics class introduces consumer and professional level drones, also known as sUAS (small, unmanned aircraft systems), and the forensic artifacts that may be related to this class of devices. The class leads participants through basic on-scene collection of devices, identification of connected systems and data acquisitions against all the possible data storage areas. Participants leave the class with hands-on experience on device disassembly, data acquisitions against multiple drone platforms using varied extraction methods to include SD card, telnet, Wi-Fi, and ADB, and the analysis of data from drone systems.
COURSE OUTLINE
-
Identification
- Introduction to sUAS
- Evidence Best Practices and Fundamental UAV Guidelines
-
Preservation
- Evidence Handling
- Seizure
- Scenario, part 1 – Seize a drone and associated peripherals
-
Acquisition
- Forensic Imaging Fundamentals
- Imaging
- Scenario, part 2 – Extract data from supplied drones
-
Analysis
- Open-source Analysis Tools
- Scenario, part 3 – Analyze extractions with a combination of the presented open-source tools
-
Vendor Analysis Tool Overview
- Scenario, part 4 – Analyze extractions with a combination of the presented vendor tools
- Phone artifacts
- Scenario, part 5 – Analyze provided phone image for drone artifacts with a combination of the presented vendor tools
-
Reporting and Testifying
- Process notes and the examiner’s report
- Common testimonial challenges
-
Path Forward
- Drone market
- State of Counter-UAS
VTO LABS INSTRUCTORS
Steve Watson, Chief Executive Officer, VTO Labs
Mr. Watson is a technologist focused in the areas of data recovery, forensics, risk, and compliance. His career spans two decades and a variety of technology environments from start-ups to Fortune 50 companies. He is the Chief Executive Officer of VTO Labs. He has served as the Principal Investigator for two U.S. government scientific programs focused on digital forensics. His research in the area of data recovery and digital forensics is focused on new and emerging technologies and extremely damaged devices. Watson’s expertise lies in getting data off of electronic devices that are challenging for others: damaged devices, old devices, new devices and unsupported devices. He also serves as the Chair of the Forensics Committee on the Scientific Working Group on Digital Evidence (SWGDE), representing expertise in mobile devices, emerging technologies, and damaged devices.
James Darnell, Chief Operations Officer, VTO Labs
Prior to his work at VTO Labs, Mr. Darnell worked over 21 years for the United States Secret Service. He began his career with the Secret Service in 1999 and served as a special agent in the Las Vegas Field Office. In 2005, he transferred to the Criminal Investigative Division in Washington, DC, where he served as the Service’s program manager for computer forensics. In 2008, he built a digital forensics laboratory on the campus of the University of Tulsa dedicated to research, training, and escalation examinations. From Tulsa, he created and administered the USSS’ cell phone and skimmer forensics programs. Darnell is a former Chair and Vice Chair of the Scientific Working Group on Digital Evidence (SWGDE) and former Chair of the NIST OSAC Digital Evidence Subcommittee. He is a member of the ASTM E30 Committee and an adjunct professor at Oklahoma State University.
Matt Domanic, Senior Digital Forensics Analyst, VTO Labs
Matt Domanic is the Senior Technical Lead for VTO Labs. Mr. Domanic has spent his time at VTO focusing on developing forensic methods for acquiring data from devices such as drones, IoT devices, vehicles, and other embedded and leading-edge technology. Prior to joining VTO Labs, Domanic was a detective with the Middlesex County Prosecutor’s Office in New Jersey where he served as a Task Force Agent for the NJ Drug Enforcement Administration field office and specialized in his role as a Digital Forensics Examiner in the office’s Technical Operations Unit. He is a member of the Scientific Working Group on Digital Evidence (SWGDE).