You are currently viewing a new version of our website. To view the old version click .
MDPIMDPI
Search all articles
Sensors
Download PDF
  • Article
  • Open Access

29 August 2022

A Comprehensive Collection and Analysis Model for the Drone Forensics Field

,
,
and
1
Faculty of Computing and Information Technology (FCIT), King Abdulaziz University, Jeddah 22254, Saudi Arabia
2
Faculty of Engineering, School of Computing, Universiti Teknologi Malaysia, Skudai 81310, Malaysia
3
Department of Information Systems, Faculty of Computing and Information Technology in Rabigh, King Abdulaziz University, Jeddah 21589, Saudi Arabia
4
School of Computing and Digital Technology, Faculty of Computing, Engineering and the Built Environment, Birmingham City University, Birmingham B4 7XG, UK
Sensors2022, 22(17), 6486;https://doi.org/10.3390/s22176486
This article belongs to the Special Issue Advanced Sensing Technology for Environment Monitoring
Version Notes
Order Reprints

Abstract

Unmanned aerial vehicles (UAVs) are adaptable and rapid mobile boards that can be applied to several purposes, especially in smart cities. These involve traffic observation, environmental monitoring, and public safety. The need to realize effective drone forensic processes has mainly been reinforced by drone-based evidence. Drone-based evidence collection and preservation entails accumulating and collecting digital evidence from the drone of the victim for subsequent analysis and presentation. Digital evidence must, however, be collected and analyzed in a forensically sound manner using the appropriate collection and analysis methodologies and tools to preserve the integrity of the evidence. For this purpose, various collection and analysis models have been proposed for drone forensics based on the existing literature; several models are inclined towards specific scenarios and drone systems. As a result, the literature lacks a suitable and standardized drone-based collection and analysis model devoid of commonalities, which can solve future problems that may arise in the drone forensics field. Therefore, this paper has three contributions: (a) studies the machine learning existing in the literature in the context of handling drone data to discover criminal actions, (b) highlights the existing forensic models proposed for drone forensics, and (c) proposes a novel comprehensive collection and analysis forensic model (CCAFM) applicable to the drone forensics field using the design science research approach. The proposed CCAFM consists of three main processes: (1) acquisition and preservation, (2) reconstruction and analysis, and (3) post-investigation process. CCAFM contextually leverages the initially proposed models herein incorporated in this study. CCAFM allows digital forensic investigators to collect, protect, rebuild, and examine volatile and nonvolatile items from the suspected drone based on scientific forensic techniques. Therefore, it enables sharing of knowledge on drone forensic investigation among practitioners working in the forensics domain.

1. Introduction

Unmanned aerial vehicles (UAVs) are flexible and rapid mobile boards applicable to different purposes, especially in smart cities, including traffic observation, environmental monitoring, and public safety, as shown in Figure 1. UAVs have received tremendous attention since these vehicles can be controlled and monitored without pilots, based on pre-programming flight paths. In the start, this technology was adopted for military purposes, but it has been recently used even to facilitate common people’s lives.
Sensors 22 06486 g001 550
Figure 1. Using UAVs for various purposes in the smart environment [1].
This technology is most commonly used in area monitoring, inspection, surveillance, and cargo purposes [2,3]. It improves life quality, especially by monitoring special public events and using shared space [4]. It is observed that the airspace is loaded with a great deal of traffic, and collision accident reports are increasing day by day [5]. Due to UAVs’ traffic patterns and technology, tackling the congestion and any incident is more challenging compared to traditional networks [6,7]. The increasing trend of congestion leads to high interference, data dropping, overhead, and other abnormalities in the control system. Various types of UAVs are currently available, including small drones, aircraft, or weapon-enabled drones [8,9]; small drones fly like small insects; they can fly around an area of interest to monitor vital signs and inform the base station for further decision-making. However, the nature of data is scattered in these networks where different types of devices are involved, including routers, switches, sensor nodes, and SD cards [10,11,12]. The data are located in different places, and there is a need for proper investigation and planning to extract the forensic features.
The drone functionalities involve several items such as the ground-station controller, onboard power management system (PMS), onboard flight control board (FCB), (multi)rotor system, electronic speed controller (ESC), and transceiver control unit (TCU) [13,14]. Regarding the potential digital forensic items, the ground-station controller, ESC, FCB, TCU, and PMS offer potentially reliable sources of evidence [15]. The information of log and memory could be taken out of the ground-station controller unit. It can be a software platform or a customized base-station design, which can interact with FCB. As drones are unmanned, TCU plays a crucial role by providing a medium for communication and control between the base station and FCB as well as a medium of communication for different sensors installed on the drone. FCB acts as the drone brain [16,17] by integrating and coordinating the information received from the functional drone units (including the mounted sensors), the inertial measurement and controls, and the flight trajectory and navigation control, and also by the management of power and being in communication with the station on the ground. Additionally, ESC is the core functionality in a drone: an electronic circuit house responsible for managing the speed and overall efficiency of a drone’s movement [18].
Thus, drone forensic items of drone devices could be observed in the form of data stored in the memory (practical use of memory forensics), electromagnetic (EM) wave data, and contents of different log files. ESC and FCB are the potential sources of memory items, which could be directly taken out of the components of ESC and FCB, respectively. The components include flight control data, flight record data, information from the drone’s internal monitoring unit, and data from the mounted transceivers and sensors. Generally, the signal processing methodologies complement the process of forensically identifying and extracting the data. Nevertheless, the digital items, which appear in the form of EM signals from the respective transceivers and mounted sensors, can make further corroborative information available to the investigation process. In this sense, TCU could be leveraged to extract primary EM signals, which could be processed further to extract the secondary corroborative digital items. Figure 2 illustrates a UAV’s architecture and the protocols supporting its communications, which may help investigators use it during the investigation of drone crimes.
Figure 2. A UAV architecture composition.
The existing literature consists of various collection and analysis models proposed for drone forensics, some of which are inclined towards specific scenarios and drone systems. As a result, there is no suitable and standardized drone-based collection and analysis model devoid of commonalities that can solve future problems that may arise in the drone forensics field.
To address the gap mentioned above, there is a need to identify a novel comprehensive collection and analysis forensic model focusing on collection and analysis as a step toward solving redundancy. Accordingly, the present paper proposes a novel comprehensive collection and analysis forensic model (CCAFM) applicable to the drone forensics field. In comparison with the existing models, CCAFM incorporates not only the reconstruction, analysis, and collection but also the post-incident investigation processes. The processes suggested in this paper explicitly address the need for novel process models that can satisfy the requirements of post-incident response strategies during drone forensic investigations. Moreover, note that this study is contextually dependent on the initially proposed models, which have been leveraged in identifying the research gap; this will become apparent in the later sections that depict the same.
The remainder of this article is arranged as follows: Section 2 discusses the related work of the drone forensics field. Then, Section 3 concentrates on discussing the methodology adopted in this paper. After that, Section 4 gives the results and discussion. Finally, the conclusion and future remarks are provided in Section 5.

3. Methodology for Developing and Validating CCAFM

To validate the theoretical suppositions and achieve the main objective highlighted in this study, the current paper’s authors have systematically adapted systematic methods of design science research (DSR) for further effectiveness and efficiency. In addition, this paper aims to satisfy the need to portray the knowledge in the forensics domain. DSR was used in this study since it aids in identifying a forensic area of study, which is then sampled. The area is then mapped in order to identify pertinent and useful data that can be used to provide proof of the identified research questions. Based on the aforementioned notion, this study suggested a comprehensive forensic model for the collection and analysis processes required in the drone forensics field. Accordingly, the authors utilized a distinct criterion whose primary focus is identifying key research gaps relative to data collection and analysis in the drone forensics field. The model proposed in this study involves the following phases (see Figure 3):
Figure 3. Framework for the model development process.
  • Phase 1: Identifying and selecting the domain models
  • Phase 2: Extracting the processes for relevant investigations
  • Phase 3: Filtering and organizing the extracted processes
  • Phase 4: Proposing a comprehensive collection and analysis forensic model
  • Phase 5: Validating the proposed model
This is followed by the formulation of the research questions. Thereafter, the domain models are selected, and the relevant processes are extracted, which are then filtered and organized to aid in constructing a comprehensive forensic model for the collection and analysis. Finally, the proposed model is validated to assess its effectiveness.

3.1. Phase 1: Identifying and Selecting the Domain Models

This step identified and selected the models suitable for the drone forensics investigation. Several models have been identified after reviewing the literature. Thus, the elements for identifying and selecting have been adapted from the previous research [83,84]. To identify and select the drone forensic models from the literature, authors need to employ some factors/criteria for this purpose. The highly applicable processes of drone forensic investigation processes should be widely covered based on the objective of the development process. A coverage metric indicates the applicability of the sourced model. Table 1 shows 32 common models that could be used as the output of this step.
Table
Table 1. Recognized and nominated drone forensics models.
Table 1. Recognized and nominated drone forensics models.
ID.Models
References		YearAuthorsDescription of the Model
1.[20]2015Mhatre et al.They offered a tool using Java-FX to visualize the real-time flight control. Their designed tool is not directly applicable to the DF field; however, it can create efficient connections between a drone and its controller to transfer data. In addition, this tool can display sensor parameters, including GPS, IMU, and altitude for pilots, which provides a great level of safety for flights
2.[24]2016HorsmanThis study offered an initial assessment of UAV devices, emphasizing the issues caused by this equipment to the digital forensic experts and law enforcement examinations. They provided an investigation of a Parrot Bebop drone and a study of the mobile tools used to pilot it, namely Galaxy and an iPhone 6, both using the Parrot’s offered UAVs flight routing product “FreeFlight3”.
3.[26]2016MohanIn this study, the author analyzed the drones’ vulnerabilities and applications and their relationships with issues that generally arise in the cybersecurity domain. They asserted that if a drone is hacked and abused by opponents, serious risks or consequences may arise. That study primarily focused on identifying the benefits of using drones in numerous conditions, from employing these devices as children’s toys to using them as mass destruction weapons.
4.[19]2016Kovar, Dominguez, and MurphThe authors discussed all components of a drone. They all emphasized the use of the Linux operating system and its potential to gather evidence on the Linux file system. Note that to work properly, drones need to use an OS.
5.[85]2016Maarse et al. Researchers tried to evaluate DRFs with the purpose of DJI Phantom 2 commonly. They assessed the drone’s software and hardware and reviewed how they can be used to apply DRFs. Their results achieved the creation of a principle in the dedication and range of DRFs
6.[25]2016Procházka Authors attempted to integrate the visualizing data recovered from drones with a non-forensic approach. They designed an application to visualize the log parameters from flight data. However, only a small number of drones were evaluated in their study. The scope of this working on the Parrot AR Drone 2.0.
7.[29]2017Prastya, Riadi, and LuthfiThe researchers comprehensively discussed how the GPS coordinates could be used as location evidence while examining the crimes committed with the help of a drone. They attempted not only to extract the system logs but also to visualize GPS coordinates on maps, where the web-based third-party platforms were used to plot the flight paths.
8.[27]2017Jain, Rogers, and MatsonThe authors proposed a 12-phase forensic framework to offer an innovative approach to the systematic investigation of UAVs. Wide-ranging tests were carried out on five commercial UAVs, for instance, the Parrot AR Drone 2.0, to identify the relationships amongst various components. They also executed an experiment to validate their developed framework. All the UAVs tested in the study were modified by adding and removing some parts. These modifications were done to try to check whether the framework involved all of the various elements in any basic commercial UAV and to examine whether it could be applied to a comprehensive UAV analysis. They found out that an important issue that does not allow for mitigating the attacks effectively is the deficiency of law enforcement training processes in UAVs. None of the UAVs were exposed to forensic analyses; however, an effective framework was finally constructed, which applied to the ex-amination and analysis of the stages involved.
9.[28]2017Clark et al.In this study, the authors were the first researchers that comprehensively analyzed the DJI Phantom 3 Standard. The examined UAV was flown towards two different sites. Then, the collected data were separated into three parts: controller, drone, and phone/tablet. Eventually, they explored two types of files of interest: the “.dat” files produced by the UAV and the “.txt” files produced by the DJI GO application. The files were first subjected to the decryption and decodification processes; after that, the information about the GPS locations, flight status, Wi-Fi connections, remote control, motors, etc., was extracted. When the obtained data were analyzed, and the proprietary file structures were well-understood, the researchers developed the DROP tool for the analysis of the evidentiary files. Additionally, they developed a forensically sound open-source drone open-source parser (DROP) tool.
10.[86]2017Bucknell and BassindalThe authors analyzed the effects of a quadcopter’s downwash to know whether it can affect the retaining of material evidence in crime events.
11.[30]2017LlewellynThe authors attempted to explore the flight data correlation among drones, SD cards, and mobile phones. Finding a connection between a drone and a suspect significantly facilitates criminal inspections. The application of specific software to private UAV devices could lead to the provision of many digital items such as GPS timestamps and waypoints, several connected satellites, barometer, pitch, roll, battery status, azimuth, distance, photos, and videos.
12.[32]2017Barton and AzharThe researchers in this study used Windows and Kali (a Linux distribution) as forensic workstations to conduct the needed analyses on A.R Drone and DJI Phantom 3. Different open-source tools such as Geo-Player have been used primarily to visualize the data related to the flight path. Due to the absence of a proper built environment, including a package manager, configuration tools, and a compiler within the UAV system, this option entails making a serious change to the data existing in the UAV. For that reason, it was terminated in favor of the logical level acquisition. This was carried out by mounting a forensic mass storage device onto a UAV; then, the existing files were copied entirely from the mounted “/ data” partition using the “cp” command.
13.[31]2017A. L. P. S. Renduchintala, Albehadili, and JavaidThe authors tried to examine the key log boundaries of the independent UAV. They suggested comprehensive forensic software for the drone design with initial findings.
14.[87]2018Bouafif et al.In this study, the authors utilized digital forensics to the Parrot A.R Drone 2.0. They delivered a dialogue on various common statements and file structures and then tried to imagine the trip path with the aid of Google Earth.
15.[23]2018Roder, Choo, and Le-KhacThe authors presented a set of rules for drone examinations in this study. They tried to discern the direction to conduct a drone forensic examination with the purpose of the DJI Phantom 3 drone as a real scenario.
16.[33]2018Maune The authors offered their own set of guidelines in this regard. To end with, they explained how their procedures could be effectively implemented when analyzing a drone forensically. They employed DJI Phantom 3 drone as their case study. A key limitation in UAV forensics is that there is not any confirmed forensically useful tool (this indeed recommends a direction for future research). For example, the subsequent logical step is the creation of different parsing tools that can analyze original data and make available readable and reliable information. In addition, UAVs are expected to attain the capacity needed for being properly integrated with radio communication services in the future.
17.[34]2018Benzarti, Triki, and KorbaaIn this study, a novel architecture was introduced using the ID-based Signcryption to guarantee the authentication process and privacy preservation. In the initial step, the authors defined the key elements that the architecture relies on. After that, they investigated the interactions between these elements to explore how the process goes on. Next, they elaborated on their proposed authentication scheme. Thus, the RFID tags were applied to tracking the drones and the temporary identity to preserve privacy. In addition, they simulated the calculation of the average renewal of temporary identity by testing the drones’ different times and speeds.
18.[88]2018Gülataş and BaktırThe essential major log parameters of the autonomous drone were analyzed, and it was suggested to employ comprehensive software architecture related to drone forensics with preliminary results. The researchers expected that their developed software could provide a user-friendly graphical user interface (GUI) based on which the users could extract and investigate the onboard flight information. In addition, they claimed their findings would contribute to the body of the drone forensics field by designing a new tool that greatly helps run investigations effectively on criminal deeds executed with the help of drones.
19.[36]2018Dawam, Feng, and Li The authors attempted to identify the potential cyber-physical security threats and address the current challenges attributed to UAV security before a time in the future when UAVs are the predominant vehicles used by ordinary people. Furthermore, in that study, there is a suggestion about using a certain method that can be applied effectively to examining large-scale cyber-security attack vectors of such systems concerning four classes of systems, which are highly important to UAV operations. Furthermore, the authors elaborated on the contributions of their findings and suggested the appropriate ways to defend against such attacks.
20.[37]2018Esteves, Cottais, and KasmiIn this paper, authors designed arbitrary software and then applied it to a locked target to gain access to the device’s interior sensors and logs with the help of neutralization and hardening strategies to predict the effectiveness.
21.[89]2018Shi et al. The authors discussed the overall legal processes that need to be taken into action to collect drones from the crime scene and investigate them in the laboratory.
22.[90]2018Guvenc et al. In this study, a model was introduced for collecting and documenting digital data from the flight items and the related mobile devices to aid investigators in forensically examining two common drone systems, i.e., the Mavic Air and DJI Spark.
23.[91]2018Ding et al.The authors conducted a preliminary forensic analysis on the Parrot Bebop, known as the only UAV similar to the Parrot AR Drone 2.0.
24.[35]2019A. Renduchintala et al. The researchers made a forensic analysis of a captured UAV. Security forces may capture suspected UAVs using different techniques or tools such as a shotgun; these devices may break into private properties. It is necessary to determine what software/hardware modules are used to examine a UAV. After that, the investigator needs to perform three activities: gathering accessible evidence, providing the chain of custody, and analyzing the media/artifact loaded on the UAV. The increasing incidence of unlawful utilization of UAVs reflects legal ambiguity and uncertainty in the existing aviation regulations. This problem has resulted in the shortage of evidence and fundamental standards.
25.[38]2019Fitwi, Chen, and ZhouThe researchers designed an innovative scheme called distributed, agent-based secure mechanism for IoD and smart grid sensors monitoring (DASMIS). Their aim was to test a hybrid of peer-to-peer (P2P) and client-server (C/S) network architecture with reduced protocol overheads for immediate and bandwidth-efficient communication. Each node within this system is assigned with an initial status and provided with a python-based agent that can scan and detect in read-only node-IDs, node MAC address, system calls made, node IP address, all running system programs and applications, installed applications, and modifications. The agent securely authenticates the nodes, puts communications in a coded form, and approves inter-node access. This can prevent and detect different attacks, e.g., modification, masquerading, and DoS attacks. In addition, it can execute data encryption and hashing, and it reports the changes to other peer nodes and the server that is located at the C&C center.
26.[39]2019Jones, Gwinnett, and JacksonThe authors attempted to facilitate the processes such as generating, analyzing, validating, and optimizing data to trace evidence recovery. To do this, they introduced and explained the approach adopted for solving this problem considering the target fiber retrieval context using self-adhesive tapes.
27.[40]2019Salamh and RogersThe authors attempted to adapt digital forensic processes to enhance drone incident response plans by implementing the drone forensic analysis process. The authors in that study provided more detailed information about the developed Drone Forensics and Incident Response Plan. They resulted in the fact that the Federal Aviation Administration (FAA) can update what unmanned aerial systems (UAS) require based on two classifications of UAS. In addition, they performed an inclusive review of the existing literature. They found out that it lacks research concentrating on incident responses and forensic analysis frameworks designed specifically for remotely piloted aerial systems. Then, they attempted to bridge this gap.
28.[41]2019Esteves The researchers introduced the concept of “electromagnetic watermarking” as a technique exploiting the IEMI impacts to embed a watermark into civilian UAVs so that forensic tracking could be done well.
29.[42]2019J. L. Esteves, E. Cottais, and C. KasmiIn this study, many aircraft accident investigators and drone forensics investigators were surveyed to find out how they employ forensic models to carry out forensic analyses on drones. The authors analyzed the data using the chi-square test of independence; it revealed no significant connection between the drone investigations of the groups of respondents and the techniques they use to perform UAS forensics.
30.[92]2019Le Roy et al.A new method was introduced to accurately and quickly determine whether a drone is lying on the ground or in the sky. These results are attained just by eavesdropping on the radio traffic and processing it using standard machine learning techniques (instead of using any active approach). The authors in that study asserted that if the network traffic is classified properly, the exact status of a drone could be accurately determined using the overall operating system of ArduCopter (for instance, several DJI and Hobbyking vehicles). Furthermore, a lower bound was created on the detection delay when using the aforementioned method. It was confirmed that their proposed solution could discriminate against a drone’s state (moving or steady) with approximately 0.93 SR in 3.71 s.
31.[43]2019Sciancalepore et al. The authors proposed using only the encrypted communication traffic between the drone and the remote controller to determine the drone’s status (flying or at rest). A drone equipped with ArduCopter firmware was used to collect the data. Without using the contents of the encrypted packet, six features were produced (inter-arrival time, packet size, mean and standard deviation computed over a certain number of samples of inter-arrival time and packet size). Three different classifiers, i.e., decision tree, random forest, and neural networks, were used to classify data (decision tree, random forest, and neural networks). The random forest classifier yielded superior results for drone detection.
32.[44]2020Lakew Yihunie, Singh, and BhatiaThe researchers assessed and discussed the security vulnerabilities of Parrot Mambo FPV and Eachine E010 drones. They then suggested proper countermeasures to enhance their resilience against possible attacks. The findings showed that Parrot Mambo FPV was vulnerable to de-authentication and FTP service attacks, while Eachine E010 was susceptible to radio frequency (RF) replay and custom-made controller attacks.

3.2. Phase 2: Extracting the Processes for Relevant Investigations

The criteria adapted from [93,94] were used to extract the processes of collection and analysis from the 32 extracted models through the following criteria:
  • Abstracts, related work, conclusions, and titles were excluded. The investigation process was extracted either from the main textual model or the diagram.
  • The investigation process should be associated with the analysis and collection processes.
  • There should be an activity, definition, or task in the investigation process with which the purpose and meaning of the process can be recognized.
  • The investigation processes unrelated to the conducting processes of collection and analysis were excluded.
  • The implicit and explicit investigation processes should be included in the models.
Table 2 shows that the 32 models consisted of 42 processes. Due to the redundancy of the majority of these 42 processes, they needed to be merged into a unified model. In the next section, this merging process is discussed.
Table 2. Extracted processes.

3.3. Phase 3: Filtering and Organizing the Extracted Processes

This phase filters and organizes the extracted processes based on the same semantic meanings. In the first 21 processes, the drone forensics field was discussed from the perspective of preservation and collection, while the drone forensics field was discussed in the second 21 processes from the perspective of analysis and reconstruction, as Table 3 and Table 4 show, respectively.
Table 3. Collection and preservation processes.
Table 4. Reconstruction and analysis processes.

3.4. Phase 4: Proposing a Comprehensive Collection and Analysis Forensic Model

Due to the overlapping of some extracted processes, the tasks and activities performed in each of the investigative processes should have been considered, and there should not be a focus on naming conventions [22,23]. A more frequent process of investigation is selected by adapting the mapping process. The proposed forensic model is shown in Figure 4. It has three common investigation processes, i.e., collection and preservation, reconstruction and analysis, and post-analysis process. The extracted 21 collection processes were covered by the collection and preservation process, while the extracted 21 analysis and reconstruction processes were covered by the reconstruction and analysis process. The post-investigation process presented as a new process has not been stated in any of the existing models of drone forensics. Its two main goals are (1) the assessment and improvement of the current investigation processes based on a group of procedures that Section 5 highlighted and (2) the assessment and improvement of the existing drone security measures to prevent further drone incidents in the future, as indicated in Section 5.
Figure 4. Comprehensive collection and analysis model for the drone forensics field.

3.5. Phase 5: Validating the Proposed Comprehensive Collection Analysis and Forensic Model

In this phase, the focus was on validating if the proposed CCAFM was completed comparing to the available models of analysis and collection in the drone forensics field. To finalize this process, a comparison was made between CCAFM and the other models [24]. The comparison was to validate if the developed CCAFM is efficient and whether it can explain and fit into the existing models in this domain. Table 5 shows the models used in the comparison—for example, the extracted processes presented in Table 2 were compared with the proposed CCAFM processes. CCAFM was found more inclusive, encompassing the actions discovered in the former models. Figure 4 indicates that CCAFM involves three common investigation processes, i.e., reconstruction and analysis, collection and preservation, and post-investigation process.
Table 5. A comparative summary: the proposed CCAFM and existing drone forensic models.
Consequently, the redundant investigation processes of the analysis and collection processes in the proposed model are addressed given that new procedures and processes have also been proposed. The main reason for this is to improve the analysis and collection process in the drone forensics field. Table 4 shows that all the activities of the previous models have been covered in the first two processes of the proposed investigation model. For example, the first investigation process, which is the preservation and collection process, performs the entire investigation activities and the tasks of the 21 investigation processes. In addition, Table 5 shows that most of the tasks and activities of the 21 investigation processes are covered in the reconstruction and analysis process in the second process of the proposed model.

4. Discussion

In this study, a novel compressive collection and analysis forensic model referred to as CCAFM was proposed to be applied to the drone forensics field. The proposed model further discusses the drone forensics from two perspectives: the harmonization perspective and awareness perspective. The harmonization perspective discusses the existing redundant steps and activities used within the collection and analysis process in the drone forensics field. Thus, the current drone forensic collection and analysis processes have been grouped, combined, and harmonized in two main abstract processes based on the similarities in the meaning and functioning. Thus, the redundancy in the investigation process has caused ambiguity and heterogeneity among practitioners in this domain. On the other hand, there are several limitations of the proposed CCAFM; for example, the data used for development and validation were collected by the authors themselves. Moreover, the proposed model is validated from the completeness perspective using a comparison with another models method; it lacks real implementation to evaluate its applicability.

4.1. Preservative A: Harmonized Perspective

The harmonized perspective consists of two common investigation processes:
  • Acquisition and preservation process: It allows volatile and nonvolatile items to be collected from the suspect drone and preserved based on the trusted forensic techniques mainly using the collection and preservation process. It has three main stages: schema reconstruction, data acquisition, and data preservation. Prior to attempting to conduct any investigation, the investigator would need to ascertain the state of the database. In this regard, the preparatory process can be evoked. In this process, the investigator would need to verify if the drone would require a schema reconstruction process. Drone schema reconstruction is a major technical process implemented when the drone structure is either corrupted, damaged, or altered in such a way that the functionality of the drone cannot be ascertained. In such conditions, schema reconstruction techniques will be required to re-align the raw data in the drone to the metadata of the database. This could be techniques against localized data alteration, alteration to the sequence of blocks of data, and manipulation carried out on the links between blocks of data [82,95,96]. Upon an accurate schema reconstruction, the process of evidence acquisition can be evoked. Volatile and nonvolatile data can be acquired using the data acquisition stage with trusted forensic tools. It has three stages: a dead acquisition stage, a hybrid acquisition stage, and a live acquisition stage. The dead acquisition stage means that data are copied from the system investigated without the system itself, while in the hybrid acquisition stage, key elements of both dead and live acquisition methods are combined to offer the advantages of both options. The live acquisition stage is preferred to prevent the missing of volatile data. In the live acquisition stage, data are acquired in the case of system analysis while the investigation is being done. It is a usual dead acquisition after the live acquisition of the volatile data. Acquired data are the output of this stage. In the acquired data, preservation is needed to protect integrity and confidentiality against tampering. Hashing and backup methods are used in the data preservation stage to keep the reliability of the acquired data, and any modification of acquired data could be prevented. The integrity of data can be kept by hashing and backing up the acquired data from the data acquisition stage. Hashing ensures that the data will not be changed by the drone forensics techniques used to hash the acquired data. It also assures that the transferred acquired data between the destination and source is reliable. Moreover, an exact copy of the acquired data utilized as a second copy for the tampered original data is provided in the backup. Therefore, reconstruction and analysis activities are conducted to transfer the copy of the hashed acquired data to the forensic workstation through secure channels.
  • Analysis and reconstruction: In this phase, the events causing an incident to acquired data (including user drone activities, existing SQL execution history, and retracing past systems) are examined, constructed, and analyzed. There are two stages in this mode: data examination and data reconstruction. In the data examination stage, it is ensured that acquired data are not altered and remain authentic. Thus, the investigation team’s first mission is to use such examination tools to examine if the data collected are authentic. However, the modification of the acquired data requires the investigation team to bring another clean acquired data from the first acquired data.
Then, in the data reconstruction stage, timeline events (involving user drone activities, stored procedures, function execution, past SQL execution history, and retracing past system) are reconstructed from the acquired nonvolatile and volatile data. Forensic techniques and algorithms such as LogMiner and Dragon are used by the reconstruction team (analyzers or examiners) to perform a reconstruction process. For the reconstruction process, there is a need for a clean drone environment and acquired data to construct the timeline. The timeline as a collection of digital events is recognized from the reconstruction process used in the analysis. As the digital events are recognized, the malicious drone events, successful login events, and failed login events can be identified and added to a timeline examination. Furthermore, an investigator can gain insight into the occurring events and the involved people by creating a timeline of events. There is an association between the timeline class and the forensic technique used to search and filter the timeline for giving the pieces of evidence. The drone files recorded on storage devices and hard drives are usually recognized as evidence. Its binary transmission may be relied on in a court. It involves why, how, what, when, and where the malicious transactions have been carried out. In the end, the whole data reconstruction and analysis processes are documented by the investigation team in several reports and submitted to the court and the respective company.

4.2. Preservative B: Awareness Perspective

It is mainly a post-investigation process: The primary focus of the post-investigation process is on collecting the data from the two previous processes, i.e., collection and analysis processes, for training, learning, and improvement purposes, generally taking the form of recommendations. These recommendations will be used as awareness forms and guidelines to improve the drone investigation in the future or prevent drone incidents in the future. It comprises two main stages:
  • Improving the drone investigation process: the investigation process can be improved in the future, and the output and reliability of the drone investigation can be enhanced by gathering the output of the preservation and collection processes and analyses as well as the reconstruction process. It includes a set of procedures:
    • Assessing the process of investigation: A reliable investigation can be guaranteed by carefully examining the existing drone forensics’ workstation, i.e., investigation team, tools, procedures, guidelines, models, methods, labs, and policies. The investigation team should have enough qualifications and high experience to perform the stages of the investigation. To preserve high productivity, the investigation team needs to be continuously trained and updated. The center of any investigation is the forensic tools, which should be carefully selected by senior investigators. The selection of improper investigation tools may result in the failed stages of the investigation and lost evidence. A reliable and clear investigation can be assumed by assessing and updating the existing investigation policies, guidelines, and procedures.
    • Archiving the digital pieces of evidence: All the incident-related data will be deleted with the exemption of digital evidence that will be securely archived for further legal purposes.
    • Developing the investigation repository: All the investigation stages are kept with an investigation repository, allowing practitioners to quickly access the previous investigations information and use it again for similar cases.
    • Recommendations: The weakness of the existing forensic workstations can be improved by translating the assessment at step 1 to new guidelines.
  • Improving the drone security measures: There is a need for enabled and audited security measures, such as access control for the mitigation of the drone breaches. This stage aims to improve the security measures for the prevention of drone incidents. It involves several procedures:
    • Assessing preventive security procedures: The integrity, confidentiality, and availability of the information systems are protected based on the security measures as significant components. To accomplish the security objectives, it is necessary to continuously assess the preventive security procedures. Thus, the data should be kept secure by reassessing and improving the current drone security measures such as IDS, access control, auditing feature, and firewalls. On the other hand, all CCAFM processes are subject to the laws of countries in terms of privacy when acquiring information. In fact, this is one of the biggest challenges facing investigators. Some laws do not allow data to be collected without permission from the authorities. For example, there is a need to strike a balance between what is acceptable for private use and what is not. Currently, there are laws being created by both state and federal agencies. Many of these laws revolve around the first and fourth amendments. In particular, the need to know the location of the drone when it is recording is critical for privacy. Some states are simply banning them outright, while others are more focused on what is allowed and what is not. One example is laws against drones carrying weapons. The state of Connecticut, USA, proposed a law to restrict/prohibit putting guns on drones after a man posted a video of his drone flying with a gun and shooting. Thus, all the processes of the proposed CCAFM should follow the laws of the state where the crime happened in terms of privacy.
    • Identifying preventive measures: It may prove dangerous someday to see no preventive measures in the drone system for monitoring outsider or insider attacks. Thus, preventive drone measures must be enabled and assessed continuously to keep data secure.
    • Monitoring incidents: The post-incident activities have been closely monitored since the reappearance of threat actors. We suggest that a security log hawk should analyze the security information and event monitoring (SIEM) data to see any signs of indicators tripping associated with the previous incident.
    • Completing an analysis report: The incident will be documented to augment additional security measures and improve the incident response plan to prevent such security events in the future. The report needs to answer the following questions: how logging is done, what are the intrusion detection systems (IDS), what is logged, and what are the forensic acquisition, reconstruction, preparation, and analyzing methods, and tools.
New processes for conducting drone investigation are included in the proposed CCAFM to fill the gap discussed in Section 2. There are no similar factors in the available drone forensic models based on the processes required to improve and assess the drone forensic investigation processes of forensic investigation of drones and drone security measures.

5. Conclusions

Due to the growing use of unmanned aerial vehicles (UAVs) in several applications and environments, the incidents related to these vehicles are growing rapidly. Thus, the drone forensics field is required to capture and analyze the drone crimes. Drone incidents can be collected and analyzed with different specific drone forensic models. Therefore, a novel comprehensive forensic model was proposed in this study for the collection and analysis of the data collected through the investigations in the drone forensics field. The redundancy in the examination process, which causes the ambiguity and heterogeneity among domain forensic practitioners, has been solved in the current paper by combining all the collection and analysis models existing in the drone forensics field. More specifically, the exiting processes, activities, concepts, tasks, and practices of the models were grouped and combined into a single model called CCAFM.
Furthermore, the post-investigation process was suggested in this study as a completely new investigation process. It was essentially appropriate to use a design science approach to achieve the objective of this study, i.e., developing a comprehensive model applicable to drone forensics. Three interdependent processes, i.e., schema reconstruction, acquisition and preservation, evidence reconstruction and analysis, and post-investigation, were involved in the developed model. The proposed model was compared with other models previously proposed in this field to evaluate its completeness and effectiveness. The proposed model allows domain users to gather, protect, rebuild, and examine both volatile and nonvolatile data from suspect drones using trusted forensic tools. Furthermore, it could be used as a guide for improving the drone forensic processes and drone security procedures. The future research in this domain may include the real implementation of CCAFM to verify the efficiency of the proposed model in terms of capturing, preserving, and analyzing drone incidents.

Author Contributions

Conceptualization, F.M.A. and A.A.-D.; methodology, A.A.-D. and Y.D.A.-O.; formal analysis, A.A.-D.; investigation, A.A.-D.; data curation, A.A.-D.; writing—original draft preparation, A.A.-D.; writing—review and editing A.A.-D., F.M.A. and Y.D.A.-O.; visualization, F.M.A.; supervision, Y.D.A.-O. and F.M.A.; project administration, F.M.A.; validation, A.A.A. All authors have read and agreed to the published version of the manuscript.

Funding

This research is supported by the Deputyship for Research & Innovation, Ministry of Education in Saudi Arabia for funding this research work through the project number IFPRC-062-611-2020 and King Abdulaziz University, DSR, Jeddah, Saudi Arabia.

Institutional Review Board Statement

Not applicable.

Data Availability Statement

All the data used to support the study are included within the article.

Acknowledgments

The authors extend their appreciation to the Ministry of Education and King Abdulaziz University, Jeddah, Saudi Arabia.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Mohamed, N.; Al-Jaroodi, J.; Jawhar, I.; Idries, A.; Mohammed, F. Unmanned aerial vehicles applications in future smart cities. Technol. Forecast. Soc. Chang. 2020, 153, 119293. [Google Scholar] [CrossRef]
  2. Yu, K.-P.; Tan, L.; Aloqaily, M.; Yang, H.; Jararweh, Y. Blockchain-enhanced data sharing with traceable and direct revocation in IIoT. IEEE Trans. Ind. Inform. 2021, 17, 7669–7678. [Google Scholar] [CrossRef]
  3. Yu, K.; Arifuzzaman, M.; Wen, Z.; Zhang, D.; Sato, T. A key management scheme for secure communications of information centric advanced metering infrastructure in smart grid. IEEE Trans. Instrum. Meas. 2015, 64, 2072–2085. [Google Scholar]
  4. Tan, L.; Yu, K.; Shi, N.; Yang, C.; Wei, W.; Lu, H. Towards secure and privacy-preserving data sharing for covid-19 medical records: A blockchain-empowered approach. IEEE Trans. Netw. Sci. Eng. 2021, 9, 271–281. [Google Scholar] [CrossRef]
  5. Tan, L.; Yu, K.; Ming, F.; Cheng, X.; Srivastava, G. Secure and resilient artificial intelligence of things: A HoneyNet approach for threat detection and situational awareness. IEEE Consum. Electron. Mag. 2021, 11, 69–78. [Google Scholar] [CrossRef]
  6. Tan, L.; Yu, K.; Lin, L.; Cheng, X.; Srivastava, G.; Lin, J.C.-W.; Wei, W. Speech emotion recognition enhanced traffic efficiency solution for autonomous vehicles in a 5G-enabled space-air-ground integrated intelligent transportation system. IEEE Trans. Intell. Transp. Syst. 2021, 23, 2830–2842. [Google Scholar] [CrossRef]
  7. Awan, S.; Ahmed, S.; Ullah, F.; Nawaz, A.; Khan, A.; Uddin, M.I.; Alharbi, A.; Alosaimi, W.; Alyami, H. IoT with blockchain: A futuristic approach in agriculture and food supply chain. Wirel. Commun. Mob. Comput. 2021, 2021, 5580179. [Google Scholar] [CrossRef]
  8. Li, H.; Yu, K.; Liu, B.; Feng, C.; Qin, Z.; Srivastava, G. An efficient ciphertext-policy weighted attribute-based encryption for the internet of health things. IEEE J. Biomed. Health Inform. 2021, 26, 1949–1960. [Google Scholar] [CrossRef] [PubMed]
  9. Saif, A.; Dimyati, K.; Noordin, K.A.; C, D.G.; Shah, N.S.M.; Abdullah, Q.; Mohamad, M. An efficient energy harvesting and optimal clustering technique for sustainable postdisaster emergency communication systems. IEEE Access 2021, 9, 78188–78202. [Google Scholar] [CrossRef]
  10. Feng, C.; Liu, B.; Guo, Z.; Yu, K.; Qin, Z.; Choo, K.-K.R. Blockchain-based cross-domain authentication for intelligent 5g-enabled internet of drones. IEEE Internet Things J. 2021, 9, 6224–6238. [Google Scholar] [CrossRef]
  11. Feng, C.; Liu, B.; Yu, K.; Goudos, S.K.; Wan, S. Blockchain-empowered decentralized horizontal federated learning for 5G-enabled UAVs. IEEE Trans. Ind. Inform. 2021, 18, 3582–3592. [Google Scholar] [CrossRef]
  12. Ullah, F.; Pun, C.-M. The Role of Internet of Things for Adaptive Traffic Prioritization in Wireless Body Area Networks. In Healthcare Paradigms in the Internet of Things Ecosystem; Elsevier: Amsterdam, The Netherlands, 2021; pp. 63–82. [Google Scholar]
  13. Feng, C.; Yu, K.; Aloqaily, M.; Alazab, M.; Lv, Z.; Mumtaz, S. Attribute-based encryption with parallel outsourced decryption for edge intelligent IoV. IEEE Trans. Veh. Technol. 2020, 69, 13784–13795. [Google Scholar] [CrossRef]
  14. Ding, F.; Zhu, G.; Alazab, M.; Li, X.; Yu, K. Deep-learning-empowered digital forensics for edge consumer electronics in 5G HetNets. IEEE Consum. Electron. Mag. 2020, 11, 42–50. [Google Scholar] [CrossRef]
  15. Ding, F.; Yu, K.; Gu, Z.; Li, X.; Shi, Y. Perceptual enhancement for autonomous vehicles: Restoring visually degraded images for context prediction via adversarial training. IEEE Trans. Intell. Transp. Syst. 2021, 23, 9430–9441. [Google Scholar] [CrossRef]
  16. Al-Dhaqm, A.; Ikuesan, R.; Kebande, V.; Razak, S.; Ghabban, F. Research Challenges and Opportunities in Drone Forensics Models. Electronics 2021, 10, 1519. [Google Scholar] [CrossRef]
  17. Ding, F.; Zhu, G.; Li, Y.; Zhang, X.; Atrey, P.K.; Lyu, S. Anti-forensics for face swapping videos via adversarial training. IEEE Trans. Multimed. 2021, 24, 3429–3441. [Google Scholar] [CrossRef]
  18. Zhou, Z.; Dong, X.; Li, Z.; Yu, K.; Ding, C.; Yang, Y. Spatio-Temporal Feature Encoding for Traffic Accident Detection in VANET Environment. IEEE Trans. Intell. Transp. Syst. 2022, 1–10. [Google Scholar] [CrossRef]
  19. Kovar, D.; Dominguez, G.; Murphy, C. UAV (aka drone) Forensics. In Proceedings of the SANS DFIR Summit, Austin, TX, USA, 23–24 June 2016; pp. 23–24. [Google Scholar]
  20. Mhatre, V.; Chavan, S.; Samuel, A.; Patil, A.; Chittimilla, A.; Kumar, N. Embedded video processing and data acquisition for unmanned aerial vehicle. In Proceedings of the 2015 International Conference on Computers, Communications, and Systems (ICCCS), Kanyakumari, India, 2–3 November 2015; pp. 141–145. [Google Scholar]
  21. Yu, K.; Tan, L.; Lin, L.; Cheng, X.; Yi, Z.; Sato, T. Deep-learning-empowered breast cancer auxiliary diagnosis for 5GB remote E-health. IEEE Wirel. Commun. 2021, 28, 54–61. [Google Scholar] [CrossRef]
  22. Yu, K.; Tan, L.; Mumtaz, S.; Al-Rubaye, S.; Al-Dulaimi, A.; Bashir, A.K.; Khan, F.A. Securing critical infrastructures: Deep-Learning-Based threat detection in IIoT. IEEE Commun. Mag. 2021, 59, 76–82. [Google Scholar] [CrossRef]
  23. Roder, A.; Choo, K.-K.R.; Le-Khac, N.-A. Unmanned aerial vehicle forensic investigation process: Dji phantom 3 drone as a case study. arXiv 2018, arXiv:1804.08649. [Google Scholar]
  24. Horsman, G. Unmanned aerial vehicles: A preliminary analysis of forensic challenges. Digit. Investig. 2016, 16, 1–11. [Google Scholar] [CrossRef]
  25. Procházka, T. Capturing, Visualizing, and Analyzing Data from Drones. Bachelor Thesis, Charles University, Staré Město, Czech Republic, 2016. [Google Scholar]
  26. Mohan, M. Cybersecurity in Drones; Utica College: Utica, NY, USA, 2016. [Google Scholar]
  27. Jain, U.; Rogers, M.; Matson, E.T. Drone forensic framework: Sensor and data identification and verification. In Proceedings of the 2017 IEEE Sensors Applications Symposium (SAS), Glassboro, NY, USA, 13–15 March 2017; pp. 1–6. [Google Scholar] [CrossRef]
  28. Clark, D.R.; Meffert, C.; Baggili, I.; Breitinger, F. DROP (DRone open source parser) your drone: Forensic analysis of the DJI phantom III. Digit. Investig. 2017, 22, S3–S14. [Google Scholar] [CrossRef]
  29. Prastya, S.E.; Riadi, I.; Luthfi, A. Forensic Analysis of Unmanned Aerial Vehicle to Obtain GPS Log Data as Digital Evidence. Int. J. Comput. Sci. Inf. Secur. 2017, 15, 280–285. [Google Scholar]
  30. Llewellyn, M. DJI Phantom 3-Drone Forensic Data Exploration; Edith Cowan University: Perth, Australia, 2017. [Google Scholar]
  31. Renduchintala, A.L.P.S.; Albehadili, A.; Javaid, A.Y. Drone Forensics: Digital Flight Log Examination Framework for Micro Drones. In Proceedings of the 2017 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, 14–16 December 2017; pp. 91–96. [Google Scholar] [CrossRef]
  32. Barton, T.E.A.; Bin Azhar, M.H. Forensic analysis of popular UAV systems. In Proceedings of the 2017 Seventh International Conference on Emerging Security Technologies (EST), Canterbury, UK, 6–8 September 2017; pp. 91–96. [Google Scholar] [CrossRef]
  33. Maune, K.G. A Project Completed as Part of the Requirements for BSc (Hons) Computer Forensic Investigation. 2018. Available online: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.1025.4878&rep=rep1&type=pdf (accessed on 3 March 2021).
  34. Benzarti, S.; Triki, B.; Korbaa, O. Privacy preservation and drone authentication using Id-Based Signcryption. Front. Artif. Intell. Appl. 2018, 303, 226–239. [Google Scholar] [CrossRef]
  35. Renduchintala, A.; Jahan, F.; Khanna, R.; Javaid, A.Y. A comprehensive micro unmanned aerial vehicle (UAV/Drone) forensic framework. Digit. Investig. 2019, 30, 52–72. [Google Scholar] [CrossRef]
  36. Dawam, E.S.; Feng, X.; Li, D. Autonomous Arial Vehicles in Smart Cities: Potential Cyber-Physical Threats. In Proceedings of the 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Exeter, UK, 28–30 June 2018; IEEE: New York, NY, USA, 2018; pp. 1497–1505. [Google Scholar]
  37. Esteves, J.L.; Cottais, E.; Kasmi, C. Unlocking the Access to the Effects Induced by IEMI on a Civilian UAV. In Proceedings of the 2018 International Symposium on Electromagnetic Compatibility (EMC EUROPE), Amsterdam, The Netherlands, 27–30 August 2018; pp. 48–52. [Google Scholar]
  38. Fitwi, A.; Chen, Y.; Zhou, N. An Agent-Administrator-Based Security Mechanism for Distributed Sensors and Drones for Smart Grid Monitoring; SPIE: Philadelphia, PA, USA, 2019; p. 11018. [Google Scholar] [CrossRef]
  39. Jones, Z.V.; Gwinnett, C.; Jackson, A.R. The effect of tape type, taping method and tape storage temperature on the retrieval rate of fibres from various surfaces: An example of data generation and analysis to facilitate trace evidence recovery validation and optimisation. Sci. Justice 2019, 59, 268–291. [Google Scholar] [CrossRef]
  40. Salamh, F.E.; Rogers, M. Drone Disrupted Denial of Service Attack (3DOS): Towards an Incident Response and Forensic Analysis of Remotely Piloted Aerial Systems (RPASs). In Proceedings of the 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC), Tangier, Morocco, 24–28 June 2019; pp. 704–710. [Google Scholar]
  41. Esteves, J.L. Electromagnetic Watermarking: Exploiting IEMI effects for forensic tracking of UAVs. In Proceedings of the 2019 International Symposium on Electromagnetic Compatibility-EMC EUROPE, Barcelona, Spain, 2–6 September 2019; pp. 1144–1149. [Google Scholar] [CrossRef]
  42. Mei, N. Unmanned Aircraft Systems Forensics Framework an Approach to Unmanned Aircraft Systems Forensics Framework. Ph.D. Thesis, Capitol Technology University, South Laurel, MD, USA, 2019. [Google Scholar]
  43. Sciancalepore, S.; Ibrahim, O.A.; Oligeri, G.; Di Pietro, R. Detecting drones status via encrypted traffic analysis. In Proceedings of the ACM Workshop on Wireless Security and Machine Learning, Miami, FL, USA, 14 May 2019; pp. 67–72. [Google Scholar] [CrossRef]
  44. Yihunie, F.L.; Singh, A.K.; Bhatia, S. Assessing and Exploiting Security Vulnerabilities of Unmanned Aerial Vehicles. Smart Innov. Syst. Technol. 2020, 141, 701–710. [Google Scholar] [CrossRef]
  45. Mistry, N.R.; Sanghvi, H.P. Drone forensics: Investigative guide for law enforcement agencies. Int. J. Electron. Secur. Digit. Forensics 2021, 13, 334–345. [Google Scholar] [CrossRef]
  46. Yang, C.-C.; Chuang, H.; Kao, D.-Y. Drone Forensic Analysis Using Relational Flight Data: A Case Study of DJI Spark and Mavic Air. Procedia Comput. Sci. 2021, 192, 1359–1368. [Google Scholar] [CrossRef]
  47. Alotaibi, F.M.; Al-Dhaqm, A.; Al-Otaibi, Y.D. A Novel Forensic Readiness Framework Applicable to the Drone Forensics Field. Comput. Intell. Neurosci. 2022, 2022, 1–13. [Google Scholar] [CrossRef]
  48. Atkinson, S.; Carr, G.; Shaw, C.; Zargari, S. Drone Forensics: The Impact and Challenges. In Digital Forensic Investigation of Internet of Things (IoT) Devices; Springer: Berlin/Heidelberg, Germany, 2021; pp. 65–124. [Google Scholar]
  49. Lan, J.K.W.; Lee, F.K.W. Drone Forensics: A Case Study on DJI Mavic Air 2. In Proceedings of the 2022 24th International Conference on Advanced Communication Technology (ICACT), Virtual Conference, 13–16 February 2022; pp. 291–296. [Google Scholar]
  50. Husnjak, S.; Forenbacher, I.; Peraković, D.; Cvitić, I. UAV Forensics: DJI Mavic Air Noninvasive Data Extraction and Analysis. In Proceedings of the 5th EAI International Conference on Management of Manufacturing Systems, Krynica-Zdrój, Poland, 5–7 October 2022; pp. 115–127. [Google Scholar]
  51. Parghi, P.; Dhamija, R.; Agrawal, A.K. Innovative Approach to Onboard Media Forensic of a Drone. In IOT with Smart Systems; Springer: Berlin/Heidelberg, Germany, 2022; pp. 307–314. [Google Scholar]
  52. Alhussan, A.A.; Al-Dhaqm, A.; Yafooz, W.M.S.; Emara, A.-H.M.; Razak, S.B.A.; Khafaga, D.S. A Unified Forensic Model Applicable to the Database Forensics Field. Electronics 2022, 11, 1347. [Google Scholar] [CrossRef]
  53. Alhussan, A.A.; Al-Dhaqm, A.; Yafooz, W.M.S.; Razak, S.B.A.; Emara, A.-H.M.; Khafaga, D.S. Towards Development of a High Abstract Model for Drone Forensic Domain. Electronics 2022, 11, 1168. [Google Scholar] [CrossRef]
  54. Bertino, E.; Kantarcioglu, M.; Akcora, C.G.; Samtani, S.; Mittal, S.; Gupta, M. AI for Security and Security for AI. In Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, Virtual, 26–28 April 2021; pp. 333–334. [Google Scholar]
  55. Nadkarni, P.M.; Ohno-Machado, L.; Chapman, W.W. Natural language processing: An introduction. J. Am. Med. Inform. Assoc. 2011, 18, 544–551. [Google Scholar] [CrossRef]
  56. Murphy, R.R. Introduction to AI robotics; MIT Press: Cambridge, MA, USA, 2019. [Google Scholar]
  57. Abdallah, A.; Maarof, M.A.; Zainal, A. Fraud detection system: A survey. J. Netw. Comput. Appl. 2016, 68, 90–113. [Google Scholar] [CrossRef]
  58. Kulik, S.D. Neural network model of artificial intelligence for handwriting recognition. J. Theor. Appl. Inf. Technol. 2015, 73, 1–10. [Google Scholar]
  59. Voronin, V.V.; Marchuk, V.I.; Semenishchev, E.A.; Makov, S.V.; Creutzburg, R. Digital inpainting with applicataions to forensic image processing. Electron. Imaging 2016, 28, 1–7. [Google Scholar]
  60. Oladipo, F.; Ogbuju, E.; Alayesanmi, F.S.; Musa, A.E. The State of the Art in Machine Learning-Based Digital Forensics. SSRN 2020. [Google Scholar] [CrossRef]
  61. Alhawiti, K.M. Advances in artificial intelligence using speech recognition. Int. J. Comput. Inf. Eng. 2015, 9, 1432–1435. [Google Scholar]
  62. Bithas, P.S.; Michailidis, E.T.; Nomikos, N.; Vouyioukas, D.; Kanatas, A.G. A survey on machine-learning techniques for UAV-based communications. Sensors 2019, 19, 5170. [Google Scholar] [CrossRef]
  63. Hachimi, M.; Kaddoum, G.; Gagnon, G.; Illy, P. Multi-stage jamming attacks detection using deep learning combined with kernelized support vector machine in 5g cloud radio access networks. In Proceedings of the 2020 International Symposium on Networks, Computers and Communications (ISNCC), Montreal, QC, Canada, 20–22 October 2020; pp. 1–5. [Google Scholar]
  64. Luo, P.; Wang, B.; Li, T.; Tian, J. ADS-B anomaly data detection model based on VAE-SVDD. Comput. Secur. 2021, 104, 102213. [Google Scholar] [CrossRef]
  65. Xiao, L.; Xie, C.; Min, M.; Zhuang, W. User-centric view of unmanned aerial vehicle transmission against smart attacks. IEEE Trans. Veh. Technol. 2017, 67, 3420–3430. [Google Scholar] [CrossRef]
  66. Hoang, T.M.; Duong, T.Q.; Tuan, H.D.; Lambotharan, S.; Hanzo, L. Physical layer security: Detection of active eavesdropping attacks by support vector machines. IEEE Access 2021, 9, 31595–31607. [Google Scholar] [CrossRef]
  67. Ahn, H. Deep learning based anomaly detection for a vehicle in swarm drone system. In Proceedings of the 2020 International Conference on Unmanned Aircraft Systems (ICUAS), Athens, Greece, 1–4 September 2020; pp. 557–561. [Google Scholar]
  68. Jeong, S.; Bito, J.; Tentzeris, M.M. Design of a novel wireless power system using machine learning techniques for drone applications. In Proceedings of the 2017 IEEE Wireless Power Transfer Conference (WPTC), Taipei, Taiwan, 10–12 May 2017; pp. 1–4. [Google Scholar]
  69. Sciancalepore, S.; Ibrahim, O.A.; Oligeri, G.; Di Pietro, R. PiNcH: An effective, efficient, and robust solution to drone detection via network traffic analysis. Comput. Netw. 2020, 168, 107044. [Google Scholar] [CrossRef]
  70. Nemer, I.; Sheltami, T.; Ahmad, I.; Yasar, A.U.-H.; Abdeen, M.A.R. RF-based UAV detection and identification using hierarchical learning approach. Sensors 2021, 21, 1947. [Google Scholar] [CrossRef]
  71. Shoufan, A.; Al-Angari, H.M.; Sheikh, M.F.A.; Damiani, E. Drone pilot identification by classifying radio-control signals. IEEE Trans. Inf. Forensics Secur. 2018, 13, 2439–2447. [Google Scholar] [CrossRef]
  72. Park, J.; Kim, Y.; Seok, J. Prediction of information propagation in a drone network by using machine learning. In Proceedings of the 2016 International Conference on Information and Communication Technology Convergence (ICTC), Jeju Island, Korea, 19–21 October 2016; pp. 147–149. [Google Scholar]
  73. Al-Dhaqm, A.; Razak, S.; Ikuesan, R.A.; Kebande, V.R.; Othman, S.H. Face Validation of Database Forensic Investigation Metamodel. Infrastructures 2021, 6, 13. [Google Scholar] [CrossRef]
  74. Kebande, V.R.; Ikuesan, R.A.; Karie, N.M. Review of Blockchain Forensics Challenges. In Blockchain Security in Cloud Computing; Springer: Berlin/Heidelberg, Germany, 2022; pp. 33–50. [Google Scholar]
  75. Kim, J.; Kim, M.-Y.; Kwon, H.; Kim, J.-W.; Im, W.-Y.; Lee, S.M.; Kim, K.; Kim, S.J. Active Machine Learning Adversarial Attack Detection in the User Feedback Process. Forensic Sci. Int. Rep. 2020, 3, 36908–36923. [Google Scholar] [CrossRef]
  76. Al-Dhaqm, A.; Razak, S.; Othman, S.H.; Choo, K.-K.R.; Glisson, W.B.; Ali, A.; Abrar, M. CDBFIP: Common database forensic investigation processes for Internet of Things. IEEE Access 2017, 5, 24401–24416. [Google Scholar] [CrossRef]
  77. Kebande, V.R.; Karie, N.M.; Choo, K.R.; Alawadi, S. Digital forensic readiness intelligence crime repository. Secur. Priv. 2021, 4, e151. [Google Scholar] [CrossRef]
  78. Al-Dhaqm, A.; Razak, S.A.; Ikuesan, R.A.; Kebande, V.R.; Siddique, K. A Review of Mobile Forensic Investigation Process Models. IEEE Access 2020, 8, 173359–173375. [Google Scholar] [CrossRef]
  79. Makura, S.; Venter, H.S.; Kebande, V.R.; Karie, N.M.; Ikuesan, R.A.; Alawadi, S. Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring. Secur. Priv. 2021, 4, e149. [Google Scholar] [CrossRef]
  80. Philomin, S.; Singh, A.; Ikuesan, A.; Venter, H. Digital forensic readiness framework for smart homes. In Proceedings of the International Conference on Cyber Warfare and Security, Albany, NY, USA, 17–18 March 2022. [Google Scholar] [CrossRef]
  81. Kebande, V.R.; Ikuesan, R.A. Virtual sensor forensics. In Proceedings of the 2nd International Conference on Intelligent and Innovative Computing Applications, Plaine Magnien, Mauritius, 24–25 September 2020. [Google Scholar] [CrossRef]
  82. Al-Dhaqm, A.; Razak, S.A.; Siddique, K.; Ikuesan, R.A.; Kebande, V.R. Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field. IEEE Access 2020, 8, 145018–145032. [Google Scholar] [CrossRef]
  83. Kelly, S.; Pohjonen, R. Worst practices for domain-specific modeling. IEEE Softw. 2009, 26, 22–29. [Google Scholar] [CrossRef]
  84. Al-Dhaqm, A.; Razak, S.A.; Othman, S.H.; Ali, A.; Ghaleb, F.A.; Rosman, A.S.; Marni, N. Database forensic investigation process models: A review. IEEE Access 2020, 8, 48477–48490. [Google Scholar] [CrossRef]
  85. Maarse, M.; Sangers, L.; van Ginkel, J.; Pouw, M. Digital forensics on a DJI Phantom 2 Vision+ UAV. Univ. Amst. 2016, 1, 22. [Google Scholar]
  86. Bucknell, A.; Bassindale, T. An investigation into the effect of surveillance drones on textile evidence at crime scenes. Sci. Justice 2017, 57, 373–375. [Google Scholar] [CrossRef]
  87. Bouafif, H.; Kamoun, F.; Iqbal, F.; Marrington, A. Drone Forensics: Challenges and New Insights. In Proceedings of the 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, France, 26–28 February 2018; pp. 1–6. [Google Scholar] [CrossRef]
  88. Gülataş, İ.; Baktır, S. Unmanned aerial vehicle digital forensic investigation framework. J. Nav. Sci. Eng. 2018, 14, 32–53. [Google Scholar]
  89. Shi, X.; Yang, C.; Xie, W.; Liang, C.; Shi, Z.; Chen, J. Anti-drone system with multiple surveillance technologies: Architecture, implementation, and challenges. IEEE Commun. Mag. 2018, 56, 68–74. [Google Scholar] [CrossRef]
  90. Guvenc, I.; Koohifar, F.; Singh, S.; Sichitiu, M.L.; Matolak, D. Detection, tracking, and interdiction for amateur drones. IEEE Commun. Mag. 2018, 56, 75–81. [Google Scholar] [CrossRef]
  91. Ding, G.; Wu, Q.; Zhang, L.; Lin, Y.; Tsiftsis, T.A.; Yao, Y.-D. An amateur drone surveillance system based on the cognitive Internet of Things. IEEE Commun. Mag. 2018, 56, 29–35. [Google Scholar] [CrossRef]
  92. Le Roy, F.; Roland, C.; Le Jeune, D.; Diguet, J.-P. Risk assessment of SDR-based attacks with UAVs. In Proceedings of the 2019 16th International Symposium on Wireless Communication Systems (ISWCS), Oulu, Finland, 27–30 August 2019; pp. 222–226. [Google Scholar] [CrossRef]
  93. Caro, M.F.; Josyula, D.P.; Cox, M.T.; Jiménez, J.A. Design and validation of a metamodel for metacognition support in artificial intelligent systems. Biol. Inspired Cogn. Archit. 2014, 9, 82–104. [Google Scholar] [CrossRef]
  94. Bogen, A.C.; Dampier, D.A. Preparing for Large-Scale Investigations with Case Domain Modeling. In Proceedings of the 5th Annual Digital Forensic Research Workshop, DFRWS 2005, New Orleans, LA, USA, 17–19 August 2005. [Google Scholar]
  95. Al-Dhaqm, A.; Razak, S.A.; Dampier, D.A.; Choo, K.-K.R.; Siddique, K.; Ikuesan, R.A.; Alqarni, A.; Kebande, V.R. Categorization and organization of database forensic investigation processes. IEEE Access 2020, 8, 112846–112858. [Google Scholar] [CrossRef]
  96. Adedayo, O.M.; Olivier, M.S. Schema reconstruction in database forensics. IFIP Adv. Inf. Commun. Technol. 2014, 433, 101–116. [Google Scholar] [CrossRef]
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Article Metrics

Citations

Article Access Statistics

Journal Statistics
Multiple requests from the same IP address are counted as one view.
Download PDF
The Role of a Polymer-Based E-Nose in the Detection of Head and Neck Cancer from Exhaled Breath
Previous
Feedback Integrators for Mechanical Systems with Holonomic Constraints
Next