Drones (Jun 2024)
Digital Forensic Research for Analyzing Drone and Mobile Device: Focusing on DJI Mavic 2 Pro
Abstract
With the frequent occurrence of drone-related criminal cases, drone forensics has become a hot spot of concern. During drone-related criminal investigations, the implicated drones are often forcibly brought down, which poses significant challenges in conducting forensic analysis. In order to restore the truth of criminal cases, it is necessary to extract data not only from the external TF card but also from internal chip memory in drone forensics. To address this issue, a drone data parser (DRDP) is proposed to extract internal and external data from criminal-implicated drones. In this paper, we present comprehensive forensics on the DJI Mavic 2 Pro, analyzing the main file structure and encryption model. According to its file structures, three case studies are conducted on various file types (DAT files, TXT files, and default files) to verify the effectiveness and applicability of the designed procedure. The results show that the encrypted data of the implicated drone, such as GPS information, flight time, flight altitude, flight distance, three velocity components (x, y, z) and other information can be extracted and decrypted correctly, which provides evidence for the identification of the case facts.
Keywords