Hindawi

Computational Intelligence and Neuroscience

Volume 2022, Article ID 8002963, 13 pages
https://doi.org/10.1155/2022/8002963

Research Article
A Novel Forensic Readiness Framework Applicable to the Drone
Forensics Field

Fahad Mazaed Alotaibi ,1 Arafat Al-Dhaqm ,2,3 and Yasser D. Al-Otaibi 4

1
Department Information System, Faculty of Computing and Information Technology (FCIT), King Abdulaziz University,
Jeddah, Saudi Arabia
2
School of Computing, Faculty of Engineering, Universiti Teknologi, Skudai, Malaysia
3
Department of Computer Science, Aden Community College, Aden, Yemen
4
Department of Information Systems, Faculty of Computing and Information Technology in Rabigh, King Abdulaziz University,
Jeddah 21589, Saudi Arabia

Correspondence should be addressed to Arafat Al-Dhaqm; mrarafat1@utm.my

Received 11 January 2022; Accepted 7 February 2022; Published 28 February 2022

Academic Editor: Vijay Kumar

Copyright © 2022 Fahad Mazaed Alotaibi et al. This is an open access article distributed under the Creative Commons Attribution
License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is
properly cited.
The Drone Forensics (DRFs) field is a branch of digital forensics, which involves the identification, capture, preservation, re-
construction, analysis, and documentation of drone incidents. Several models have been proposed in the literature for the DRF
field, which generally discusses DRF from a reactive forensic perspective; however, the proactive forensic perspective is missing.
Therefore, this paper proposes a novel forensic readiness framework called Drone Forensics Readiness Framework (DRFRF) using
the design science method. It consists of two stages: (i) proactive forensic stage and (ii) reactive forensic stage. It considers
centralized logging of all events of all the applicants within the drone device in preparation for an examination. It will speed up
gathering data when an investigation is needed, permitting the forensic investigators to handle the examination and analysis
directly. Additionally, digital forensics analysts can increase the possible use of digital evidence while decreasing the charge of
performing forensic readiness. Thus, both the time and cost required to perform forensic readiness could be saved. The
completeness, logicalness, and usefulness of DRFRF were compared to those of other models already existing in the DRF domain.
The results showed the novelty and efficiency of DRFRF and its applicability to the situations before and after drone incidents.

1. Introduction collects digital evidence to avoid any future risk or disaster.

On the other hand, the reactive forensics stage refers to the
Digital forensics is a significant domain that involves cap- process after the occurrence of the crime. The main aim of
turing and analyzing cybercrimes. It has many branches: this stage is to identify, capture, preserve, analyze, and
database forensics, IoT forensics, cloud forensics, drone document cybercrime. Therefore, all digital forensics
forensics, wireless forensics, malware forensics, mobile fo- branches are categorized under these two stages. Studies on
rensics, network forensics, and data forensics. These the proactive forensics approach have mainly explored fo-
branches have numerous and redundant forensics models, rensic readiness within the context of the ISO/IEC 27043:
frameworks, approaches, policies, procedures, and tasks. 2015 standard [1–7]. Proactive strategies towards enhancing
However, the digital forensics domain suffers from the digital forensics suggest that measures can be implemented
absence of a standardized forensic framework to deal with all within the system under consideration so that relevant and
these branches. To deal with all cybercrimes, the digital potentially useful pieces of evidence could be collected in a
forensics field consists of two stages: proactive forensics and forensically sound manner before the occurrence of a digital
reactive forensics. Proactive forensics refers to forensic incident. Therefore, this is the first study to develop and
readiness before a crime happens; this stage prepares and validate a novel forensic readiness framework applicable to
2 Computational Intelligence and Neuroscience

the DRF field using the metamodeling approach. The pro- The authors in [10] attempted to generally review DRF
posed forensic framework, called Drone Forensics Readiness with the use of DJI Phantom 2. They carried out breakdown
Framework (DRFRF), consists of two stages: (i) proactive analyses of the hardware and software components of the
forensics stage and (ii) reactive forensics stage. DRFRF was drone and discussed the ways they can be applied to the
validated using the qualitative technique (comparison implementation of DRFs. Their findings succeeded in the
against other models). The results showed that DRFRF is establishment of a belief in the persistence and scope of
novel and can deal with drone crimes both before and after DRFs. Besides, this research provides a good opportunity for
the crime occurrence. scrutinizing deeper into this concept and improving it.
The rest of the article is structured as follows: Section 2 Moreover, the researchers in [14] worked on integrating the
provides related work; then, Section 3 introduces a meth- visualizing data retrieved from drones and a nonforensic
odology. Section 4 provides a discussion and finally, the approach. This study was carried out on the Parrot AR
conclusion is presented in Section 5. Drone 2.0. With their self-designed application, the log
parameters from flight data were visualized, although the
2. Related Work evaluation was performed on only a small number of drones.
In [15], the authors analyzed the susceptibilities and uses of
Several models and frameworks have been proposed for the drones and their relationships with cybersecurity-related
DRF field in the literature. These models and frameworks have issues. The findings confirmed that in cases where drones are
discussed DRF from four perspectives: (1) forensic analysis, (2) hacked and misused by opponents, it could lead to con-
nonforensic analysis, (3) forensic framework, and (4) applica- siderable threats or ramifications. Their research mainly
tion in the forensic analysis [8]. For example, the authors in tested the benefits of applying drones to many situations,
[8, 9] discussed how to recover the required evidence in case a from using them as children’s toys to applying them as
drone is investigated under digital forensics circumstances. weapons for mass destruction.
These studies mainly focused on the wireless forensic aspects; A forensic framework comprising 12 phases was
the researchers in [10] were centered on all parts of a drone. designed in [16] to introduce a new approach through which
However, both highlighted the Linux Operating System and its UAVs can be investigated systematically. They conducted
desirable capacities in collecting evidence on the Linux file extensive tests on five commercial UAVs, including the
system. Remember that drones require an OS to work. In [11], Parrot AR Drone 2.0, to identify and understand the rela-
an attempt was made to design a certain tool with the help of tionships among different components. Moreover, an ex-
Java-FX to be well applied to the visualization of real-time flight periment was carried out for the validation of the proposed
control. This tool cannot be implemented directly in forensics; framework. Each UAV involved in the testing was modified
though, it can establish an effective connection between the by the removal and/or addition of some of its components. It
controller and the drone for data transferring procedures, and it was done mainly to check whether the framework
can visualize sensor parameters such as IMU, GPS, and altitude encompassed all of the different elements in any basic
for pilots, hence providing a flight with a high level of safety. commercial UAV and also to test its applicability to a
Similarly, in [12], the DJI Phantom 2 Vision Plus was comprehensive UAV analysis. The authors concluded that
forensically analyzed to answer the following critical ques- the absence of law enforcement training processes in UAV is
tion: “Can the flight path of a UAV be reconstructed with the a key issue that hinders the effective mitigation of attacks.
use of positional data collected from the UAV?” In addition, Any of the five UAVs were not subjected to forensic ana-
a concise investigation of counterforensic methods was lyses; though, a valuable framework was finally provided,
conducted to ascertain if the flight path record could be which can help scholars to examine and analyze stages. The
detected. In another research, a preliminary forensic analysis first wide-ranging analysis of the DJI Phantom 3 Standard
of the Parrot Bebop was done in [13]. The Parrot Bebop can was carried out in [17]. In that study, a forensically sound
be named as the only UAV comparable with the Parrot AR open-source Drone Open-Source Parser (DROP) tool was
Drone 2.0. The researcher in [14] addressed the key chal- also developed. The underinvestigation UAV was flown to
lenges in UAV forensic analyses and then carried out his two different sites. Afterward, the data acquired were divided
investigation on two separate parts: UAV and flight con- into three parts: controller, drone, and phone/tablet. Ulti-
troller. The flight-related data were retrieved from the device mately, two files of interest were explored: (1) the “.dat” files
in the form of “.pud” files. Moreover, a new “.pud” file was generated by the UAV and (2) the “.txt” files generated by
formed at each session between the controller and UAV. At the DJI GO application. These files were decrypted and
the opening point of each “.pud” file, a set of metadata was decoded; then, the flight information related to Wi-Fi
explored, which consisted of the serial number of the UAV, connections, GPS locations, flight status, remote control,
the flight date and time, the model of the flight controller, motors, etc., were extracted. After the analysis of the ac-
and the flight controlling application. Then, an attempt was quired data and understanding the proprietary file struc-
made to identify the videos/images recorded by the UAV’s tures, the DROP tool was developed to analyze the
onboard camera. The images preserved the EXIF data that evidentiary files.
contained the latitude/longitude coordinates of the places Findings reported in [17] showed that if a UAV is turned
from which the images were taken. The ownership can be on, the integrity of the data kept on its internal storage could
established only when the UAV and controller have been be impacted. A new “.dat” file is generated each time the
seized through the identification of the device serial number. UAV is turned on. Moreover, it was found out that in case
Computational Intelligence and Neuroscience 3

the SD card is at or near its full capacity, turning on the UAV thoroughly visualized with the help of Google Earth. That
causes the immediate removal of the oldest data in a way not approach was found with a high focus upon general tech-
to be coverable later. As stated in [17], although their re- nical descriptions of a drone with a forensic perspective. In
search offered an appropriate point to start UAV forensic another research [8], in-depth forensic analyses were applied
analysis, further research is required to cover the broad to the Parrot AR Drone 2.0, its GPS Edition, and its outlying
range of UAVs obtainable presently. The authors in [18] components, i.e., the flight recorder and flight controller.
provided a comprehensive discussion regarding the ways the In [22], the researchers attempted to explore the diffi-
GPS coordinates can be applied as location evidence when culties that may appear in the course of forensically ana-
investigating the crimes committed using drones. They lyzing UAV/drones. To this end, they decided to examine
attempted to extract the system logs. They also made a vi- and evaluate the currently used forensic guidelines regarding
sualization of GPS coordinates on maps, where web-based their efficiency when applied to DRFs analyses. After that,
third-party platforms were employed to plot the flight path. the authors offered their own set of guidelines in this regard
In another project [16], a forensic model was introduced and, to end with, they explained the way their guidelines can
to determine and authenticate different drone components be effectively implemented when analyzing a drone foren-
that can be employed in committing unlawful deeds. The sically. As a case study, DJI Phantom 3 drone was used. One
study was centered on the analysis of physical evidence of the most important limitations in UAV forensics is the
gathered by investigators from the crime scene along with absence of already-confirmed forensically sound tools,
GPS-related data and any multimedia found on board. The which indeed offers a direction for future research. For
research was carried out on five commercial drones together instance, the next logical step would be creating various
with their components once seized at crime scenes. A key parsing tools with the capability to analyze original data and
challenge in lowering drone attacks is the shortage of law provide legible and dependable information. Moreover,
enforcement training processes in this field. In another UAVs will have the required capacity to be well integrated
study, the researchers [19] made their attempts to find out with radio communication services in the future.
the correlation of the flight data amongst the drone, SD card, The authors in [23] proposed an architecture using the
and mobile phone. The establishment of a link between the Id-Based Signcryption to guarantee the authentication
drone and the suspect could facilitate criminal investiga- process and privacy preservation. First, the important ele-
tions. Applying specific software to personal UAV devices ments on which the architecture relies were defined. Af-
can provide a plethora of digital artifacts from GPS time- terward, the interaction between these elements was
stamps and waypoints, the number of satellites connected, examined to understand how the process works. Then, the
barometer, roll, pitch, distance, azimuth, battery status, proposed authentication scheme was explained in detail. As
video, and photos. In [20], the researchers analyzed the a result, they used the RFID tags to track drones and the
essential major log parameters of the autonomous drone and temporary identity for the purpose of privacy preservation.
suggested the use of comprehensive software architecture A simulation was conducted to calculate the average renewal
related to DRFs with preliminary results. The authors ex- of temporary identity by varying the time and the drones’
pected their proposed software to make available a user- speed.
friendly graphical user interface (GUI) on which users would In [24], a captured UAV was analyzed under forensic
be capable of extracting and examining the onboard flight conditions. Security forces may capture a suspected UAV
information. They expected to have a contribution to the with the use of a shotgun (or any other applicable tech-
forensic science community by proposing a tool applicable nique), or it may be a device that has crashed into private
to investigations on drone-related crime cases. As stated in properties. When a UAV is to be subjected to forensic in-
[21], open-source tools such as CsvView and ExifTool have vestigations, there is a need to identify its software/hardware
been employed by several scholars to extract artifacts from modules. Then, it is necessary to collect available evidence,
mobile applications of drones with the use of mobile forensic provide the chain of custody, and analyze the media/artefact
techniques. In that study, Kali (which is a Linux distribution) loaded on the device. On the other hand, the illegitimate use
and Windows were employed as forensic workstations to of UAVs, which is increasingly occurring, shows a legal
carry out the required forensic analyses on two drones, DJI loophole that exists in the currently applied aviation regu-
Phantom 3 and A.R Drone. The open-source tools, e.g., Geo- lations. This has, consequently, led to the shortage of in-
Player, have been applied mainly to the visualization of flight formation and prevailing standards on how the UAV
path data. Because of the nonexistence of an appropriate incidents could be investigated. Conversely, a study in [25]
build environment that includes configuration tools, a explored the potential cyber-physical security threats and
package manager, and a compiler in the UAV system, this attempted to address the existing challenges that could be
option needs to extensively change the data that exist in the attributed to UAV security before UAVs become the pre-
UAV. Therefore, it was stopped in favor of the logical level vailing vehicles in future smart cities. In addition, the au-
acquisition. It was done by mounting a forensic mass storage thors suggested a method applicable to the investigation of
device onto a UAV; then, files were completely copied from large-scale cyber-security attack vectors of such systems
the mounted “/data” partition with the use of the “cp” based on four categories of systems, which are of high
command. Digital forensics was also applied in [9] to the importance to UAV operations. Moreover, they explained
Parrot A.R Drone 2.0. In that study, several general facts and their impacts in detail and the effective ways to counter such
file formats were discussed, and the flight path was attacks. In another project, arbitrary software was designed
4 Computational Intelligence and Neuroscience

and applied in [26] to a locked target to gain access to were carried out with the use of the chi-square test of in-
interior sensors and logs of the device using the neutrali- dependence did not reveal any considerable connection
zation and hardening strategies to predict the effectiveness. between the groups of respondents’ drone investigations and
In [24], an inclusive-based framework was proposed for the methods used to conduct UAS forensics.
drone forensic analysis, involving both physical and digital In [32], drone attacks were discussed from a different
forensics. In the case of physical forensics, a model was perspective. Their study was mainly aimed at identifying where
created with the capability to investigate drone components the SDR board is (or could be) applied to the implementation of
right at the crime scene. The framework had enough pro- an attack and/or a countermeasure so that current and future
ficiency to be applied to the postflight investigations of the risks could be highlighted. As a result, their analysis was mainly
activities of the drone. Moreover, the authors designed a centered on two facets one of which was related to targets of the
powerful application that could be implemented in digital attacks and the other one to the direction of the attacks. There
drone forensic analysis, centering mainly upon the analysis may be more than one target, which offers multiple possible
of the drones’ critical log parameters through a GUI de- countermeasures. Targets may include the sensor (mainly GPS),
veloped with the help of JavaFX 8.0. telemetry, remote telecontrol, the embedded software, the
In another research [27], a new Distributed, Agent-based physical signature (optical, audio, infrared, electromagnetic, and
Secure Mechanism was proposed for IoD and Smart grid radar), and/or cognitive channel (cognitive scrambling and
sensors monitoring (DASMIS) scheme. It was designed to stealthy communication). The attacks may be directed from
run over a hybrid of peer-to-peer (P2P) and client-server (C/ ground to drone, or vice versa, or even from a drone to drone.
S) network architecture with reduced protocol overheads for The researchers in [33] proposed an innovative method for
immediate and bandwidth-efficient communication. In this quickly and accurately detecting whether a drone is flying or
system, each node is loaded with an initial status and lying on the ground. Such results are obtained without resorting
equipped with a python-based agent that is capable of to any active technique; rather, they are achieved through just
scanning and detecting burned in read-only node-IDs, Node eavesdropping on the radio traffic and processing it through
IP Address, node MAC address, system calls made, installed standard machine learning techniques. According to the
applications, all running system programs and applications, findings reported in [33], with effective classifying the network
and modifications. Additionally, it performs data encryption traffic, a drone’s status can be properly detected with the help of
and hashing and reports changes to other peer nodes and the the widespread operating system of ArduCopter (e.g., several
server sitting in the C&C center. The agent securely au- DJI and Hobbyking vehicles). Additionally, a lower bound was
thenticates nodes, enciphers the communication, and au- formed upon the detection delay at the time of applying the
thorizes internode access. It prevents and detects attacks above-noted methodology. The proposed solution was capable
such as masquerading, modification, and DoS attacks. of discriminating against the drones’ state (steady or moving)
Furthermore, the authors in [28] conducted a study with roughly 0.93 SR in almost 3.71 seconds.
aimed at giving help to whoever is tasked with the generation In [34], the security susceptibility of two drones, namely
and analysis, validation, and/or optimization of data to trace Eachine E010 and Parrot Mambo FPV, was evaluated. The
evidence recovery. For this purpose, the authors elaborated former drone was found vulnerable to Radio Frequency (RF)
the approach used to solve this problem based on the target replay and custom-made controller attacks, whereas the latter
fiber retrieval context using self-adhesive tapes. was found susceptible to deauthentication and FTP service
Moreover, in [29], the researchers attempted to adapt attacks. The authors provided a full discussion on both the
digital forensic processes capable of improving the drone security susceptibilities of the above-mentioned UAVs and
incident response plan by implementing the digital forensic the potential countermeasures that can be taken into action to
analysis process. More detailed information was provided improve the resilience of UAVs against probable attacks.
regarding the developed Drone Forensic and Incident Re- The overall legal process to gather and examine any
sponse Plan (DFIR) in that study. The findings showed that drones from the crime scene and examine inside the lab has
the Federal Aviation Administration (FAA) can update the been discussed by [35].
requirements of its Unmanned Aerial Systems (UAS) based Also, [36] proposed a model to collect and document
on two classifications of UAS. They also comprehensively digital data from the flight artifacts and the related mobile
reviewed the related literature and concluded that it lacked devices to help the forensic examination of two common
studies focusing upon incident responses and forensic drone systems: the DJI Spark and Mavic Air.
analysis frameworks developed specifically for remotely The review of the literature revealed that the DRF field
piloted aerials systems. For that reason, the authors made an lacks a forensic readiness framework to structure, organize,
effort to fill the gap. and unify the DRF field from a readiness perspective. Thus,
The electromagnetic watermarking concept was intro- this study proposes a comprehensive readiness forensic
duced in [30] as a technique that exploits the IEMI impacts framework applicable to the DRF field.
for embedding a watermark into civilian UAVs with the aim
of performing forensic tracking. 3. Methodology
In [31], the authors surveyed a small sample of aircraft
accident investigators and digital forensics investigators and This paper adopted a Design Science Research (DSR)
examined their use of forensics frameworks to conduct method to develop a drone forensic readiness framework.
forensic investigations on drones. The data analyses that DSR is a method used to generate original and insistent
Computational Intelligence and Neuroscience 5

objects for a particular problem area that allows analytics to

be studied [37]. For this research, the metamodeling ap- Start
proach was adopted from [38]. It consists of two stages as
shown in Figure 1: searching stage and development and
validation stage. Stage I: Searching Stage
Stage I: searching stage: this stage involves conducting a
literature review and collecting data. It consists of three Identifying Search Engines
steps:
(1) Identifying Search Engines: seven common search
engines are used in this study to collect data: IEEE Collecting Drones’ Forensic Models
Explorer, Web of Science, Scopus, Springer, ACM,
Science Direct, and Google Scholar.
Filtering Data
(2) Collecting drone forensic models: to collect data, the
authors identified keywords (“Drones Forensics,”
“Drone Forensics + Model”). Based on the keywords,
132 articles were collected from the literature, as
shown in Table 1. Stage II: Development and Validation Stage

(3) Filtering data: regarding the time scope, the search

was confined to the studies published between Identifying Development Models
2000 and January 2021. For the purpose of the
present paper, documents such as research arti-
cles, conference papers, dissertations, books, and Extracting Domain Concepts
book chapters were considered, and the other
types of documents were excluded. In addition,
the duplicates and screening of the topic and
Combining Extracting Concepts
abstracts were ignored. Table 1 summarizes the
details of the search protocols employed in this
study. Finally, 29 out of 132 articles were identified
Identifying Relationships
to be completely focused upon regarding the topic
of DRFs processes and technology perspectives in
this field.
Proposing a Drone Forensic Readiness
Stage II: Development and Validation Stage: this stage Framework
involves developing and validating DRFRF. It consists of
several steps:
(1) Identifying the development models: this step aims
Validating a Drone Forensic Readiness
to identify the development and validation models
Framework
used to develop and validate the forensic readiness
framework. Table 2 displays the development and
validation models.
(2) Extracting common concepts and proc-
essesCommon processes and concepts were exe- End
crated from 32 identified models. The extraction
criteria were adopted from [47]: the processes and
Figure 1: Metamodeling approach [38].
concepts should be extracted from the model’s text
body or the flowchart, and the concept or processes
must have a definition or activities. Irrelevant pro- concepts and processes, either in semantic
cesses or concepts were excluded. Thus, 150 common meaning or functional meaning. The common
concepts and processes were extracted, as shown in concepts or processes were selected for each group
Table 3. based on frequency [48]. The common concept or
(3) Combining extracted processes and conceptsthe process with a higher frequency in the categori-
common concepts or processes with similar meaning zation was selected as a common concept, as
or functioning regardless of their names or syno- shown in Table 3.
nyms were combined into the same category, as (4) Identifying relationshipsthis step identifies the re-
presented in Table 3. Based on the techniques de- lationships among proposed drone forensic pro-
scribed above, 150 common concepts were catego- cesses and concepts. A survey of drone forensic
rized into 32 groups. Each group has similar models showed various UML relationships amongst
6 Computational Intelligence and Neuroscience

Table 1: Results of search engines. CC will use the archive mode technique to archive
Number of drone forensic-related
all the log files to avoid loss of evidence. Finally,
Database search engines CC sends the accumulated data logs to the pres-
articles
ervation phase to create a hash value for each log
Web of Science 10
Scopus 20 file sent to the hashing storage area to preserve
IEEE Explore 5 evidence.
Springer Links 6 (2) Preservation Phase. The primary goal of evidence
Google Scholar 80 preservation is to ensure that absolutely no changes
ACM 1
are made to the captured/logged data after collection
Science Direct 10
Total 132
[49]. Figure 1 demonstrates how the log files are
preserved in the proposed framework. The Evidence
The bold values mean the total articles which were collected from search
engines.
Store (ES) stores all the captured data received from
various CCs. In general, ES acts as a central storage
the concepts and processes that were common area for all the data captured by CC. ES logs the data
among all such models. Three kinds of common in chronological order. These data are stored
UML relationships were discovered: Association, according to CC from which the drone was moni-
Specialization/Generalization, and Aggregation. tored. It is worth noting that the data stored in ES are
needed for analysis purposes only. Analysis of these
(5) Proposing a drone forensic readiness framework: the
data will only occur if a particular incident has been
relationships identified in the above step were used
reported on the drone, which needs to be investi-
to create the drone forensic readiness framework
gated. The hash values of the log files are created in
applicable to the drone forensics field (see Figure 2).
the “perform hashing” to hash the whole captured
It consists of two stages: before the occurrence of
logfiles. Our proposed framework adopts the MD5
drone crime (proactive forensics stage) and after
and SHA-1 hashing techniques. Hashing is a
the occurrence of drone crime (reactive forensics
mathematical function that creates a unique fixed-
stage).
length string from a message of any length. The
Stage 1: Before the Occurrence of Drone Crime. This result of a hash function is a hash value, sometimes
stage represents the main stage of the proposed called a message digest. It is worth noting that the
framework. The main aim of this stage is to monitor hashed blocks of data will only be used to check
and capture the whole drones’ activities before any that the logged data on ES has not been altered
crime or incident happens. It is called the proactive during the course of a digital forensic investiga-
forensics stage. It consists of two phases: the mon- tion. Preserving the integrity of digital evidence is
itoring & capturing phase and the preservation an absolute requirement of the digital forensic
phase. process.
(1) Monitoring and Capturing Phase. The purpose of this
phase is to observe and secure the flight paths of the Stage2: After the Occurrence of Drone Crime. This is
drone and capture the whole streaming activities the second stage of the proposed framework. It
(e.g., photos, GPS data, and records). For security involves conducting a normal digital forensic in-
purposes, the monitoring component uses a firewall vestigation process to reveal the evidence of the
to filter both incoming and outcoming wireless drone crime. It is called the reactive forensic stage.
traffic. “Filtering” is defined as the process of con- It consists of two processes: examination and
trolling access by examining all the packets based on analysis process, and documentation and reporting
the content of their headers. However, a firewall process. The examination process is used to check
cannot detect all the misconduct data since some the authenticity of the gathered data against any
laptop/mobile devices may make their identities tampering through rehashing the captured data.
unclear to appear as legitimate users of the network. Thus, if the captured data are not authentic, the
For that reason, our proposed framework employs a investigation team should return to the preserva-
component called the Capture Component (CC), tion stage to take another original copy. If the
which records or logs all the monitored data sent captured information is correct and has not been
from the drone. CC gathers all the volatile and tampered with, the data will move to the analysis
nonvolatile data monitored to gather potential phase. The main purpose of the analysis phase of the
digital evidence. Each drone has its associated CC proposed framework is to mine and extract the data
that captures/logs the data passing through that from ES to come up with evidence that can associate
laptop/mobile. CC captures/logs the data in log a particular adversary with a criminal activity
files, as depicted in Figure 2. These log files are committed on the drone device. The analyzed data
working in a circular manner and archive mode to are next passed on to the documentation and
avoid overwritten log files. For example, if the reporting phase. Although it is not within the scope
current log file is full, CC will move to the next log of this study to discuss data mining in detail, the use
file; however, if the current log file is the last one, of data-mining techniques should not be
Computational Intelligence and Neuroscience 7

Table 2: Development and validation models.

Models
Id Year Authors Focuses
references
A forensic examination of the flight path reconstruction method for DJI Phantom 2
1 [11] 2015 Mhatre et al.
Vision Plus.
2 [13] 2016 Horsman Investigation and analysis of both the DJI Phantom II and DJI Phantom III model UAVs.
3 [15] 2016 Mohan Testbed model of evidence acquisition from UAVs
Preliminary digital forensic analysis of Parrot Bebop UAV (capable of 1080p HD footage
4 [10] 2016 Kovar et al. and 14 megapixels still images, a 2.4 GHz or 5 GHz Wi-Fi band, s, flight distances can
extend beyond 2000 m and to a maximum altitude of 150 m).
5 [39] 2016 Maarse et al. Development of visualization tool for drone analysis.
6 [14] 2016 Procházka Drones vulnerabilities
Drone forensic framework: Sensor and data identification and verification. Specifically,
7 [18] 2017 Prastya et al. this research analyzes the architecture of drones and then proposes a generic model that
is aimed at improving digital investigation.
DROP (DRone Open-source Parser) your drone: Forensic analysis of the DJI Phantom
8 [16] 2017 Jain et al.
III.
Mainly Forensic Analysis of Unmanned Aerial Vehicle to Obtain GPS Log Data as Digital
9 [17] 2017 Clark et al. Evidence. This has been achieved through Digital forensic evidence extraction through
the simulation of a UAV scenario that explicitly uses drones.
Bucknell and
10 [40] 2017 An investigation into the effect of surveillance drones on textile evidence at crime scenes.
Bassindal
11 [19] 2017 Llewellyn Drone Forensic Investigation: DJI Spark Drone as A Case Study.
12 [21] 2017 Barton and Azhar Autonomous Arial Vehicles in Smart Cities: Potential Cyber-Physical Threats.
An agent-administrator-based security mechanism for distributed sensors and drones for
13 [41] 2017 Renduchintala et al.
smart grid monitoring.
Drone Forensic Analysis Using Open-Source Tools in The Journal of Digital Forensics,
14 [9] 2018 Bouafif et al.
Security and Law.
15 [42] 2018 Roder et al. Drone Forensics: Challenges and New Insights.
Unmanned aerial vehicle forensic investigation process: DJI Phantom 3 drone as a case
16 [22] 2018 Maune
study.
17 [23] 2018 Benzarti et al. Unlocking the Access to the Effects Induced by IEMI on a Civilian UAV.
18 [43] 2018 Gülataş and Baktır Unmanned Aerial Vehicle Digital Forensic Investigation Framework.
19 [25] 2018 Dawam et al. Privacy preservation and drone authentication using ID-Based Signcryption.
20 [26] 2018 Esteves et al. A comprehensive micro unmanned aerial vehicle (UAV/Drone) forensic framework.
21 [44] 2018 Shi et al. Antidrone system.
22 [45] 2018 Guvenc et al. Techniques of detecting and tracking UAV.
23 [46] 2018 Ding et al. Amateur Drone Surveillance Systems.
Drone Forensics: Digital Flight Log Examination
24 [24] 2019 Renduchintala et al.
Framework for Microdrones.
The effect of tape type, taping method, and tape storage temperature on the retrieval rate
25 [27] 2019 Fitwi et al. of fibres from various surfaces: An example of data generation and analysis to facilitate
trace evidence recovery validation and optimization.
Drone Disrupted Denial of Service Attack (3DOS): Towards an Incident Response and
26 [28] 2019 Jones et al.
Forensic Analysis of Remotely Piloted Aerial Systems (RPASs).
27 [29] 2019 Salamh and Rogers Electromagnetic Watermarking: exploiting IEMI effects for forensic tracking of UAVs.
28 [30] 2019 Esteves An Approach to Unmanned Aircraft Systems Forensics Framework.
29 [31] 2019 Esteves et al. Detecting Drones Status via Encrypted Traffic Analysis.
30 [32] 2019 Le Roy et al. Assessing and Exploiting Security Vulnerabilities of Unmanned Aerial Vehicles.
31 [33] 2019 Sciancalepore et al. Risk assessment of SDR-based attacks with UAVs.
32 [34] 2020 Lakew Yihunie et al. Forensic analysis of the Parrot AR Drone 2.0 GPS Edition and its peripheral components.

overlooked during the process of conducting a the intruder is guilty or not, based on the evi-
digital forensic investigation. dence presented by the cyber forensic experts
During the reporting phase, the final evidence is concerned.
prepared for the entire digital forensic investigation. (6) Validating Drone Forensic Readiness Framework.
The data are used by cyber forensic experts when This is the sixth step of the development and vali-
they testify in a court of law that an intruder should dation process of the drone forensic readiness
be found guilty based on the evidence that they have framework. It is used to validate the proposed
gathered in their digital forensics investigation. The framework’s completeness, logicalness, and useful-
prosecutor in a court of law has to decide whether ness through a validation technique, namely a
8 Computational Intelligence and Neuroscience

Table 3: Common concepts and processes.

No. Propose common processes and concepts Candidate concepts and processes Frequency
Monitoring and capturing 3
1 Monitoring and capturing
Seizure 1
Gathering evidence 1
2 Data Acquisition
Data acquisition 3
Intruder’s transactions 1
3 Intruder Activity Intruder activity 2
Malicious transaction 1
Data collected 8
4 Data Collected
Acquired data 1
Reconstructing log events 1
Reconstruction 5
5 Reconstruction
Reconstruction event 1
Reconstructing 1
6 Hashing Hashing 4
7 Examination Examination 5
8 Backup Backup 5
9 Preservation Preservation 4
Investigation Team 9
10 Investigation Team Forensic examiner 1
Examiner 1
Evidence integrity 1
11 Integrity
Integrity 2
Resources 1
12 Source
Source 5
13 Evidence Evidence 6
Event 4
14 Drone Incident
Drone Incident 5
15 Hashed Value Hashed Value 3
16 Rehashing Rehashing 3
Log file 8
17 Log File
database log file 1
Incident response 1
18 Incident Responding
Incident responding 1
Drone 7
19 Drone
UAV 5
Court 5
20 Court
Court of law 2
21 Live Response Live response 3
Forensic Techniques 2
22 Forensic Technique
Investigation extraction methods 1
23 Timeline Timeline 5
24 Interview Interview 2
25 Volatile Artefact Volatile artefact 2
26 Nonvolatile Artefact Nonvolatile Artefact 2
27 Decision Decision 2
Forensic report 1
28 Report Report 2
Final forensic report 1
29 Artefact Artefacts 3
30 Live Acquisition live acquisition 2
31 Dead Acquisition Dead acquisition 2
32 Hybrid Acquisition Hybrid acquisition 2
Total 150
Bold shows total of common process and concepts.

comparison of its performance with other models proposed framework (DRFRF) and the existing
[50]. This comparison aims to identify any DRF models. It is very clear that DRFRF is a
missing concepts in the proposed framework and comprehensive framework and can work in both
ensure it has sufficiently broad coverage. Table 4 forensic perspectives, i.e., proactive forensics and
shows the results of the comparison between the reactive forensics.
Computational Intelligence and Neuroscience 9

Phase 1: Phase 2: Phase 3:

Preparation & Monitoring & Preservation Stage Examination & Analysis Stage
Capturing Stage
Captured Data Rehashing Captured Data

Drones
No Check

Logfile 1
Authenticity

Logfile-N
Logfile 2
of Data

Monitoring
Yes
Rebuild timeline of events

Evidence Stage
Perform Hashing
Extract Evidences

Capturing Data Sealing the Evidences

Capturing Component

Volatile Nonvolatile
Data Data Hashed Log files Phase 4:
Documentation & Reporting
Stage
Logfiles
Stage 2 (Reactive Forensic):
Stage 1 (Proactive Forensic): Before Drone Crime Happened After Drone Crime Happened

Figure 2: Drone forensic readiness framework (DRFRF).

4. Discussion given that the chain-of-custody and chain-of-analysis can

be proven at any requested time. Furthermore, the in-
Through this study, DRF field has suffered from lacking a tegrity and reliability of any potential evidence are en-
forensic readiness framework to structure, organize, and sured within the preincident and during incident
unify the DRF field from a readiness perspective, as response processes. The integrated framework of the
revealed previously in Section 2. Therefore, this study proposed DRFRF is further presented in Figure 2. The
proposed a comprehensive forensic readiness framework output from Stage I is primarily defined as the input to
for DRF field. To develop the DRFRF, the Design Science Stage II where chain-of-custody and chain-of-evidence
Research (DSR) has been adapted from [37]. Further- are ensured, respectively. Often, the postincident process
more, the sequence of the processes to follow, particularly is relegated to an afterthought which, potentially leads to
for first responders, in a drone-related crime/incident is a repeated drone incident. Therefore, the proposed
clearly defined in Stage I of the proposed framework framework can be defined as a comprehensive framework
DRFRF. These phases of the framework can be extended that could be used to preempt, prepare for, and prevent a
to align with the digital forensic readiness phase of the drone incident occurrence.
ISO/IEC 27043 standards [26]. Forensic readiness could Without discounting the aforementioned capabilities
introduce a standardized approach to potential evidence of DRFRF, the authors of this paper take a step to explore
reliability and extraction before incident occurrence the advantages of DRFRF that supersedes the existing
(premortem). Therefore, the phases of the preincident models and the limitations. It is important to note that
response of the proposed framework DRFRF can be the limitations that have been identified have carefully
further extended to accommodate organization pre- been analyzed and positioned to be relevant for inclusion
paredness against drone downtime while providing re- as future work beforehand.
liable content that could otherwise have been lost. An The DRFRF has been juxtaposed as a comprehensive
example of this assertion is the monitoring and capturing framework that has major inclusion and integration of
of volatile data of drone devices. The integration of a processes and concepts that have been suggested by
methodical approach towards potential evidence iden- existing drone investigation models. While it is important
tification, collection, and storage in a preincident can be to acknowledge that these models have offered very
used to address the problem of volatile and nonvolatile significant insights towards the development of DRFRF,
evidence preservation. Another core fundamental com- we put across one core advantage that DRFRF holds.
position of the proposed DRFRF is the integration of DRFRF is able to cover preincident preparation that has
forensic soundness into drone incident investigation. The explicitly been presented at a readiness phase. This phase
forensic soundness assurance can provide a reliable not only is able to shorten the process of conducting an
corroborative substance, beyond any reasonable doubt, investigation in drones but also saves time due to the
 10

Table 4: Comparison between the exiting DRF models and DRFRF.

Existing DRF models
Proposed DRFRF
[13] [15] [11] [10] [39] [14] [18] [16] [17] [40] [19] [24] [9] [42] [22] [23] [43] [21] [25] [26] [41] [27] [28] [29] [30] [32] [33] [34] [44] [45] [46]
Stage1 proactive forensics ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘
Stage 2: reactive forensics ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
Computational Intelligence and Neuroscience
Computational Intelligence and Neuroscience 11

availability of forensic evidence when needed. Addi- Data Availability

tionally, the scope of the major phases in the proposed
DRFRF (monitoring & capturing phase, and preservation All the data used to support the study are included within the
phase, examination and analysis phase, documenting and article.
reporting phase) have been described well based on their
functionalities, where DRFRF hold an advantage of Conflicts of Interest
leveraging the prescribed guidelines for information
technologies, incident investigation techniques, and The authors declare that they have no conflicts of interest.
processes that explicitly are adapted verbatim from
ISO7IEC 27043. Next, the DRFRF has room for further Acknowledgments
integration, which means it is easy to incorporate other
suitable processes because of how the different phases The authors extend their appreciation to the Deputyship for
have been classified and as a result, the DRFRF activities Research & Innovation, Ministry of Education in Saudi
accept other processes that can be deemed as essential Arabia for funding this research work through the project
during integration. number IFPRC-062-611-2020 and King Abdulaziz Univer-
At the time of writing this paper, there currently does not sity, DSR, Jeddah, Saudi Arabia.
exist specific guidelines or standards that address incident
response categorically and as such, incident response can References
only be encapsulated in ISO/IEC 27043 investigative process
classes from a generic perspective. This is a current limi- [1] V. R. Kebande, N. M. Karie, R. A. Ikuesan, and H. S. Venter,
tation of this framework. However, an inclusion or adoption “Ontology-driven perspective of CFRaaS,” Wiley Interdisci-
of these (standardized) guidelines will be inevitable. plinary Reviews: Forensic Science, vol. 2, Article ID e1372,
2020.
[2] V. R. Kebande and H. S. Venter, “A comparative analysis of
5. Conclusion digital forensic readiness models using CFRaaS as a baseline,”
Wiley Interdisciplinary Reviews: Forensic Science, vol. 1, no. 6,
Drone forensics has grown tremendous care from aca- Article ID e1350, 2019.
demics working in this field. Drone Forensics (DRF) is a [3] A. Valjarevic, “Harmonised digital forensic investigation
significant field that encompasses the investigations for process model,” in Proceedings of the Information Security for
South Africa, pp. 1–10, Johannesberg, South Africa, August
identifying and discovering drone crimes. Several models
2012.
and techniques have been proposed for the DRF field. These [4] V. R. Kebande, N. M. Karie, and H. S. Venter, “Adding digital
techniques and models use the interior logs of devices and forensic readiness as a security component to the IoT do-
their controllers to recognize any malicious action. They main,” International Journal on Advanced Science Engineering
can duplicate the flight routes that can be used by experts and Information Technology, vol. 8, no. 1, 2018.
during forensic investigates. The verification and security [5] H. Munkhondya, A. Ikuesan, and H. Venter, “Digital forensic
of drones have also been improved to avoid intrusion. readiness approach for potential evidence preservation in
However, the literature lacks a standardized forensics software-defined networks,” in Proceedings of the ICCWS 2019
model/framework to deal with different drone crimes. 14th International Conference on Cyber Warfare and Security:
Therefore, this study provided a novel forensic readiness ICCWS, vol. 268, Louise, Leenen, February 2019.
[6] A. R. Ikuesan, S. Abd Razak, M. Salleh, and H. S. Venter,
framework that can be applied to the DRF field to deal with
“Leveraging human thinking style for user attribution in
drone crimes from both preincident and after-incident digital forensic process,” International Journal of Advanced
perspectives. The proposed DRFRF consists of two stages: Science, Engineering and Information Technology, vol. 7, no. 1,
(I) proactive forensics stage and (II) reactive forensics pp. 198–206, 2017.
stage. The production from Stage I is mainly well-defined as [7] A. Singh, A. R. Ikuesan, and H. S. Venter, “Digital forensic
the input to Stage II where chain-of-custody and chain-of- readiness framework for ransomware investigation,” Lecture
evidence are guaranteed correspondingly. Frequently, the Notes of the Institute for Computer Sciences, Social Informatics
postincident process is referred to as an afterthought and Telecommunications Engineering, vol. 259, pp. 91–105,
which, theoretically, leads a frequent drone crime. Thus, the 2019.
proposed framework can be defined as a comprehensive [8] A. Al-Dhaqm, R. A. Ikuesan, V. R. Kebande, S. Razak, and
framework that could be used to preempt, prepare for, and F. M. Ghabban, “Research challenges and opportunities in
drone forensics models,” Electronics, vol. 10, no. 13, p. 1519,
prevent a drone incident occurrence. The proposed
2021.
framework DRFRF was validated through a comparison [9] H. Bouafif, F. Kamoun, F. Iqbal, and A. Marrington, “Drone
with other existing models. To demonstrate the effective- forensics: challenges and new insights,” in Proceedings of the
ness of the proposed DRFRF, a real scenario is required; 2018 9th IFIP International Conference on New Technologies,
thus, the future work of this study will focus on the Mobility and Security (NTMS), pp. 1–6, Paris, France,
implementation of the DRFRF in a real case. February 2018.
12 Computational Intelligence and Neuroscience

[10] D. Kovar, G. Dominguez, and C. Murphy, UAV (Aka Drone) Electromagnetic Compatibility (EMC EUROPE), pp. 48–52,
Forensics, pp. 23-24, SANS DFIR Summit, Austin, TX, USA, Amsterdam, Netherlands, August 2018.
2016. [27] A. Fitwi, Y. Chen, and N. Zhou, “An agent-administrator-
[11] V. Mhatre, S. Chavan, A. Samuel, A. Patil, A. Chittimilla, and based security mechanism for distributed sensors and drones
N. Kumar, “Embedded video processing and data acquisition for smart grid monitoring,” Signal Processing, Sensor/Infor-
for unmanned aerial vehicle,” in Proceedings of the 2015 mation Fusion, and Target Recognition XXVIII, vol. 11018,
International Conference on Computers, Communications, p. 19, 2019.
and Systems (ICCCS), pp. 141–145, Kanyakumari, India, [28] Z. V. Jones, C. Gwinnett, and A. R. W. Jackson, “The effect of
November 2015. tape type, taping method and tape storage temperature on the
[12] A. Roder, K.-K. R. Choo, and N.-A. Le-Khac, “Unmanned retrieval rate of fibres from various surfaces: an example of
aerial vehicle forensic investigation process: dji phantom 3 data generation and analysis to facilitate trace evidence re-
drone as a case study,” 2018, https://arxiv.org/abs/1804.08649. covery validation and optimisation,” Science & Justice, vol. 59,
[13] G. Horsman, “Unmanned aerial vehicles: a preliminary no. 3, pp. 268–291, 2019.
analysis of forensic challenges,” Digital Investigation, vol. 16, [29] F. E. Salamh and M. Rogers, “Drone disrupted denial of
pp. 1–11, 2016.
service attack (3DOS): towards an incident response and
[14] T. Procházka, “Capturing, visualizing, and analyzing data
forensic analysis of remotely piloted aerial systems (RPASs),”
from drones,” Bachelor Thesis, 2016.
in Proceedings of the 2019 15th International Wireless Com-
[15] M. Mohan, Cybersecurity in Drones, Utica College, Utica, NY,
USA, 2016. munications and Mobile Computing Conference, pp. 704–710,
[16] U. Jain, M. Rogers, and E. T. Matson, “Drone forensic Tangier, Morocco, June 2019.
framework: sensor and data identification and verification,” in [30] J. L. Esteves, “Electromagnetic watermarking: exploiting IEMI
Proceedings of the 2017 IEEE Sensors Applications Symposium effects for forensic tracking of UAVs,” in Proceedings of the
(SAS), pp. 1–6, Glassboro, NJ, USA, April 2017. 2019 International Symposium on Electromagnetic Compati-
[17] D. R. Clark, C. Meffert, I. Baggili, and F. Breitinger, “DROP bility - EMC EUROPE, pp. 1144–1149, Barcelona, Spain,
(DRone open source parser) your drone: forensic analysis of September 2019.
the DJI phantom III,” Digital Investigation, vol. 22, pp. S3– [31] N. Mei, Unmanned Aircraft Systems Forensics Framework An
S14, 2017. Approach To Unmanned Aircraft Systems Forensics Frame-
[18] S. E. Prastya, I. Riadi, and A. Luthfi, “Forensic analysis of work, Capitol Technology University, Laurel, MD, USA,
unmanned aerial vehicle to obtain GPS log data as digital Dissertations & Theses, 2019, http://ezproxy.libproxy.db.
evidence,” International Journal of Computer Science and erau.edu/login?url=https://search-proquestcom.ezproxy.lib
Information Security, vol. 15, pp. 280–285, 2017. proxy.db.erau.edu/docview/2248709206?accountid=27203.
[19] M. Llewellyn, DJI Phantom 3-drone Forensic Data Explora- [32] F. Le Roy, C. Roland, D. Le Jeune, and J.-P. Diguet, “Risk
tion, Edith Cowan University, Perth, Australia, 2017. assessment of SDR-based attacks with UAVs,” in Proceedings
[20] A. L. P. S. Renduchintala, A. Albehadili, and A. Y. Javaid, of the 2019 16th International Symposium on Wireless Com-
“Drone forensics: digital flight log examination framework for munication Systems (ISWCS), vol. 2019, pp. 222–226, Oulu,
micro drones,” in Proceedings of the 2017 International Finland, August 2019.
Conference on Computational Science and Computational [33] S. Sciancalepore, O. A. Ibrahim, G. Oligeri, and R. Di Pietro,
Intelligence (CSCI), pp. 91–96, Las Vegas, NV, USA, “Detecting drones status via encrypted traffic analysis,” in
December 2017. Proceedings of the ACM Workshop on Wireless Security and
[21] T. E. A. Barton and M. A. Hannan Bin Azhar, “Forensic Machine Learning - WiseML 2019, no. 1, pp. 67–72, New York,
analysis of popular UAV systems,” in Proceedings of the 2017 NY, USA, May 2019.
Seventh International Conference on Emerging Security [34] F. Lakew Yihunie, A. K. Singh, and S. Bhatia, “Assessing and
Technologies (EST), pp. 91–96, Canterbury, UK, September exploiting security vulnerabilities of unmanned aerial vehi-
2017.
cles,” Smart Systems and IoT: Innovations in Computing,
[22] K. G. Maune, A Project Completed as Part of the Requirements
vol. 141, pp. 701–710, 2020.
for BSc (Hons) Computer Forensic Investigation, 2018, https://
[35] N. R. Mistry and H. P. Sanghvi, “Drone forensics: investigative
citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.1025.4878&
guide for law enforcement agencies,” International Journal of
rep=rep1&type=pdf (accessed on 3 March 2021).
Electronic Security and Digital Forensics, vol. 13, no. 3,
[23] S. Benzarti, B. Triki, and O. Korbaa, “Privacy preservation and
drone authentication using Id-Based Signcryption,” Frontiers pp. 334–345, 2021.
in Artificial Intelligence, vol. 303, pp. 226–239, 2018. [36] C.-C. Yang, H. Chuang, and D.-Y. Kao, “Drone forensic
[24] A. Renduchintala, F. Jahan, R. Khanna, and A. Y. Javaid, “A analysis using relational flight data: a case study of DJI Spark
comprehensive micro unmanned aerial vehicle (UAV/Drone) and mavic Air,” Procedia Computer Science, vol. 192,
forensic framework,” Digital Investigation, vol. 30, pp. 52–72, pp. 1359–1368, 2021.
2019. [37] S. T. March and G. F. Smith, “Design and natural science
[25] E. S. Dawam, X. Feng, and D. Li, “Autonomous arial vehicles research on information technology,” Decision Support Sys-
in smart cities: potential cyber-physical threats,” in Pro- tems, vol. 15, no. 4, pp. 251–266, 1995.
ceedings of the 2018 IEEE 20th International Conference on [38] A. Al-Dhaqm, S. Razak, S. H. Othman, A. Ngadi,
High Performance Computing and Communications; IEEE M. N. Ahmed, and A. Ali Mohammed, “Development and
16th International Conference on Smart City, pp. 1497–1505, validation of a database forensic metamodel (DBFM),” PLoS
Exeter, UK, June 2018. One, vol. 12, no. 2, Article ID e0170793, 2017.
[26] J. L. Esteves, E. Cottais, and C. Kasmi, “Unlocking the access [39] M. Maarse, L. Sangers, J. van Ginkel, and M. Pouw, Digital
to the effects induced by IEMI on a civilian UAV,” in Pro- forensics on a DJI Phantom 2 Vision+ UAV, University of
ceedings of the 2018 International Symposium on Amsterdam, Amsterdam, Netherlands, 2016.
Computational Intelligence and Neuroscience 13

[40] A. Bucknell and T. Bassindale, “An investigation into the

effect of surveillance drones on textile evidence at crime
scenes,” Science & Justice, vol. 57, no. 5, pp. 373–375, 2017.
[41] A. L. P. S. Renduchintala, A. Albehadili, and A. Y. Javaid,
“Drone forensics: digital flight log examination framework for
micro drones,” in Proceedings of the 2017 International
Conference on Computational Science and Computational
Intelligence (CSCI), pp. 91–96, NV, USA, December 2017.
[42] A. Roder, K.-K. R. Choo, and N.-A. Le-Khac, “Unmanned
aerial vehicle forensic investigation process: Dji Phantom 3
drone as a case study,” pp. 1–14, 2018.
[43] İ. Gülataş and S. Baktır, “Unmanned aerial vehicle digital
forensic investigation framework,” Journal of Naval Archi-
tecture and Marine Engineering, vol. 14, no. 1, pp. 32–53, 2018.
[44] X. Shi, C. Yang, W. Xie, C. Liang, Z. Shi, and J. Chen, “Anti-drone
system with multiple surveillance technologies: architecture,
implementation, and challenges,” IEEE Communications Maga-
zine, vol. 56, no. 4, pp. 68–74, 2018.
[45] I. Guvenc, F. Koohifar, S. Singh, M. L. Sichitiu, and
D. Matolak, “Detection, tracking, and interdiction for ama-
teur drones,” IEEE Communications Magazine, vol. 56, no. 4,
pp. 75–81, 2018.
[46] G. Ding, Q. Wu, L. Zhang, Y. Lin, T. A. Tsiftsis, and Y.-D. Yao,
“An amateur drone surveillance system based on the cognitive
Internet of Things,” IEEE Communications Magazine, vol. 56,
no. 1, pp. 29–35, 2018.
[47] A. Al-Dhaqm, S. Razak, S. H. Othman et al., “CDBFIP:
common database forensic investigation processes for in-
ternet of things,” IEEE Access, vol. 5, pp. 24401–24416, 2017.
[48] A. Al-Dhaqm, S. Razak, K. Siddique, R. A. Ikuesan, and
V. R. Kebande, “Towards the development of an integrated
incident response model for database forensic investigation
field,” IEEE Access, vol. 99, 2020.
[49] A. Al-Dhaqm, S. Razak, R. A. Ikuesan, V. R. Kebande, and
S. Hajar Othman, “Face validation of database forensic in-
vestigation metamodel,” Infrastructure, vol. 6, no. 2, p. 13,
2021.
[50] R. G. Sargent, “Model verification and validation,” Modeling
and Simulation in the Systems Engineering Life Cycle,
pp. 57–65, 2015.