UAV (Drone) Forensic Analysis

32 Hours / 4-Day

UAV (Drone) Forensics is an advanced-level course offered by Spyder Forensics. ​ The course focuses on identifying and extracting retrievable data from Unmanned Aircraft Vehicles (UAVs) and their associated control devices. ​ Participants will learn about the operation of UAVs, best practices for data extraction and analysis, and techniques for collecting data from within the aircraft and the associated mobile device. ​ The course prioritizes non-destructive processes and provides industry-standard tools for forensic analysis. ​ Upon completion of the course, participants will be proficient in analyzing flight logs and user data, and producing reports fit for use in criminal justice proceedings. ​ The course is specialized, advanced, and certification-based, with a duration of 4 days. ​ Minimal experience in forensic examinations is recommended as a prerequisite for this course. ​

InquireRegister for an upcoming class

Introduction to UAV Forensics

  • Introduction to sUAS
  • Criminal use of UAV’s
  • Manufacturers variables
  • Attack vectors – risks to public safety
  • Drone adaptation
  • Capacity & Capability of drones
  • Health & Safety – Handling & Seizure
  • Health & Safety – LiPo Batteries
  • Linked devices – Controller Considerations
  • Digital vs. Physical Evidence
  • Packaging / Storage & Continuity
  • Understanding how flight logs are created & updated
    • Aircraft power on a flowchart.

Components of sUAS

  • Components and features of small unmanned aircraft systems(sUAS)
  • Controller options
    • Mobile and Tablet Devices
    • Bespoke flight controllers
    • Integrated displays
    • FPV controllers
  • Autonomous flights
    • Return-to-home feature
    • WiFi controls
    • Signal interception.

Extraction Techniques

  • Extraction of data from the aircraft
  • Extraction of data from the mobile \ tablet device
  • Extraction of controller data
  • Disassembling techniques
    • Arguments for and against
  • Advanced extractions using CFID and Raven devices
  • Using File Transfer Protocols (FTP) to extract UAV data
  • Advanced exploitation of communcations ports to access data

Interpretation of Data

  • Techniques in using open source and commercial forensic tools to review UAV data
    • Interpretation of data contained on the UAV
      • File System considerations
      • Registered user information
      • Aircraft details
      • Flight log analysis techniques
    • Interpretation of data from portable devices
      • Default folder structures of the controlling app from an Android and iOS device
      • Synchronized logs vs. local logs
      • Error log analysis
      • Media file examination (geolocations and dates & times)
      • Workflows in combining offline files for further analysis
    • Techniques in the interpretation of additional data on other devices.

Advanced Analysis Techniques

  • Flight recorder “Blackbox” log analysis
  • PixHawk flight controller extractions and examinations
  • Advanced DJI FTP extraction techniques
  • Off-line decryption of DJI flight logs
  • Custom build Drone analysis
  • Linking hardware devices within the sUAS
  • Simplification of data – graphical representation
  • Bespoke UAV data analysis 

Report Writing

  • Glossary of terms
  • Overview of UAV report considerations
  • Report writing practical

Final Assessment

  • Graded student knowledge assessment
  • Graded UAV examaintion practical


To get the most out of this class, you should:

  • Have 6 months experience of forensic examinations
  • Be familiar with the Windows Operating system.

Request the Syllabus

Contact Spyder Forensics for more details of the course.

Hosting Courses

If you are interested in hosting this, or any of our courses at your facility, contact us.

Ready to get started?