25 Jun 2018

Drone Forensics: Interview With David Kovar

Mobile data forensics company MSAB has announced a new partnership with Kovar and Associates to expand the drone forensics capabilities offered by MSAB. David Kovar, the president and founder of Kovar & Associates, is a leading expert on drone forensics and he will serve as a subject matter expert and consultant to MSAB.

By Tom Dent-Spargo

shutterstock
welcomia / Shutterstock.com


MSAB’s leading products are XRY – which enables users to extract data from mobile devices – and XAMN Spotlight – which is the analytical tool for analysing the extracted data. Now that XRY can support extraction of data from drones, Kovar and Associates have been brought in to help capitalise on this new frontier, and the unique industry that is drone forensics, used to counter the growing problem of unmanned aerial vehicles (UAVs) being used for illegal activities such as smuggling contraband into prisons.

David Kovar leads the development of Unmanned and Robotics Systems Analysis (URSA), a suite of tools designed to collect, integrate, analyse, and present UAV related data for many purposes including fleet management, criminal investigations, failure analysis, and predictive analysis. He has worked in digital forensics and cyber security since the mid 1990s and, prior to founding his own company, led EY’s US incident response program. He speaks to the Robotics Law Journal about drone forensics and the new partnership with MSAB.

 

Robotics Law Journal: What is drone forensics?

David Kovar: Drone forensics, more properly called unmanned aerial vehicle (UAV) forensics is the science and associated Tactics, Techniques, and Procedures (TTP) of extracting and analysing data from unmanned aerial vehicles in a forensically sound manner to support and conduct investigations into its activity and history. It is a subset of unmanned vehicle forensics and, since the line between unmanned vehicles and robots is often blurred, it is related to robot forensics. This led to the name of our company: Unmanned and Robotics Systems Analysis (URSA).

 

RLJ: What is the history of drone forensics?

DK: The military was clearly interested in analysing their own UAVs for failure investigations and captured UAVs for intelligence purposes and so were the first to conduct drone forensics. In the commercial/public space I think I was the first person to publicly speak on the topic. My goal was to start the conversation about the reasons we needed to develop this capability, what tools we might need, and how to align it with existing forensics practices rather than developing a completely new field.

How do drone forensics interact with drone laws and regulations, as well as with the law enforcement agencies?
Drone forensics, regulations, and law enforcement agencies are three sides of a triangle. Without the other two components, any one component lacks support. Laws and regulations define what we can and cannot do with drones and so sets the boundaries for legal and/or appropriate use. Law enforcement agencies apply these laws to drone related incidents and, if they decide to proceed with an investigation, they utilise drone forensics to acquire the evidence required by the laws to make the case or determine that there was no illegal activity. Drone forensics, as we’ve practiced it to date, has mostly been about acquiring and presenting as much data as possible. Now, as more agencies are utilising drone forensics tools, we have the opportunity to work with law enforcement to tune and adapt the tools to specific requirements based on real world cases.

 

RLJ: Can you tell me about the suite of tools that is URSA?

DK: URSA is the overarching company and we’re working on a variety of data analytics tools, the first of which is Idetic UAV, our drone forensics platform. Idetic UAV consists of the following layers:

  • Extraction – Extract data from the drone or related device
  • Input – Identify the source of the data and call the appropriate parser modules
  • Parser – Using the information from the input layer, parse the extracted data into an intermediate format
  • Normalisation – Using our own taxonomy, convert the data into a common, well defined format so that queries against the dataset can be vendor and model agnostic as much as possible
  • Output/API – Make the data available for integration with other systems or directly available to clients in the appropriate form (JSON, CSV, proprietary, etc.)

At the moment, we do not provide a client other than for internal use. We do consulting work using MATLAB on top of this framework, for example. And this is where the relationship with MSAB comes into play.

 

RLJ: How did the agreement to work with MSAB come about?

DK: We were fortunate to encounter one of MSAB’s executives at a counter UAS (CUAS) evaluation event run by a US government agency last year. He recognised that the capabilities that we were demonstrating in our in-house tools were well ahead of everyone else in the market, and he realised that combining MSAB’s years of experience in mobile digital forensics and their deep UX/UI experience with our UAV forensics experience and capability could be a winning combination.

 

RLJ: What will the partnership hope to achieve?

DK: We believe the partnership will play to each organisation’s strengths to bring to market an incredibly powerful and easy-to-use tool for military, intelligence, and law enforcement investigators. With MSAB focusing on UX/UI, customer training, engagement, and support they are freeing URSA up to focus on our core competencies: unlocking previously difficult to obtain data, creating meaning from that data, and communicating about it clearly and accurately.

 

RLJ: What services are you augmenting MSAB with?

DK: URSA brings a deep knowledge of UAV operations as well as UAV operational (aka telemetry) data to the partnership along with a commitment to be the best source for that data. Freed from the need to build a large customer facing organisation, we can continue to conduct research and development efforts aimed at more efficiently and accurately acquiring data from unmanned systems and making sense of it.

 

RLJ: How important will drone forensics be in the future?

DK: Threat actors have been using consumer drones for malicious purposes in conflict situations since 2014, starting with simple surveillance and graduating to delivering munitions. Very recently, a swarm of home built drones attacked a Russian airbase, damaging aircraft and injuring personnel. Prisons all over the world are struggling to combat consumer drones that are being used to deliver contraband to prisoners. These trends and other criminal use will continue to increase. As drone delivery services come online along with other commercial uses, and as more unmanned vehicles mix with manned vehicles, we will be required to conduct investigations into failures, accidents, malicious applications, and possible violations of regulations. 

As we saw with mobile devices ten years ago, well-designed tools, good processes, and unbiased and thoughtful experts are required to address the growing investigative demands created by the explosion in drones and their applications.

 

RLJ: How many other services offer forensics? Is this likely to increase?

DK: A variety of firms appear to offer services relating to drone forensics. It is hard at this time to evaluate their true capabilities. Several vendors offer applications that provide some drone forensics capabilities – MSAB, Oxygen, and Cellebrite are the three major ones. We believe that the MSAB/URSA partnership is the only combination of an application vendor with a data analytics firm that has its roots deep in the operational side of drones as well as the cybersecurity side. I’m certain that other service firms will spring up as demand increases and that other vendors will add some capabilities to their offerings. Catching up with MSAB is likely to be difficult.

 

RLJ: Any predictions for the drone industry or for drone forensics in 2018?

DK: Many, and none. Lots of very talented people and firms have been making predictions for years. The fact is that we lack sufficient data and a stable enough regulatory environment to make sound predictions.

Many people and firms are addressing the past and current threats. Anyone interested in drone forensics, as a developer or investigator, should be thinking about the threats we will face in the next three to five years, not just from drones but from automated and robotic systems in general. Academia and commercial interests are driving state of the art forward at a rapid pace. Unfortunately, this is very much dual-use technology. Improving UAV AI systems for package delivery also enables improved delivery of contraband or other malicious payloads.

 


related topics