TY - GEN
T1 - Anomaly Detection on Drone Forensic Timeline with Sigma Rules
AU - Studiawan, Hudan
AU - Firdaus, Ahmad
AU - Pratomo, Baskoro A.
AU - Ahmad, Tohari
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Drones, also known as UAVs (unmanned aerial vehicles), are unmanned devices that provide unique functionality, enabling area surveillance, inspections, and surveys. In recent years, the rapid growth of drones has also raised several security concerns related to illegal activities, making them a source of evidence. Therefore, it is very important for digital forensic examiners to have the ability to analyze the source of content stored on drones. If the drone encounters a problem or has an accident, it is necessary to carry out a forensic analysis of the device. In this paper, we build a drone forensic timeline using the log2timeline plaso. This timeline records all drone activities. We then propose to apply Sigma rules to detect anomalies in the drone timeline. With this technique, digital forensic examiners can detect anomalous activities that occur on drones.
AB - Drones, also known as UAVs (unmanned aerial vehicles), are unmanned devices that provide unique functionality, enabling area surveillance, inspections, and surveys. In recent years, the rapid growth of drones has also raised several security concerns related to illegal activities, making them a source of evidence. Therefore, it is very important for digital forensic examiners to have the ability to analyze the source of content stored on drones. If the drone encounters a problem or has an accident, it is necessary to carry out a forensic analysis of the device. In this paper, we build a drone forensic timeline using the log2timeline plaso. This timeline records all drone activities. We then propose to apply Sigma rules to detect anomalies in the drone timeline. With this technique, digital forensic examiners can detect anomalous activities that occur on drones.
KW - anomaly detection
KW - drone forensics
KW - forensic timeline
KW - sigma rules
UR - http://www.scopus.com/inward/record.url?scp=85158113520&partnerID=8YFLogxK
U2 - 10.1109/ESCI56872.2023.10100018
DO - 10.1109/ESCI56872.2023.10100018
M3 - Conference contribution
AN - SCOPUS:85158113520
T3 - 2023 International Conference on Emerging Smart Computing and Informatics, ESCI 2023
BT - 2023 International Conference on Emerging Smart Computing and Informatics, ESCI 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th International Conference on Emerging Smart Computing and Informatics, ESCI 2023
Y2 - 1 March 2023 through 3 March 2023
ER -