Anomaly Detection on Drone Forensic Timeline with Sigma Rules

Hudan Studiawan*, Ahmad Firdaus, Baskoro A. Pratomo, Tohari Ahmad

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Citations (Scopus)

Abstract

Drones, also known as UAVs (unmanned aerial vehicles), are unmanned devices that provide unique functionality, enabling area surveillance, inspections, and surveys. In recent years, the rapid growth of drones has also raised several security concerns related to illegal activities, making them a source of evidence. Therefore, it is very important for digital forensic examiners to have the ability to analyze the source of content stored on drones. If the drone encounters a problem or has an accident, it is necessary to carry out a forensic analysis of the device. In this paper, we build a drone forensic timeline using the log2timeline plaso. This timeline records all drone activities. We then propose to apply Sigma rules to detect anomalies in the drone timeline. With this technique, digital forensic examiners can detect anomalous activities that occur on drones.

Original languageEnglish
Title of host publication2023 International Conference on Emerging Smart Computing and Informatics, ESCI 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665475242
DOIs
Publication statusPublished - 2023
Event5th International Conference on Emerging Smart Computing and Informatics, ESCI 2023 - Pune, India
Duration: 1 Mar 20233 Mar 2023

Publication series

Name2023 International Conference on Emerging Smart Computing and Informatics, ESCI 2023

Conference

Conference5th International Conference on Emerging Smart Computing and Informatics, ESCI 2023
Country/TerritoryIndia
CityPune
Period1/03/233/03/23

Keywords

  • anomaly detection
  • drone forensics
  • forensic timeline
  • sigma rules

Fingerprint

Dive into the research topics of 'Anomaly Detection on Drone Forensic Timeline with Sigma Rules'. Together they form a unique fingerprint.

Cite this