DroneXtract is a comprehensive digital forensics suite for DJI drones made with Golang. It can be used to analyze drone sensor values and telemetry data, visualize drone flight maps, audit for criminal activity, and extract pertinent data within multiple file formats.
DroneXtract features four main suites for drone forensics and auditing. They include the following:
You can visualize and extract information from DJI file formats such as CSV, KML, and GPX using the parsing tool. The parsed information can be saved into an alternative file format when inputted an output file path. The image below includes an example of a parsed file output and the type of data extracted from the file.
Steganography refers to the process of revealing information stored within files. The DroneXtract steganography suite allows you to extract telemetry and valuable data from image and video formats. Additionally, the extracted data can be exported to four different file formats.
The telemetry visualization suite contains a flight path mapping generator and a telemetry graph visualizer. The flight path mapping generator creates an image of a map indicating the locations the drone traveled to enroute and the path it took. The telemetry graph visualizer plots a graph for each of the relevant telemetry or sensor values to be used for auditing purposes.
The flight and integrity analysis tool iterates through all the telemetry values the drone logged during its flight. Once the values are collected, it calculates the maximum variance assumed by the value and checks for suspicious data gaps. This tool can be used to check for anomalous data or any file corruption that may have taken place.
To build from source, you will need Go installed.
$ export GO111MODULE=on
$ go get ./...
$ go run main.goIn order to parse out DJI flight .TXT logs, please use Airdata's Flight Data Analysis tool.
- Airdata CSV output file can be used for the CSV parser, flight path map, and telemetry visualizations
- Airdata KML output file can be used for the KML parser
- Airdata GPX output file can be used for GPX parser
There are a set of environment variables utilized in DroneXtract. In order to tailor the values to your specific drone / investigation scenario, you can go to the .env file and adjust the following values:
TELEMETRY_VIS_DOWNSAMPLE downsampling number for values to be used for telemetry visualization
FLIGHT_MAP_DOWNSAMPLE downsampling number for values to be used for flight path mapping
ANALYSIS_DOWNSAMPLE downsampling number for values to be used for integrity analysis
ANALYSIS_MAX_VARIANCE maximum variance allowed between max and min value for analysis values
To learn more about DJI drone digital forensics and the features of DroneXtract, refer to this article.
DroneXtract is open to any contributions. Please fork the repository and make a pull request with the features or fixes you want to be implemented.
DroneXtract contains testing files for all four suites. An example command set for testing the steganography suite
$ cd steganography
$ go testExample files for testing are included in the test-data directory.
If a specific test case includes an output such as a file or image, it will be stored within the output directory.
There are already some files contained in the output for reference purposes.
- DUML parser for firmware integrity checking
- DJI Flight Log TXT parsing for the parsing suite
- GEOJSON parsing output for SRT files in the steganography suite
If you enjoyed DroneXtract, please consider becoming a sponsor in order to fund my future projects.
To check out my other works, visit my GitHub profile.