Drone Forensics and AI: David Kovar from URSA

In Drone Forensics and AI, Drone Law Top Level Categories by Enrico Schaefer

Drone Forensics

Enrico Schaefer: Welcome to Drone Law Pro Radio. Today we’re here with David Kovar. David is the founder of Kovar and Associates back in the day and now URSA, which is Unmanned and Robotic Systems Analysis. He is a really interesting guest because there’s a lot of activity and a lot of discussion around pilots and federal regulations, Part 107 regulations on the pilot side.  But David and URSA are involved in something that’s actually really unique in unmanned. And I want to talk to him today a little bit about the data side and the forensics side and the predictive side of what happens with UAS operations in flight. So, David, with that, do a little bit of introduction for yourself. Tell us a little bit about your background and what’s going on at URSA Inc. these days.

A History of Data Science and Forensics

David Kovar: Absolutely, and thank you very much for the opportunity. I’ve been doing digital forensics and cyber security in general for over 15 years, supporting investigations and response for everybody from small businesses to individuals to Fortune 50 companies. I got interested in UAVs in about 2015 with the Phantom II and I realized there was a significant amount of data on those devices that would be of interest to a variety of people, particularly people who needed to understand how it behaved, where it came from, and who was operating it.

Our primary initial people that we were engaging with were law enforcement. And this was back before anybody realized how these devices could be used maliciously or carelessly or cluelessly. So I spent essentially two years doing presentationsand other organizations about what was possible and how to go about conducting investigations. In the 2017-2018 time frame I set up URSA and really focused on developing not only tools and processes for conducting investigations all up on manned systems but also really building out the team and our experience to support that sort of investigation as well.

Enrico Schaefer:  Let’s break that up a little bit because I think this feeds into so many things that are happening right now in tech. the venture capital activity right now on the data, data analytics and predictive technologies is incredibly hot. And here you are, perfectly positioned in the middle of all of this. So let’s go a little bit further back to the Kovar and Associates days and the 13 or so years prior to that where you are an expert in analyzing and understanding data and meta data and how all of that can become predictive in order to understand what might happen next. Back in the day, data was thought to be this amazing thing. Big data was coming and everyone was so excited.

Well, it turned out big data was too big and no one knew what to do with it. But there were guys and women like you on the back end who were already figuring out how to get your arms around data and understand it at a detail level. Tell us a little bit more about your experience in the data analysis field.

David Kovar: There’s a group of practitioners that you’re referring to, who are essentially digital forensics practitioners. And the best ones that I know came out of the Air Force Office of Special Investigations. And they did forensics by looking at individual bites on spinning hard drives. They started developing the tools and the processes that the rest of us then built on to extract data from a wide variety of digital [license]. And that was very individualistic. You sat down with one device and you looked at it. You figured out what made it tick and what it was doing.

Another part of this practice I also was getting involved with was what is called incident response. Incident response is the art and science of investigating breaches in small or large organizations. And it’s built on the same principles. It’s built on extracting data in a forensically sound manner and making sense of it to make decisions about what happened, what data was exfiltrated and who might have been responsible.

The primary differences are first of all that when you’re doing incident response you’re doing it at scale. You’re looking across the entire organization, potentially every device in the organization — whether it’s a router, a switch, a laptop or a mobile device — and you’re also doing it much quicker so you’re doing it at a little bit more surface level rather than a deep dive. But fundamentally, both of them are about analyzing enormous volumes of data. And as digital forensics has evolved, we’ve been looking at not just gigabyte hard drives but terabyte hard drives and now multiple terabyte file systems.

Making Sense of Big Data

So to your point, we’re looking at massive amounts of data and we’ve been doing this long before big data became a thing.

Enrico Schaefer: Yeah. And it turns out that, you know, it is the situation where I mean really before the big data moniker came onto the scene data was accumulating at exponential rates in ways that many people really didn’t care. About as long as the software worked, as long as the lock worked, as long as the computer worked, they’re happy. But all this data is being recorded and captured on the back end. And so this digital forensic field where you’re getting in — first off, I take it you’ve got to get access to the data. Generally how does that work?

David Kovar: The three phases that we think of are: extract the data, analyze the data, and present the data. So get the data off the system, make sense of it, and then present it in a manner that helps the decision maker do their job. The extraction, if you’re looking at a hard drive, generally means hooking up what we call a [white] blocker, or a device that prevents any data from being written out to that hard drive and sucking all the data off of it.

It’s a little bit more challenging with things like UAVs or other IOT-like devices because they’re using Solid State memory. And getting the data off those systems or those devices requires that the device actually be running. So that’s just one example of how digital forensics has had to evolve over the years. As technology advances, we’ve adjusted our practices.

There are certain examples where you even have to take another step and reverse engineer the device and how to get to it because the manufacturers have done their job and put security controls around the data. Even with security controls in place, forensics examiners do need to get access to the data to make sense of it. And you can see some of this going on and the tension between the FBI and Apple in terms of getting access to certain cell phones.

Forensic Software, System Security & UAV Data

Enrico Schaefer: Exactly. So getting access to the data is somehow interfacing with hardware or databases. What kind of software are we talking about that is used to actually, on some of these more specialized systems such UAVs, unmanned aerial vehicles, or drones as we like to refer to them — who’s got that kind of software that can access these systems?

David Kovar: Very few organizations have access to the high-level cyber security exploits required to get data off of what we call non-cooperating systems. These exploits require some very specialized knowledge to develop and they tend to be very valuable intellectual property. The US government has access to these. They’ve developed some or they buy them. And then some other companies such as ours, we develop our own as well. And then there are other companies like Cellebrite, MSAB and Oxygen that develop the same sorts of things for getting data off of mobile devices.

Enrico Schaefer: Right. So each piece of hardware, each piece of software — sometimes these databases require special tools. It sounds like URSA has special tools that can get the necessary data off drones or UAV.

David Kovar: Correct. And not only have we developed the expertise and the tooling to get data off of these devices, but we’ve developed analytic tools that are unique to these devices. Most, if not all, of the traditional digital forensics tools really are designed to work with Windows or OS X or iOS or various other operating systems that are in common use by the public. There are very few, if any, tools that are specifically designed to work with the types of data that come off of drones and similar devices.

Enrico Schaefer: And you’ve got a proprietary software system that will do that?

Proprietary Forensic Software

David Kovar: We do indeed. We’ve been working on this for over three years with a number of very talented software engineers. There are some open-source solutions out there that are quite good at extracting the data and making a certain amount of sense of it. But the challenge with those is that oftentimes the support is not at the level that a law enforcement agency or a court might require.

Enrico Schaefer: Yeah, because really what we’re talking about here — and I understand this because I’m a litigation attorney who has to sometimes stand up in front of a judge and say, “I want you to admit this evidence. I have an expert that’s going to say X, Y and Z” and the first question is: is the expert qualified? Are the expert opinions reliable such that we could present them to the jury? And I take it you act as an expert in court sometimes on this data forensics UAS issues?

Expert Testimony & Consulting

David Kovar: You stated the problem perfectly. There are a lot of very talented people out here in the space. They know how to make sense of some of the data. They may know how to get the data off devices. But there are very few, if any, subject-matter experts who are going to be accepted by the court as being able to say this is or is not what happened, to state those expert opinions.

Enrico Schaefer: Yeah. So there has to be data integrity. The process and the software that is used in order to obtain the data — you have to have intimate knowledge of that to be able to describe its reliability. I mean as attorneys we understand all the different ways that evidence that you’re relying on can become inadmissible. And it’s a very challenging mountain to get over in order to get expert testimony in front of a jury. But it doesn’t just stop there because let’s just say you’re an insurance company doing an investigation: it may not be quite the same criteria as the court of law, but the information still has to be reliable.

David Kovar: The information and the process used to collect that information and the ability to turn that analysis into a clear, concise and well-written or well-communicated final report — those all need to come together in either a single person or a single organization, because whether it’s a court of law or an accident investigation or an insurance investigation you are making decisions that have either financial or reputational or public safety impacts. And those decisions must be based on the strongest possible foundation you can put together.

Enrico Schaefer: All right. So URSA and you, David Kovar, are qualified to do this kind of work and to be able to have your work product stand the test of reliability and scientific scrutiny. We’ve mentioned a couple of things. Obviously, attorneys sometimes need experts. If there happens to be a UAV involved, they’re going to need an expert who can pull the data, analyze the data and report on the data to their client and to a court of law. We touched briefly on insurance companies. What other types of customers are you working with on a consulting — on an expert consulting basis, David?

David Kovar: We have worked with several federal government agencies in terms of investigations relating to UAVs. We are also working with one of the DOD agencies in terms of helping to do threat intent, so determining from the data the intention of this particular aircraft. As you mentioned, we’ve done insurance investigations. But we’re also working with operators and vendors of these systems to help them understand either how their system is working but also how the system may be working in the future. And this falls into the predictive analytics category. How do you look at this data either retrospectively or in real time to understand how the system might fail in the future? And this helps you reduce operational risk — you know, the risk of failure endpoint — and it also helps you to do what’s called predictive maintenance, i.e. to replace components before they fail but not to just go out and willy-nilly replace all the components on some sort of scheduled basis.

UAV and AI

Enrico Schaefer: So the — I was going to say the problems, but that’s going to feed into the next part of the problems so let me rephrase it before I even say it. What you are doing on the most obvious level is trying to analyze problems that have already occurred. But what I hear you saying now is a big part of this data forensics field in UAS has the capability to head off problems before they even occur.

David Kovar: Exactly. Once you understand the data retrospectively, once you’ve really dived into that data and understand how different aspects of those systems as reflected in the data relate to each other — causation, correlation and things like that — then you can start applying that knowledge via data science, whether it’s machine learning or statistics, or even AI in certain cases. You can apply that knowledge of the data to do real-time and then future predictive analytics as well.

Enrico Schaefer: So this kind of feeds into what I really want to talk about next. We’ve talked about being a UAV forensics expert in addition to a data forensics expert. We’ve talked a little bit about the software that you have developed, the proprietary software, to be able to access data from a variety of different vendors, platforms, in order to be able to access the data and do the things that you do — either to say what the intent was, what happened or to predict what might happen in the future.

Tell us a little bit more about your software and where this is all headed in terms of predictive technology, because what is going on across the entire tech industry is this big buzzword now — it’s not big data; it’s AI. Well, AI is just predictive data. And so you guys are also heading in that direction. What is URSA working on next in terms of the AI or predictive aspect of UAS?

David Kovar: We believe that data science in general — and there are different forms of data science so statistics is an example, machine learning is another one and AI is another one. We believe that it’s important to apply the right form of data science to your data analytics problem. Statistic analysis is very well understood. Machine learning is becoming relatively well understood, and in particular the limits of what machine learning is capable of doing.

AI is still a matter of great debate, shall we say. There’s a lot of potential there. How to actually unlock that potential without creating risk is a challenge. So we are working both internally and through various research projects to really determine which one of those approaches or which combination of those approaches is most appropriate to solving different types of problems, be it threat intent, predictive failure analytics or things like that.

But fundamentally, to do any of those approaches you need that deep understanding of the data that we’ve been discussing and also access to very large data sets of the data to build the machine learning or AI models required to actually start doing this sort of work. And getting access to that data and making sense of it is one of the biggest challenges that we all face.

Enrico Schaefer: Interesting. So, David, if someone wanted to hire you as an expert consultant on data forensics, whether or not UAS or otherwise, or get in touch with you to talk about the predictive aspect in data accumulation — I assume anonymization of data for the purpose of this kind of predictive technology that’s coming — how would they do it?

David Kovar: Our Web site is www.ursasecure.com. And I am dkovar@ursasecure.com as well. And we absolutely appreciate people reaching out, and we will have any sort of conversation with them to help them understand the challenges they’re facing and how we might be able to help.

Enrico Schaefer: Great. David Kovar, founder and CEO of URSA, it’s really a pleasure having you on the show today.

David Kovar: Thank you very much for the opportunity. It’s been a pleasure being here.

Enrico Schaefer: All right. We will see you next time on Drone Law Pro Radio. My name is Enrico Schaefer. Have a great day.