Introduction
Robotics technology is rapidly expanding from industrial manufacturing into everyday life, with robots performing tasks from package delivery to surgical procedures. As robots become more autonomous and integrated into society, they increasingly become sources of forensic evidence in investigations ranging from workplace accidents to criminal activities.
By the end of this part, you will understand different types of robots and their forensic relevance, learn Robot Operating System (ROS) forensics techniques, investigate industrial robots, and analyze service robots including drones and autonomous vehicles.
Types of Robots
Understanding the classification of robots helps forensic investigators identify the types of evidence available and the appropriate acquisition methods for each category.
Industrial Robots
Programmable manipulators used in manufacturing for welding, assembly, painting, and material handling. Typically operate in controlled environments with safety systems.
Drones (UAVs)
Unmanned aerial vehicles used for photography, delivery, surveillance, and inspection. Store flight logs, GPS data, and captured media.
Autonomous Vehicles
Self-driving cars and trucks with extensive sensor arrays, AI systems, and continuous data logging for navigation and safety.
Service Robots
Robots designed to assist humans including domestic robots (vacuums, lawn mowers), delivery robots, and social robots.
Medical Robots
Surgical robots, rehabilitation robots, and telepresence robots used in healthcare. Subject to strict regulatory requirements.
Military/Security Robots
Bomb disposal robots, reconnaissance drones, and autonomous security patrol robots. Often classified with restricted access.
Robot Components and Evidence Sources
Robot Operating System (ROS) Forensics
The Robot Operating System (ROS) is a flexible framework for writing robot software. It is widely used in research, education, and increasingly in commercial robotics. Understanding ROS is essential for forensic investigation of modern robots.
ROS (Robot Operating System): An open-source meta-operating system that provides services including hardware abstraction, low-level device control, message-passing between processes, and package management. Despite its name, ROS is not an operating system but rather middleware running on Linux.
ROS Architecture
ROS Forensic Evidence
| Evidence Type | Location | Forensic Value |
|---|---|---|
| Bag Files (.bag) | ~/.ros/ or custom paths | Complete replay of sensor data, commands, and system state |
| Log Files | ~/.ros/log/ | Node errors, warnings, debug information with timestamps |
| Parameter Server | Runtime memory | Configuration parameters, calibration data |
| Launch Files (.launch) | Package directories | System configuration, node startup parameters |
| URDF Files | Package directories | Robot description, joint limits, physical parameters |
Analyzing ROS Bag Files
ROS bag files are the most valuable forensic artifact from ROS-based robots. They contain recorded message data that can recreate the robot's entire operational state.
# List information about a bag file
rosbag info recording.bag
# Play back recorded data
rosbag play recording.bag
# Extract specific topic to CSV
rostopic echo -b recording.bag -p /gps/fix > gps_data.csv
# Filter bag file by time range
rosbag filter input.bag output.bag "t.secs >= 1609459200 and t.secs <= 1609462800"
ROS2 (the successor to ROS) uses different file formats and tools. Bag files in ROS2 use SQLite databases (.db3) instead of the custom binary format. Use 'ros2 bag info' and 'ros2 bag play' for ROS2 systems.
Industrial Robot Forensics
Industrial robots are used extensively in manufacturing, and forensic investigation may be required following workplace accidents, production quality issues, or sabotage incidents.
Major Industrial Robot Manufacturers
- ABB: IRC5 controller, RAPID programming language
- FANUC: R-30iB controller, KAREL/TP programming
- KUKA: KR C4 controller, KRL programming language
- Yaskawa: DX200 controller, INFORM programming
- Universal Robots: CB-Series controller, URScript/Polyscope
Industrial Robot Evidence Sources
Controller Logs
Error logs, program execution history, safety system triggers, operator actions, and mode changes.
Program Files
Robot programs, macros, user-defined routines. May show modifications or unauthorized changes.
Motion Data
Joint positions, velocities, torques. Can reconstruct exact movements during an incident.
Safety System Logs
Emergency stop events, safety zone violations, light curtain triggers, interlock status.
Industrial Robot Safety Systems
Understanding safety systems is crucial for accident investigation:
- Emergency Stop (E-Stop): Hardware interrupt that immediately halts all robot motion
- Safety-Rated Monitored Stop: Software-controlled stop with monitoring
- Speed and Separation Monitoring: Reduces speed when humans are detected nearby
- Hand Guiding: Allows direct physical robot manipulation with safety monitoring
- Safety Fences: Physical barriers with interlocked access gates
- Light Curtains: Optical barriers that trigger stop when breached
In India, industrial robot accidents may involve multiple legal frameworks: Factories Act 1948, Occupational Safety regulations, IT Act for cyber-related incidents, and potentially BNS for criminal negligence. Section 106 BNS addresses causing death by negligence, while Section 125 covers endangering life or personal safety.
Drone (UAV) Forensics
Unmanned Aerial Vehicles (UAVs) or drones have become ubiquitous for both legitimate purposes and criminal activities. Drone forensics involves extracting flight data, imagery, and communication logs.
Common Drone Platforms
| Platform | Data Storage | Key Evidence |
|---|---|---|
| DJI (Mavic, Phantom, etc.) | Internal + SD card + cloud | Flight logs (.dat), media, NFZ database |
| Parrot | Internal + SD card | Flight logs (.pud), photos, videos |
| Skydio | Internal + cloud | Flight paths, autonomy decisions, video |
| Custom/DIY (Pixhawk, ArduPilot) | SD card | DataFlash logs (.bin), telemetry |
Drone Forensic Data
- Flight Logs: GPS coordinates, altitude, speed, heading, timestamps for entire flight
- Telemetry Data: Battery voltage, motor RPM, signal strength, sensor readings
- Media Files: Photos and videos with EXIF/metadata including GPS coordinates
- Controller Data: Paired device information, command history, waypoints
- No-Fly Zone (NFZ) Data: Geofencing database, override attempts, authorization records
- Mobile App Data: Account information, flight history, cached maps
DJI Drone Forensics
DJI drones are the most common consumer and prosumer drones. Key forensic artifacts include:
# Android DJI Go 4 App
/data/data/dji.go.v4/files/FlightRecord/
# iOS DJI Go 4 App
/private/var/mobile/Containers/Data/Application/[APP_UUID]/Documents/FlightRecords/
# Drone Internal Storage
/MISC/FLYXXX.DAT (encrypted flight logs)
# SD Card
/DCIM/ (photos and videos)
/MISC/ (additional logs)
DJI Flight Log Viewer: Official tool for basic log viewing. Airdata UAV: Cloud service for detailed flight analysis. CsvView: Free tool for parsing DJI .dat files. Autopsy/Cellebrite: Mobile forensic tools can extract app data from controllers.
Drone operations in India are governed by the Drone Rules 2021 and Digital Sky Platform. Violations may include flying in restricted zones (airports, government buildings), beyond visual line of sight without permission, or exceeding altitude limits. DGCA registration and Remote Pilot Certificate are mandatory for most operations.
Autonomous Vehicle Forensics
Autonomous vehicles (AVs) are among the most data-rich robots, continuously recording sensor data, AI decisions, and vehicle telemetry. Forensic investigation of AVs is critical for accident reconstruction and liability determination.
AV Data Sources
Camera Systems
Multiple cameras capturing 360-degree views. Video footage, object detection results, lane marking data.
LIDAR/RADAR
Point cloud data showing 3D environment. Object tracking, distance measurements, collision predictions.
GPS/GNSS
Precise positioning data, route history, HD map matching. May include RTK corrections for centimeter accuracy.
AI Decision Logs
Path planning decisions, object classifications, predicted trajectories, intervention triggers.
Event Data Recorders (EDR)
Similar to aircraft black boxes, modern vehicles contain EDRs that record:
- Pre-crash vehicle speed, acceleration, braking
- Steering wheel angle and rate of change
- Seatbelt status and airbag deployment
- Engine/motor data including throttle position
- Stability control and ABS activation
- Timestamps accurate to milliseconds
Tesla-Specific Forensics
Tesla vehicles are heavily instrumented and maintain detailed logs:
- Gateway Logs: CAN bus data from all vehicle systems
- Autopilot Data: Camera feeds, neural network decisions, driver attention monitoring
- Sentry Mode: Continuous video recording when parked
- TeslaCam: Dashcam footage from multiple cameras
- Cloud Sync: Some data transmitted to Tesla servers in real-time
Many AVs continuously overwrite older data due to storage constraints. Dashcam footage may be preserved for only hours. Immediately securing the vehicle and initiating data preservation is critical. Physical disconnection of 12V power can help prevent data overwriting.
Service Robot Forensics
Service robots designed to assist humans in various settings are becoming common in homes, offices, and public spaces. These robots collect operational data that can be forensically valuable.
Types of Service Robots
- Domestic Robots: Robot vacuums (Roomba, Roborock), lawn mowers, pool cleaners
- Delivery Robots: Starship, Nuro, Amazon Scout for last-mile delivery
- Hospitality Robots: Room service, reception, guidance robots in hotels/airports
- Social Robots: Companion robots, educational robots for children
- Telepresence Robots: Remote presence robots for business and healthcare
Robot Vacuum Forensics
Robot vacuums are surprisingly rich sources of forensic evidence:
Floor Maps
SLAM-generated maps reveal room layouts, furniture placement, and changes over time.
Cleaning History
Timestamps of cleaning sessions indicate home occupancy patterns.
WiFi Data
Connected network history, paired devices, remote commands received.
Camera/Audio
Some models include cameras for navigation that may capture images of the environment.
In a murder investigation in Arkansas, USA, data from a Roomba robot vacuum was used as evidence. The cleaning logs showed when the house was occupied, and the floor maps helped investigators understand the crime scene layout. The robot had continued operating during the incident, potentially capturing audio through its microphone.
Robot Data Acquisition
Acquiring data from robots requires understanding their storage systems and interfaces.
Acquisition Methods
| Method | Description | Use Case |
|---|---|---|
| USB/SD Card Extraction | Remove storage media for imaging | Drones, industrial robots, simple systems |
| Network Acquisition | Remote access via SSH, FTP, proprietary protocols | ROS systems, networked robots |
| Manufacturer Tools | Official software for data export | Industrial robots, commercial drones |
| Mobile App Extraction | Forensic extraction from paired smartphone | Consumer robots, drones, service robots |
| Cloud Acquisition | Legal requests to cloud service providers | Connected robots with cloud sync |
| JTAG/Chip-Off | Hardware-level extraction from embedded storage | Damaged or locked devices |
For Section 63 BSA compliance, thoroughly document the robot's make/model/serial number, software version, storage devices, acquisition method, and chain of custody. Hash all acquired data immediately. If multiple sources are used (device, app, cloud), each requires separate documentation.
- Robots range from industrial manipulators to consumer drones, each with unique forensic considerations
- ROS (Robot Operating System) is widely used; bag files (.bag) contain complete operational recordings
- Industrial robots store program files, motion data, and safety system logs in their controllers
- Drone forensics involves flight logs, media files, controller data, and mobile app extraction
- Autonomous vehicles are data-rich with cameras, LIDAR, AI decision logs, and EDR data
- Service robots like vacuums capture floor maps, occupancy patterns, and WiFi/device data
- Acquisition methods include physical media, network access, manufacturer tools, and cloud requests
- Data volatility is a critical concern - immediate preservation is essential for robot forensics