Development of digital investigation framework for Robot Operating System (ROS)

Abstract

The incorporation of robot use into each industry has made industrial operations dependent on automation and precision in completing tasks. Though it is advanced, security problems within the robots, particularly ROS, are new challenges that pose an even higher risk because of their increased vulnerability to cyber-attacks. One of the most widely used frameworks in robotics, ROS presents unique forensic challenges through its architecture, open communication protocols, and lack of built-in security features. To discuss the above issues, this thesis proposes the ROS Forensic Framework (ROSFF) specially designed to address forensic issues specific to ROSbased environments. The ROSFF is somewhat different from conventional digital forensicframeworks, with a few differences outlined as follows. Unlike the frameworks for traditional systems such as desktop computers, mobile phones, or even IoT devices, ROSFF is custommade to cope with the decentralized and modular nature of ROS. The number of existing systems focused on particular operating systems or isolated forensic phases is on a major increase, whereas ROSFF integrates all aspects - organizational, technical, and legal. The ROS Forensic Framework (ROSFF) is not similar to all the traditional digital forensic frameworks because it addresses the unique characteristics of the architecture, including ROSdecentralized and modular. Traditional forensic framework tools are designed for centralized systems that are ineffective for communication across several nodes and topics in ROS. In contrast, ROSFF is specifically designed to collect evidence across these distributed components making sure that complete evidence collection is taken into account with the system's dynamicnature. ROSFF uses decentralized logging. The mechanism of evidence collection from numerous nodes and topics of the ROS system thus ensures comprehensive data collection, with all relevant interactions and communications in a networked environment. It integrates seamlessly with ROS's architecture to collect, preserve, and analyze digital evidence ensuring that every stage of the forensic process is systematically addressed. The immutable data storage system implemented by ROSFF maintains digital evidence without losing its integrity, and the use of ROS-specific tools in real-time analysis ensures critical forensic data capture and interpretation without loss of validity. Moreover, while existing frameworks mostly fail to provide real-time capabilities, in ROSFF realtime monitoring and automated anomaly detection are made, where certain suspicious activitiescan quickly be marked. By the mechanism of ROSFF, anomaly detection algorithms continuously monitor system activity for suspicious behavior. Any suspicious information is marked, and then this marking allows irregularities to be identified immediately by streamlining the forensic investigation process. Forensic checks in ROSFF are also robust, including systematic data acquisition, verification mechanisms, and reconstruction of incidents. Furthermore, ROSFF provides a flexible meta-model, allowing investigators to adapt the framework to different ROS versions and configurations. ROSFF has a four-phase process in its forensic checks, containing data collection, examination, analysis, and reporting. Unlike most of the frameworks, which rely on general-purpose forensic tools, ROSFF emphasizes flexibility with accuracy, using specially designed ROS-specific tools toextract log files, traces from the system, and histories of events. This leads not only to gathering the evidence but also to understanding an incident in context within the ecosystem of ROS. This ensures both technical and legal aspects of the investigation warrant that the forensic findings are valid and make them reliable for presentation in court. This thesis applies ROSFF to real-world scenarios to demonstrate the practicality and effectiveness of such an approach. The results indicate that ROSFF enables more comprehensive forensic evaluations in ROS-based systems, better overcoming the limitations of existing digital forensic frameworks. Thus, it concludes by saying that ROSFF offers a novel, systematic approach toward forensic investigations within robotic environments, both opening new avenues for academic research and contributing to reallifedigital forensics.

Date of Award	8 Apr 2025
Original language	English
Awarding Institution	University of Bedfordshire
Supervisor	Dayou Li (Supervisor) & Xiaohua Feng (Second supervisor)