Welcome back, aspiring investigators!
In our previous article on drone forensics, we briefly discussed how this field is increasingly relevant in modern conflict zones, especially when parts of the analysis pipeline can be automated. Drone forensics is not a niche anymore. Small unmanned aerial systems are now a permanent part of warfare and reconnaissance. That means the data they carry has become just as valuable as the hardware itself. This makes drone forensics a strong candidate for further development, particularly in open-source tooling that focuses on fast extraction, parsing, and visualization of flight data.
A very clear example of this comes from the war in Ukraine. Many Russian drones are not destroyed by direct kinetic hits, which would completely obliterate both the drone and its storage. Instead, they are frequently neutralized using electronic warfare techniques such as jamming or signal disruption. When control links are lost, drones often perform emergency behaviors like auto-landing or uncontrolled but relatively soft crashes. In these cases, the fragile propellers are usually the first components to fail, while the main airframe, camera module, batteries, and onboard storage often remain intact and usable.
Because propellers are cheap and easy to replace, Ukrainian soldiers frequently repair these recovered drones and put them back into service. In some cases, they are even reprogrammed and reused against the original owner. Just as important, however, is the data extraction side. Flight logs can reveal where the drone was launched from, what route it followed and what it observed. Photos and videos stored on the drone often contain imagery of troop positions, infrastructure, or supply routes. While there are no official public statistics, OSINT reporting and battlefield footage suggest that this type of recovery and analysis happens regularly in active sectors. Both sides lose large numbers of drones every month, and recovery in contested gray zones has become standard practice. Ukrainians have even developed specialized retrieval drones equipped with hooks or magnets to pull downed drones out of minefields or no-man’s-land without risking personnel.
Examples of this include the recovery of high-value Russian Orlan-10 reconnaissance drones for both intelligence and spare parts, nearly intact Shahed or Geran kamikaze drones that were forced down by electronic warfare, and countless DJI Mavic drones whose capture is often proudly shared on social media and Telegram channels as battlefield trophies.
All of this aligns directly with what we are discussing in this article. When time is critical, the ability to quickly extract and understand flight data can materially affect operational decisions. Even shaving minutes off analysis can matter for units operating under pressure.
DJI Logbook
Repository: https://github.com/arpanghosh8453/dji-logbook/
DJI Logbook is a high-performance application designed specifically for analyzing DJI drone flight logs. It is available as a modern Tauri v2 desktop application as well as a Docker-deployable web application, which makes it suitable for both individual analysts and small teams. Internally, it is built using DuckDB for fast analytical queries and React for the user interface, which gives it strong performance even when handling large collections of flight logs.
The project is relatively new and was released at the end of January 2026, but it is actively developed. The author includes his own API key with the project. This removes several frustrating setup steps that often slow down first-time users and makes the tool much easier to test quickly.
Installation
The application supports Windows, macOS, and Linux. For demonstration purposes, we will install it on Kali Linux and then explore its capabilities.
On a Debian-based system like Kali, installation is straightforward. You can download the release package and install it using dpkg:
bash$ > wget https://github.com/arpanghosh8453/dji-logbook/releases/download/2.3.0/DJI.Logbook_2.3.0_amd64.deb
bash$ > sudo dpkg -i DJI.Logbook_2.3.0_amd64.debKeep in mind that this project is updated frequently. By the time you read this, a newer version may already be available, so always check the releases page on GitHub. Kali Linux already includes the required dependencies by default, so after installation you should be able to find DJI Logbook in your application menu.
Testing
Opening an empty application window is not very interesting, so it is useful to test the tool with real flight logs. If you do not yet have your own logs, community-shared examples work well. One such source is the PhantomPilots forum, where users have shared DJI flight logs for educational purposes. We will use logs posted by LarBear360.
Once you import a log file, the application dashboard becomes populated with meaningful data. At the top of the interface, you will see a concise summary showing flight duration, total distance traveled, maximum altitude, and peak speed. In most cases, battery information is also displayed.
Scrolling further reveals detailed telemetry data. On the right side of the interface, you can see the full flight path rendered on a satellite map. This visualization shows exactly where the drone flew and how it moved through space. In many investigative scenarios, the home location alone can already be extremely valuable, as it often points directly to the operator’s launch position. The flight path can be replayed, allowing you to observe how the drone was maneuvered and how the controller inputs changed over time.
As you continue scrolling, additional telemetry becomes available. This includes remote controller signal strength, distance from the home point, speed variations, and satellite information. All of this data helps build a picture of how the drone behaved during the flight.
The Overview window aggregates this information into visual summaries. Depending on your analytical goals, this section can highlight trends that are not immediately obvious when looking at individual flights.
By importing many logs, you can identify repeated launch areas or recurring flight patterns across multiple missions.
As you import more logs, the application maintains a persistent list. The data remains available even after closing and reopening the app, which makes DJI Logbook suitable for ongoing analysis rather than one-off inspections.
Exporting
The information parsed by DJI Logbook can be exported in multiple formats. This allows analysts to move data into other tools, create reports, or integrate results into broader intelligence workflows. Exported data can be used for mapping, timeline reconstruction and correlation with other sources.
Features
DJI Logbook focuses on speed, local processing and analyst control. It uses DuckDB to perform fast analytical queries and automatically handles large datasets without requiring cloud services. It can be run as a standalone desktop application or deployed via Docker for team-based access. Flight paths can be explored interactively on two-dimensional and three-dimensional maps, with synchronized telemetry overlays and flight replay. Modern DJI encrypted logs are supported, with automatic handling of decryption keys during initial import. All data is stored locally in a single database, avoiding unnecessary uploads to third-party servers.
Accessing the DJI Log Files
Before analysis can begin, the DJI flight log files must be collected. DJI Logbook currently supports modern DJI log files in text format.
Most consumer DJI drones do not store the main user-accessible flight logs (the detailed .txt files like DJIFlightRecord_*.txt) directly on the drone in a way that’s easy to retrieve or browse. Those are primarily saved on your phone.
On Android devices running the DJI Fly app or on DJI remote controllers, these files are usually located under the application’s internal storage directory, specifically within the FlightRecord folder (Internal Storage > Android > data > dji.go.v5 > files > FlightRecord).
On iOS devices, logs can be extracted by connecting the phone or tablet to a computer and using Finder or iTunes file sharing to copy the Logs directory from the DJI app. If Airdata synchronization was previously enabled, original log files can also be downloaded directly from that service.
There is a large amount of community documentation available on this topic, so locating the files should not be difficult even for newcomers.
However, all DJI drones (consumer and enterprise) do store some form of internal flight data in the drone’s own memory. This is usually in a binary format like .DAT files (not the readable .txt ones). These onboard logs are more limited. They often only keep data from the last few flights, as older ones get overwritten. Developing a quick, field-deployable method for extracting forensic data from downed or damaged drones on the battlefield would be extremely valuable.
Summary
By keeping analysis local and visual, the tool allows you to focus on interpretation rather than manual parsing. As drone usage continues to grow in both civilian and military contexts, the ability to quickly understand where a drone came from and how it was used will only become more important. DJI Logbook is an example of how this work can be done efficiently. Although it is not the best option to use on the battlefield, there is always room for improvement, including developing a product that could automate the process and identify the home points of these recovered drones in under a minute.
If you like what we’re doing here and want to get started in forensics or advance your skills, we recommend our training for both beginners and more experienced students.
Source: HackersArise
Source Link: https://hackers-arise.com/drone-forensics-analyzing-flights-with-dji-logbook/