Safeguard your digital evidence with Faraday bags
Everything You Need to Know about Faraday Bags
Remember having to pull the plug from the back of the computer on scene? We did that to avoid any further changes from happening to the system. Then, as we obtained Random-access memory (RAM) Dump –which protected information that risked disappearing when shutting the system down– we started leaving computers on.
We protected mobile devices in a similar manner. We pulled the battery out, turned off the power and/or removed the Subscriber Identity Module (SIM) card. All while wearing gloves. Perhaps we covered the camera with black tape and were careful of what we said. We took those steps to preserve and protect evidence, others, and ourselves.
Now think about today’s smartphones where pulling the battery out will probably lock us out of the device. Removing the SIM Card may force a restart and lock us out of the device. Turning off Wi-Fi or Bluetooth on an Apple through the control center is only temporary. Bluetooth on your device or someone else’s may act as a connection to the seized device (Apple’s Find My iPhone Search Party for example). So, the preferred method is through settings if you can. If the mobile device seized is on LEAVE IT ON, even if locked.
Depending on the device there may be other settings you need to address prior to initiating airplane mode such as Google’s Play Protect (turning that off) or the Xiaomi Mi account USB Debugging Security Settings (turning that on).
As 5G rolls out new issues arise. The whole idea behind 5G is more speed and bandwidth. This means more antennas and a greater likelihood that you may have stronger signal strength in an area. So how do we protect devices immediately from this increase in outside interference?
In the past I have used empty metal paint cans (I shocked a fellow examiner showing that it worked, when sealed correctly of course) and aluminum foil wrapping the device 3-8 times. My instructions are to always check the method you use and in different parts of your facility or community as tower strength or routers or even Bluetooth connections may cause an issue.
How to choose the right faraday bag?
So, how do you tell if you can’t see the phone? One could call the test device or use a Faraday Application (yes, they do exist). I had a case where the seizing officer stated that the phone was in airplane mode, but the device was off, so I could not confirm that.
I didn’t have a Faraday box close by and aluminum foil wasn’t going to help me here. So, I took a USB rechargeable battery and connected it to the phone then I placed it into the MSAB Tablet Faraday bag. This was way better than aluminum foil.
The tablet bag has a see-through portion. I was able to see and document the phone starting up. I could see that it was in fact in airplane mode and see what power the battery had. Just make sure the battery, the cable, and the device are all sealed inside the bag. No need to create an antenna.
There are also Faraday lab boxes and tents. MSAB offers a Faraday lab that is portable, light weight, sturdy, and folds down making it storable. Wear gloves when you put your hands inside the lab box to make things easier.
Be aware that if you are close to a tower or close to a Wi-Fi router you will want to test the bag with Android and iOS devices to see if the signal gets through (don’t forget Bluetooth). If the device is on and placed in a Faraday Bag, then seal it in your Faraday lab box before opening it. And please remember that sometimes the Android device is fully powered and unlocked.
How do you keep the device this way during transport?
With both unlocked Apple and Android Devices you will want to go into the display settings and change the Auto/Screen/Display Lock or Timeout to Never or the longest time you can get which may be 10 minutes on an Android.
MSAB created the Android Keep Awake Dongle. This will keep the device from locking on you after the 10 minutes of inactivity. You just attach the Keep Awake Dongle to the Android, place it in the Faraday bag and off you go. You will, of course, need to monitor the device’s power.
MSAB also offers a drone Faraday bag. This one I have not tried yet. I wonder if MSAB will let me train an Eagle to take down drones?
For more information on any of these products, including 5G protection, please contact email@example.com