trewmte,

Thanks for your thoughts.

You are quite correct, this is still issue with the bag, however, it is currently no different than putting the phone in a normal evidence bag.

By putting a protective sleeve over the phone would then inhibit the tech officer from using the phone before it goes to full tech analysis - this could save the officer from either outsourcing or completing a full analysis on a phone that may not be needed, (from an initial inspection of the phone within the Phone-Shield Faraday Bag, the officer could decide whether or not its worth investigating).

Simon

Best faraday bag you can get is 3 taco bell crunch wrap bags. Believe it or not, that blocks signals better than the stronghold bag, etc.

The problem with any faraday bag, etc is that once you run a wire out of the bag from the phone, you just put an antenna out. Even the power cable will do this.

There is a lot of misinformation about cell phone forensics anyway, a lot of it being propagated by the sellers of the forensics tools of course. Such as the value of the MD5 hash. Cell phones don't work like hard drives so the MD5 hash for a phone is not worth much.

Faraday bags are probably the biggest ripoff to date since they really don't work as well as a few layers of heavy duty aluminum foil or the triple crunch wrap bag method and they are expensive.

I agree to LarryDaniel.
The faraday bags are not bad, but if you have to keep the mobile phone alive (e. g. no known PIN) and you connect it to the power adapter, this cable will work as an additional antenna and the faraday bag is useless!!
So a better alternative would be to protect the evidence room.

Trewmte hit the nail on the head.

Right now, mobile device siezure is still a relatively new field.

However, manipulating the hand set at the scene is a big no no.

The best solution would be to forensically acquire the phone at the scene, turn it off and stuff it in a normal evidence bag.

There is a new product coming to market that will allow pretty much anyone to do just that. It is so simple and fast it makes me sick I didn't think of it.

Think about it for a second. What is the actual difference between Susteen's consumer product Data Pilot and their forenics product besides the price? They took the "Write to Phone" buttons off the interface. lol

Otherwise they work the same.

If you are not familiar with cell phone forensics, you may not be aware that you cannot get data from a cell phone in a truly forensically sound manner like you can from a computer hard drive. Simply because to get information from a phone, you have to talk to it.

Phones use a command set like the old Hayes command set we used to use to talk to modems. (If you are old like me anyway.)

You hook up a cable to the phone, and ask it to give you information. You don't pull an image off the phone like a hard drive.

Also, cell phones have an internal clock that updates the data set periodically so an md5 hash is of little use since you can't reproduce the hash by re-acquiring the phone, like you can a hard drive.

All the talk about flash boxes, secure acquisitions etc are really kind of bogus when it comes to cell phones if you understand how the acquisitions actually work.

The only real reason to use a forensic package costing thousands more than the consumer version I guess is that it gives some cool reports and you can say it's "forensic"

I own Neutino and I think it is a little sucky for the price. Susteen's product is a lot better.

Also, if you want to acquire an IDen Nextel Phone, you are going to have to use the Nextel tools anyway.

Oh and by the way, when a package says it does so many phones, etc, make sure you understand what that means. In a lot of cases a mfr will list a phone but they can only get part of the data from it.

Wow, that was long. Sorry.

trewmte wrote:

3.0) Apparently, the new Wireless Telegraphy Act, it has been said, makes it unlawful to deliberately block signals other than in a specified manner at a fixed geographical location. Faraday bags and their contents are not fixed location, not specified and as pointed out to me the meaning of fixed location was not intended to imply the inside world of a faraday bag.

This concept fascinated me ... The latest act that I could find was 2006, and I am not aware of any later than this.

The act does indeed contain sections regarding "interference" with Wireless Equipment, but this is clarified as :

Wireless Telegraphy Act wrote:

“interfere” and “interference”, in relation to wireless telegraphy, are to be construed in accordance with subsection (3); (3) For the purposes of this Act, wireless telegraphy is interfered with if the fulfilment of the purposes of the telegraphy is prejudiced (either generally or in part and, in particular, as respects all, or as respects any, of the recipients or intended recipients of a message, sound or visual image intended to be conveyed by the telegraphy) by an emission or reflection of electromagnetic energy.

Now, I would have to agree that the "purposes of the telegraphy is predjudiced" by the use of a faraday bag, however it neither emits, nor reflects electromagnetic energy, rather, it absorbs it, converting it to a charge that is disapated over the bag, and thus, I think it would be outside the scope of the act.

Good Morning/Afternoon/Evening,
I am looking for a signal blocking device which can be used in the lab whilst conducting mobile telephone examinations. The Disklabs faraday bag i have seen does not do the job, as many new phones are touchscreen and the "Window" does not allow proper access to this.
Ideas?

Forensication-can-be-fun wrote:

Good Morning/Afternoon/Evening, I am looking for a signal blocking device which can be used in the lab whilst conducting mobile telephone examinations. The Disklabs faraday bag i have seen does not do the job, as many new phones are touchscreen and the "Window" does not allow proper access to this. Ideas?

Leave a pair of these in the bag maybe lol

dotsgloves.com/

very rudimentary but it might work lol

Forensication-can-be-fun wrote:

faraday bag i have seen does not do the job, as many new phones are touchscreen and the "Window" does not allow proper access to this.

That is useful experience you have passed on F-c-b-f - thank you.

Could you not simply use a container (be it bag or otherwise) lined with zinc to block the electromagnetic and radio frequencies?

Cheers!

farmerdude


www.onlineforensictraining.com

www.forensicbootcd.com

On a little bit of a tangent here, does anyone use Faraday bags to secure wireless access points?

People that I work with (police) run into a lot of wireless and some of the evidence on the WAPs can be either damning or useful - particularly in child porn related cases.

Suspects occasionally want to claim that someone else surreptitiously logged in and downloaded the CP or was chatting up the 12 year old from their IP through an open link. DHCP logs and firewall logs can go a long way to proving this is bunk (or true). Hence the need to secure the evidence on the WAP by using a Faraday bag until you can get around to logging in and seizing the relevant files.

So is anyone securing WAPs with Faraday bags prior to accessing log files?