Gregg,
Good article, but I have a question or two.
1. Is there a perfect incident response that can be designed or formulated for first responders regarding a cellular device that is ON and communicating with its respective network? If you had the option is there a cellular device out there that you would recommend not be turned off?
2. I’m not trying to sound ignorant here, but has the mobile forensics community defined what the actual role of a Faraday bag is and how it should or should not be used? From what I have observed and some things I have read I believe that there many who are trying to substitute a see through type Faraday bag for a Ramsey shielded enclosure. I know that $1,500.00 is a punch to the wallet, but trying to get buy at $40.00 will ultimately get you in trouble.
I recently saw a white paper regarding the use of Faraday bags and possible legal issues. [47 U.C.S. 333] WILLFUL OR MALICIOUS INTERFERENCE. No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this Act or operated by the United States Government.
As Shakespeare said “To shield or not to shield, that is the question.” The law does not say LE gets a free pass if someone is in custody so if I am LE do I want to hear the defense say that I willfully interfered with a radio communication or do I want to fight the claim of unlawful intercept? If I tried to use a paint can or aluminum foil would the same not be true as well?
Again I’m inclined to go back and ask what the role of the Faraday bag is. To temporarily take something off the network? Now once I shield the signal the phone will be working extra hard to communicate with the network thus draining the battery. I’ve never seen a Faraday bag with a hook up to attach a power cord so while it remains in the bag I know my time is running out. If the bags can ultimately fail then what good are they? Why not just turn the phone off?
Cheers!
Hi ED, apologies for delay in responding.
Good article,….
If you are talking about this thread, I agree the various comments from contributors makes the thread interesting. If you meant the 'report' then that isn't mine and I had no input into it. It is produced from a US source. It identifies, according to the people conducting the study, that having used a pre-defined and considered procedure to test faraday containers that when combined the results confirm that the tested DUT containers were to sometimes work, sometimes not work.
I am assuming that similar, if not the same, fundamental tests were conducted by law enforcement and their advisory bodies that adopted the faraday containers that they had 'first' predefined the methodology/tests and conducted such tests and analysis before putting pen to paper, so to speak.
There are some websites showing isolation/shielding tests conducted on faraday devices but from the information published it is insufficient to run side-by-side analysis with the content of the report that could answer at least two points raised by the report; and, whilst not taking anything away from the report, there are more matters the US report does not seek clarification due to the scope of the aims and objectives for the work undertaken.
1. Is there a perfect incident response that can be designed or formulated for first responders regarding a cellular device that is ON and communicating with its respective network? If you had the option is there a cellular device out there that you would recommend not be turned off?
The first incident response that I put to you for your consideration is identify those small number of handsets/incidences where combined they (handsets/incidences) might require the handset to be left switched ON. Make that the subject of appropriate and proper research and you will find faraday containers are only a "could be/might be" option in a series of options.
2. I’m not trying to sound ignorant here, but has the mobile forensics community defined what the actual role of a Faraday bag is and how it should or should not be used?
I think your question will be better answered by waiting to see 'if' the research of independent test results and analysis conducted by law enforcement is revealed and whether those tests/analysis picked up on the same matters as the US report and other issues it did not cover. At this stage we need to distinguish the reality of the technical position divorced from the shroud of 'best endeavours', for the latter isn't being scrutinised, it is the technical merit of the situation, followed by whether it was/is an appropriate approach to use faraday containers and whether that approach could be considered in the category (of the double entendre) 'forensic'.
What I can say is that I, personally, was never invited or asked if I would like to contribute, give ideas for use to or engage in any discussion/project in the first place associated with 'public sector use of faraday containers', 'mobile community project/s' or 'forensics debate' where the 'findings' would lead to the wide spread use of faraday containers by law enforcement or others.
I recently saw a white paper regarding the use of Faraday bags and possible legal issues. [47 U.C.S. 333] WILLFUL OR MALICIOUS INTERFERENCE. No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this Act or operated by the United States Government.
As Shakespeare said “To shield or not to shield, that is the question.” The law does not say LE gets a free pass if someone is in custody so if I am LE do I want to hear the defense say that I willfully interfered with a radio communication or do I want to fight the claim of unlawful intercept? If I tried to use a paint can or aluminum foil would the same not be true as well?
Which white paper were you reading? Thanks for the reference to US law code you quoted. The UK Wireless Telegraphy Act has (and historically) similar provisions and EU codes have documented similar/other provisions, too.