Trewmte, re the EDEC test - I co-invented and patented that bag and worked on the white paper with the individual who published it. You pose multiple questions, but you keep circling back to one in particular that puzzles me.
4) How long does it take to close the bag?
The above human intervention equally needs attention along with the length of time it takes to create radio isolation once inside the container (risk)
© how long does it take for any radio signals inside the isolated area to diminish and so on.
Why are you fixated on how long it takes for signal to diminish inside of a faraday bag? In a real-world usage scenario, the investigator/operative/etc is placing a live device inside of the faraday bag, or a device that has already been turned off. If the device is live or off, what will happen from the time it's placed in the bag that wouldn't have happened before then? The faraday bag is primarily preventative, in that it eliminates the possibility or evidence alteration. Are you asking if simply placing the device in the bag (i.e. signal loss) is an action that alters the data on the device in a forensically significant way?
I suppose I just don't understand the real world implication of this question. I'm not saying it's not there, I just need clarification to understand how to test for what you're asking.
The faraday bag is primarily preventative, in that it eliminates the possibility of evidence alteration.
Here is the whole point.
Seemingly a Faraday bag (or box or cage for that matters) does not "eliminate the possibility", it reduces the possibility of evidence alteration.
I like to think of these devices as I would think of a watch case.
If I buy a watch marked water resistant (ISO 2281)
https://
with the added indication of 30 m, I can reasonably expect to wear it everyday in normal activities (including quickly washing my hands).
If I get one marked 50 m or 100 m I can reasonably shower and swim with it on my wrist, and also make some surface diving (like 3 or 4 meters as you could go in a swimming pool) without having water entering it.
Since I don't do scuba diving and in any case never went deeper than (say) 10 meters underwater, I don't need a diving watch (ISO 6425) marked 200 m or so.
So, there are (simplified) three "grades", each with a reasonable "safety margin", i.e. the tests are much harder than what the device is actually subject to.
What we don't know (because of lack of a testing standard, because of confusion in the specs, uncertainties on the power of signal of the networks, etc.) is which are these "safety margins" (if any) AND we don't even know, if we go for the "top" faraday container if it will actually be RF proof in the worst possible conditions.
It is well possible that a Faraday container, *somehow* resulting as having (say) 70db attenuation has an actual "minimum guaranteed" attenuation of (still say) 55db and that 50db is what is enough to avoid interferences.
But it is well possible (we don't know) that in some areas an attenuation of 65db is needed and then the "tested for 70db" container doesn't guarantee it in all conditions, and we need a "rated 85/105 db" 😯 container (example bag)
http//
That would be in my perverted mind more than 1/40,000,000,000 ratio.
or then why not a "100 db+" container (example box)
http//
that would be 1/100,000,000,000
But all in all it is still possible that a 70db or a 105db are "way overkill", and a "real world" attenuation of (still say) 40 db is enough.
As I proposed earlier, all the "db attenuation stuff" is anyway "meaningless metrics" and what would be needed would be some "grades"
http//www.forensicfocus.com/Forums/viewtopic/p=6565578/#6565578
jaclaz
From the Prof
Some of the standards he cites have frequency ranges that are too low (for the faraday bags). Or, for IEEE 299, for example, it is particularly for screened rooms – great for a Faraday garage but not for a Faraday keyfob.
Some of the techniques used are likely to translate but not all of them and I doubt if any of the commercially available standards would work directly without substantial ‘bend to fit’.
I agree with JacLaz, there is no perfect solution, however, getting a standard of sorts is a start. If nothing else, it will highlight that there is a need for such standards and hopefully, this will help develop this field - so that eventually, we can 'block all signals'.
Regards,
Simon
From the Prof
Some of the standards he cites have frequency ranges that are too low (for the faraday bags). Or, for IEEE 299, for example, it is particularly for screened rooms – great for a Faraday garage but not for a Faraday keyfob.
Some of the techniques used are likely to translate but not all of them and I doubt if any of the commercially available standards would work directly without substantial ‘bend to fit’.
When he responded I believe he possibly hadn't understood my overall thread which I did distinguish intention when I posted. My comments are clear as to the frequency ranges as they are already written there, as are other details. Faraday containers are only one element in the chain and the other end would be when seized evidence reaches the lab the list of standards and guides stated were to help in that chain of causation. The assumption he makes about bend to fit is not one being suggested by me or anybody else. I am sure you are aware that some labs are going through ISO/IEC 17025 etc. so found reference materials to be considered (or rejected) for an isolation chamber or room or container might be received and perceived as being helpful.
The correlation to the standard you mention being prepared is obviously a useful contributor to this field and well done for all the efforts being put into it. However, there is still the human intervention factor that essentially needs to have been considered in the groundwork for either a standard or guidelines (whichever is preferred) relating to seizure procedures. The latter was not in the scope of the report you posted; nonetheless is its informative so thanks once again.
Trewmte, re the EDEC test - I co-invented and patented that bag and worked on the white paper with the individual who published it….
Thanks for your feedback. Obviously the report doesn't mention your name but I did find on my research travels that your name is listed in a number of patent details published on the internet e.g. - http//
Trewmte, re the EDEC test - I co-invented and patented that bag and worked on the white paper with the individual who published it. You pose multiple questions, but you keep circling back to one in particular that puzzles me.
4) How long does it take to close the bag?
The above human intervention equally needs attention along with the length of time it takes to create radio isolation once inside the container (risk)
© how long does it take for any radio signals inside the isolated area to diminish and so on.
Why are you fixated on how long it takes for signal to diminish inside of a faraday bag? In a real-world usage scenario, the investigator/operative/etc is placing a live device inside of the faraday bag, or a device that has already been turned off. If the device is live or off, what will happen from the time it's placed in the bag that wouldn't have happened before then? The faraday bag is primarily preventative, in that it eliminates the possibility or evidence alteration. Are you asking if simply placing the device in the bag (i.e. signal loss) is an action that alters the data on the device in a forensically significant way?
I suppose I just don't understand the real world implication of this question. I'm not saying it's not there, I just need clarification to understand how to test for what you're asking.
I am not sure fixation is correct for this matter only because the standards for e.g. GSM/UMTS/LTE etc all specify strict timing periods, because the basis upon which digital mobile communication operates is timing. Without timing being carefully regulated in mandated terms there would be no universal standard to adopt as LTE UEs would find working in one country or network might not work in another. Moreover, UEs today can be configured for a wide range of radio technologies e.g.
GSM
CDMA
WCDMA
LTE/LTE+
GPS
Bluetooth
WiFi 2.5/5G
RFID
and so on.
Using LTE as an example, can I invite you to go through these standards below (if you are not aware of them) and you will note that radio decisions take place at the handset are being taken with milli-seconds and cell selection and neighbour detection between 2-seconds to 8 seconds as one set of illustrators about speed of timing.
TS 36.304
Evolved Universal Terrestrial Radio Access (E-UTRA);
User Equipment (UE) procedures in idle mode
http//
TS 36.331
Evolved Universal Terrestrial Radio Access (E-UTRA);
Radio Resource Control (RRC);
Protocol specification
http//
The timing to insert a device and close the faraday bag could mean new signalling or degraded signal changes artefacts on a device or given the speed at which radio signals travel e.g. micro-seconds in the ether, milli-seconds to make decisions in UE and seconds to makes changes etc in the UE, a person seizing and securing may take 30-seconds to complete the insertion of the device and close the bag. 30 seconds in digital radio terms can be 5-timer life-times. As text messages maybe received could be another factor and the list goes on.
As a crude example, when the bag is opened radio signals (or energy if you like) floods into the bag container area. With a device being inserted the UE may detect degraded signalling and ramp up its power which creates a second flood of energy, which may happen before the bag is closed. The UE may now start running e.g. FDD/TDD measID and radio artefacts may now be changing as a consequent of use of the isolation.
This is of course very simplistic in the way I have put it but at this stage as we simply do not know enough of what is happening to the seized device. Now in your report, which I referred to in my earlier post, you helpfully use a real-world solution to testing (a test tool) noting the loss of detection of APs within a 20-seconds period inside the closed bag. I have taken your idea and suggest applying it in radio terms for seizing e.g. switched on smartphones.
A seizing officer doesn't want all the complications of being a scientist to know everything about everything. It is as Jaclaz refers in his post about user knowledge confidence that the tool supplier has already thought of this (to assist written procedures); and has provided meaningful data of what is happening inside and outside of the bag regarding escaping or entry of radio signals/power. Obviously, there are many reports/literature that references varying attenuation measurements external / internal to faraday containers (bag, holdall, box and so on). Attenuation measurements are not mentioned in your report.
At the other end of the scale imagine the lab receives the bag with a switched on smartphone. The only point of reference at the lab is when it is received and opened at the lab. If changes have occurred in transits or at the beginning during seizure prior to arrival at the lab, the lab will know nothing of this until AFTER examination etc. Again my comments are very simplistic as seized devices may need to be checked for fingerprints, drugs, GSR etc. even before going off for lab examination. The more precise the use of your tool can be during the seizure procedure (with known factors) may assist is reducing mistaken allegations made against all those involved in the chain of custody.
As this field is still evolving, various parties are preparing standards or producing guidelines. Currently it is best endeavours.
Other areas you may look to are life-time usage. Some containers claim only one-time usage, others 6-months and others longer. Also, some containers use coatings and these coatings need to be assessed against the materials they are applied (treatment) and where ultra high frequencies are concerned (e.g. above a few GHz) may overtime degrade the isolation materials.
Lastly, when I wrote my previous post to which you responded it was intended to cover the widest view for containers and locations rooms/chambers etc.). I used your report because it brings something to the table where many other reports/articles/whitepapers have failed to show any research at all.
RJudy55
I note from reading the thread that you state you 'co-invented' the portable enclosure?
From your patent, I note that you registered the patent in 2014?
We, (Disklabs) were selling portable shielded bags (with the window), in 2007.
Looking back through emails from 2010, even back then we were discussing the bags and I offered to get your original bags tested for you - which I did.
Truth be known, it was my mother-in-law that made the very first window'd faraday bag on here dining room table, in 2007, if memory serves me correctly? I may still have it floating around - if I did deep enough?
Simon
All,
Professor Duffy, (DeMontfort University), is currently working on setting up an ISO standard for portable enclosures. He has working with him on this project some of the world leaders in EMF including people from the US, Belgium, UK, India, which include academics, those from EMF testing agencies and the commercial world.
If there are things that you believe that should be considered in this standard, please let me know and I will pass this on to him for consideration.
Regards,
Simon
All,
Professor Duffy, (DeMontfort University), is currently working on setting up an ISO standard for portable enclosures.
With all due respect, ISO doesn't sound to me like the "right" organization to "solve the issue", the IEEE or however a more "technically oriented" and "specialized" organization providing a set of specifications and testing methods seem to me more suitable (and ISO may later adopt them).
The risk with ISO is (in my perverted mind) that all will come out of it will be a (BTW secret/not publicly available) "generic" norm, with a zillion possibilities that each vendor/involved party will interpret differently, with no or little possibility for direct verification.
The thing that it may solve, however ) , will be "lifting personal responsability" from the investigator, that will be able to declare that he used a " ISO nnnn" compliant Faraday bag (or container) along "ISO nnnn" handling guidelines, and if the phone got messages (or whatever) it is not his/her fault as he/she "followed the rules to the letter".
If there are things that you believe that should be considered in this standard, please let me know and I will pass this on to him for consideration.
Still with all due respect, there is seemingly no real need to have you as a MITM, this discussion thread is publicly viewable, you can point him to here and he will be able to read it directly (without needing to become a member of the board, unless he should want to reply or post some considerations).
jaclaz
JacLaz,
My mistake, it will be an IEEE standard, not an ISO one, (we have an ISO audit today - I got my wires crossed!)
On an aside, if you want me to send you a sample to play with, just let me know.
Simon
JacLaz,
My mistake, it will be an IEEE standard, not an ISO one, (we have an ISO audit today - I got my wires crossed!)
No prob ) .
It happens to everyone, especially during an ISO audit, which however is still slightly less preoccupying (as it is expected) than wink 
https://
jaclaz