RF shielding

Having a battery pack would definitely fix requirement two, though temperatures in the tin box might become too high for the mobile phone(s) since there is no ventilation.

Hmmm, I doubt it.

I mean, maybe depending on the (optional/yet to be recognised as a good idea) foam inside it, otherwise metal tin boxes tend to have an excellent heat transmission, of course experiments should be made, but basically a handy can be (while being operated, i.e. in "full power mode") held in your hand for minutes/hours (with - say - 2/4 of the phone surface wrapped in your hand and 1/4 pressed against your ear) and I am failing to see evidence of people accessing emergency rooms with scolded ears…. roll

BTW, and OT, there are exceptions, as always wink
http//www.ebaumsworld.com/jokes/read/764484/

Back to topic, it seems like RFI shielding glass is anyway above the 30 db attenuation, actually above 40 db for the frequencies we are mainly interested in
http//www.tempestusa.com/emitech.html
http//www.ramayes.com/RF_Shielded_Glass.htm
http//www.ramayes.com/Data%20Files/Tempest%20Security/New_DataStop_Brochure.pdf

These guys also have "forensic pouches"
http//www.ramayes.com/RF_Shielded_Forensic_Pouch.htm
http//www.ramayes.com/Data%20Files/Select%20Fabricators/SFP%20Security%20Pouch%20Sell%20Sheet%2005072012.pdf
promising more than 75 db attenuation 😯

As well, here is another source (still 75 db attenuation)
http//www.select-fabricators.com/products/forensics/usb-forensic-pouch/
Here is the test report
https://www.justnet.org/pdf/SFP1215W-Forensic-Pouch.pdf
though, with all due respect to the good guys at the "NIJ Electronic Crime Technology Center of Excellence", it seems to me more like a joke than anything else. ?

It seems like there is a US Military "standard" on shielding, MIL-STD-285 (from 1956) which has been replaced in 1997 by IEEE-STD-299 and in 2006 by 299-2006 and that it is "in the works" yet a new one titled "P299.1 IEEE Draft Standard Method for Measuring the Shielding Effectiveness of Enclosures and Boxes Having All Dimensions between 0.1 m and 2 m (P)".
I find surprising that the current standard IEEE-299-2006 is not referenced more widely, though, admittedly, the standard is about/limited to "enclosures having all dimension greater than or equal to 2.0 m", as an example, the standard is used anyway by Chomerics
http//www.chomerics.com/products/thermoplastics/index.html
even for smaller enclosures, see
http//vendor.parker.com/Groups/Seal/Divisions/Chomerics/Chomerics%20Product%20Library.nsf/24eb4985905ece34852569580074557a/fbadc5684e28bf8a85257355004eb669/$FILE/PREMIER-%20PEI-140-TB--EN-1026.pdf

jaclaz

..

I do agree that there is a lack of practical test information available, but as a manufacturer of faraday products I can say it is not as easy as you might think to produce this data.

Well, with all due respect, that's (mainly) your problem (in the sense of pertaining to *any* manufacturer of "faraday products").
I would guess that - given the intended audience/kind of customers of the products, the one(s) that will be able to provide "better" or "more" data would likely increase their sales.

We do always tell our customers that faraday bags are not an on/off solution and can only reduce signal strength, usually to the point of cutting the device from the network. We also design our products to compensate for possible failures, for example by providing an extra faraday bag with our Data Bag kit.
http//faraday-bags.com....
Data Bag Kit Usage Videos
The user is instructed to place the Data Bag in this extra bag while in unknown signal environments, to increase the level of shielding in situations where the bag itself might fail. These features help the average user achieve the highest level of success with the bag, and we print them right on the bag. As a manufacturer, we see our responsibility to lie in creating the "channel" for the user to use the product correctly vs. providing a multitude of practical written usage scenarios. This is not a justification for not having produced this data, but it is one reason why we haven't focused on packaging more of this type of information with our bags.

That's very good, but (again with all due respect) it sound to me a lot like "to be on the safe side wrap it in some more tinfoil".

Another reason why we haven't carried out more practical tests relates to the large amount of environmental variations. If we conduct practical tests with one bag, with 10 phones, with one tower, in one area, we will end up with some data
….

But is this data useful? It's useful for that tower in that area, but it might be useless for the environment one mile away. It's more than likely not very useful for customers on other networks, in other countries, or with other bags. The way in which the top of the bag is rolled, the way the bag is contorted, the things around the bag, can all affect shielding as well. With so many variations in effect, it can seem defeating to produce a valuable test and many manufacturers simply don't.

As I see it, yes, DATA is always useful, even if it does not represent a "final answer" to the "ultimate question", it may provide anyway a base on which to build a "proper" handling protocol and/or create a risk assessment.

With that said, I would certainly like to come up with more useful practical testing info, and would like to know if anyone on the forum has any ideas. Honestly I don't have a good concept for designing a test that covers a wide range of scenarios, so perhaps the community here does. I see this benefiting our customers and other forensic practitioners.

It seems to me that "rudimental" as it may seem, the approach by the Author of the mentioned paper is "good enough" (and needs not any particularly expensive tool/measuring equipment).
Just as an example if you get three handies (with three different phone companies) and every morning you give them (only the phone) to three friends/employees borrowing his/her phone in exchange, then put it (with "your" SIM card) in a bag and ask them to carry with them in their normal activities "your" phone (with "their" SIM) and "their" phone (with "your" SIM) for 24 hours (having set *something* to call/MMS/SMS your SIM every - say - 10 minutes) in a few weeks you will have examined a vast number of different models in a vast number of different locations and you could draw a "statistical map" of the probabilities.

Getting back for a moment to the "cold, scientific" data, the preamble to the cited paper stated how different authors/Sources talked of 17/19 dB OR of 50 dB as the *needed* attenuation level. Being dB's actually on a logarithmic scale, it is somewhat like saying that a speed limit is between 55 and 311 😯 MpH or that a man can weight between 70 and 580 pounds, they do not represent a "range", but rather some "wild" or "random" numbers.

But *somewhere* there must be a limit, be it 17, 20, 50, 60, 75 or 100 dB, to have "total attenuation".

I would also say that the "nature" of the case might have a great relevance.

I like to use fantasy to depict fictional scenarios, different levels of security/attenuation may be needed/advised in differing scenarios (again on a probabilistic case), examples

1. a handy is seized in the house of an old woman where someone broke in and robbed her
2. a handy is seized in the course of a vast scale organized crime investigation (let's say drug related)
3. a handy is found among the belongings of a Mr. James Bond (suspected of being a British spy)

[/listo]
I would say that in case #1 the consequences of a (very unlike) contamination from point of seizure to lab are very, very little or non-existant, a "grade 1" faraday enclosure is more than enough.
In #2 due to the higher probability of attempts to contaminate and the possible severity of the consequences would call for a "grade 2".
In #3 knowing how Q likes to put C6 in cellular phones and make them able to explode if a coded SMS message is sent to them would require a "grade 3" with nearly 100% safety.

If you think a bit about how safes are graded, for either "burglar" or "fire" risks (example)
http//www.chubbsafes.com/certification/teststandards/burglarystandards/Pages/default.aspx
http//www.chubbsafes.com/certification/teststandards/firestandards/Pages/default.aspx
it would be logical to use a similar approach to "faraday enclosures".

I did see this test referenced
https://www.justnet.org/pdf/SFP1215W-Forensic-Pouch.pdf

Also with respect to the NIJ folks, this seems like a marketing piece, not a test. Is there more data behind this test that I'm missing?

As a matter of fact I cited it as it seemed to me completely unlike a "test report".
It seems to me more like the (cannot say if real or merely urban legend) old Rolls Royce car spec sheet that defined horsepower as "enough".
A

Don't worry, we tested 'em and they work, you can take our word for it

kind of nonsense (particularly if the intended audience are scientists and investigators).

jaclaz

..

What are your thoughts on the methods of gathering the above information?

rjudy55, apologies if I missed it, but exactly which manufacturer do you work?

I could be wrong, and no doubt jaclaz would say so, but I suspect jaclaz was setting out to form a hypothesis or to assume by hypothesis.

Some observations

Most certainly the 'characteristics' and 'properties' of the container (DUT (device under test)) acting as shielding would need to be clearly defined and the robustness of those tests considered and scrutinised to which the container would be exposed.

The testing procedure would require the DUT to be tested using makes of handset and their associated models. The handsets tested using post-market delivered and test (U)SIMs should be applicable, too.

When you said "networks" I assumed you meant 'carrier'. Given countries vary in the deployment and use of carriers, tests probably need to be conducted based upon a country by country basis. By way of illustration, there would be little point running tests with carriers in the US and then inferring this is good enough for the UK or another country.

Labs tests would be insufficient and real world testing would be needed too. I have posted some ideas in this thread and other threads here at Forensic Focus previously.

I suspect the aims and objectives of any testing may need to state clearly that they are 'forensic tests to a high standard'

The consultation document below is worth reading, too

http//www.homeoffice.gov.uk/publications/about-us/consultations/forensic-science-regulator/digital-forensic-cons?view=Binary

4.13 Software, hardware and software tools whose operation has an impact in obtaining results will require validation, or any existing validation to be verified, as laid out in section 5, Validation of methods.

4.14 The provider shall ensure that, for the range of digital forensics tools it uses, the validation requirements take account of staff competency levels, the nature and difficulty of the tasks to be carried out, and the level of acceptance of the tool in the wider forensic science and criminal justice community.

Well, maybe I am too simple in my carpenter's/hairy reasoner's approach.
This hypothetical test

Alright so just to reiterate.
1) Put 3 SIM cards in 3 phones and set something to call/text them every 10 minutes
2) Provide those 3 phones to 3 separate people that work in my office and ask that they carry them everywhere for a period of time (let's say 1 week).
3) After 1 week, check if/which data was received by the device

cannot, as said, be considered a scientific test by any means and won't represent the ultimate answer to anything, but it will give some data (at no or very little cost).

IF (and only IF) after the one week test you will have a "positive" result, i.e. *nothing* went through, we will know that the bag is an effective RF shielding for a given area and for a set of three given carriers/providers.

In my simplicity, MUCH better than nothing.

It will let us know that (whatever the attenuation in dB the bag provides) three devices were randomly exposed for (say) 120 hours in random places within a given area and sent (5*24*6)

• 720 calls
• 720 sms
• 720 mms

and *nothing*went through.
Anecdotal evidence at it's best, of course, but still useful.

Now about these

Now, how to handle the following

1) Where were my coworkers if/when the bag failed?

Within a given area, in *random* places, I guess that asking them to note down on a piece of paper their location (when they move from somewhere and when they arrive somewhere else) is not much of an issue.

2) What was the "signal environment" in which the device failed? (weather, geography, etc.)

The *whatever* signal present in the *wherever* place they were, it is not important to know that.
Of course, if the people carrying the test just drive form home to office and back (and all live in the same condo) you will have tested over only a very limited area. wink
And one week is of course a too short period, but I assume that 4 weeks would be "enough" to have some meaningful data.

3) How close was the device to a tower when it failed? What is the strength/type of tower it connected to?

Here is the main point, the test MUST NOT fail.
AND if it fails, we don't need to know these, we just need to know where the device was when it failed and repet the test in that area.

4) What was the bag near/around/against when it failed? Was it contorted a special way?

See above and below.

5) Was the bag properly sealed if/when it failed?

Again I guess that if you yourself seal the bag and instruct your co-workers to NOT fiddle with it, there are no issues whatsoever, particularly if the test does not fail.

Now, if the test fails, you know WHERE and WHEN it failed, and you can decide to either do more tests in that area (including measuring signal strength in it) or repeat the test in that area (still not knowing the actual level of signal) with a "higher atttenuation" bag.

If we answer all of these questions (and probably some others I forgot) we might be able to extrapolate some intelligence. And if we do that, we have data for 3 phones, for one set of weather conditions, in one city, in one country, on 3 networks maximum. Is this data useful to you? If so, I'm fine trying it out. In fact, I'm fine sending anyone on this forum 3 of our faraday bags to try it out for a period of time, as long as they share the results with everyone.

I see it as useful.
Let's see the possible results (in a very simplified manner)
The two extremes firsts
PERFECT result NO message went through we now know, that at least in a given area/city, the bag is "safe" D .
TERRIBLE result ALL messages went through we know that the bag sucks big 😯 .

More likely results
GOOD result only a few text messages, and only on one particularly "sensitive" phone make/model went through the bag is good but not 100% safe, if you carry more tests in the same area with that phone, you can find a way to make the bag (by doubling thickness, changing material, using three bags one inside the other, whatever) to become "perfect" (and BTW you can sell the new item as "higher grade" and for more money).

BAD result several text messages, a few mms, and a couple calls were received, by different phones, the bag is good, but not as reliable as expected, you can carry more tests in the same area modifying the bag until you get a GOOD result.

And of course, with some DATA, everyone can interpret those as they see fit and for their specific use, and take their own risks.

If you compare with the way, long before structural engineering was "invented", the ancient populations learned to build structures (they built something and IF it collapsed, re-built that same something, BUT bigger/sturdier) you may appreciate the approach.

Romans built aqueducts having no real idea of loads, tensile strength of materials, seismic load increase, etc., etc. they simply built 'em (and we still have them after 2 thousand years).
They were not "scientific", nor "lucky" they more simply experimented doing things and learned from experience, and BTW this is the same approach all the scientists have used in the past, including Mr. Faraday himself !
http//en.wikipedia.org/wiki/Michael_Faraday

Although Faraday received little formal education he was one of the most influential scientists in history, and historians of science refer to him as having been the best experimentalist in the history of science.

We may consider this approach a tribute to his methods.

jaclaz

Some scientific references
http//www.ce-mag.com/archive/01/Spring/Ogunsola.html

http//www.emcs.org/acstrial/newsletters/winter09/pp2.pdf

The first linked article suggests that currently the only "meaningful" or "appliable" standard is the German Military VG 95373 Part 15

VG 95373 Part 15. This German military standard describes the shielding effectiveness of enclosures.5 The standard covers the frequency range above 30 MHz; between the frequency range of 30 and 200 MHz, a minimum antenna-to-enclosure separation distance of 2.5 m is specified. This distance can be reduced to 1 m for frequencies greater than 200 MHz. The test method specifies that a receiving antenna—which must be small compared with the enclosure under test—be built into the enclosure for the test. Although there are technical problems with this standard, it is currently the only standard applicable to small- and medium-sized enclosures. It is not surprising that the test method described in VG 95373 Part 15 (or variations of it) is used for shielding-effectiveness evaluation of small- and medium-sized enclosures and is favored by manufacturers of conductive plastic enclosures.

Tests like these (examples) made for EMC shielded rack cabinets
http//www.schroff.co.uk/internet/pdf/EMC_Test_BGT_Rugged_en.pdf
http//web.schroff.de/webcat/subgroup/pdf/varistar_emc_test_e.pdf
http//web.schroff.de/webcat/subgroup/pdf/varistar_emc_test_2_e.pdf
actually make seemingly some sense.
More here
http//www.schroff.co.uk/internet/html_e/service/testreports/index.html

jaclaz