This may seem like a simple topic, but it’s certainly an important one. It seems that this question is often misunderstood, so perhaps it’s a likely place to begin with our first blog post. I will do my best to explain the differences between different signal isolation solutions on the market in relation to forensics.
Why do we need to isolate wireless devices from RF signals/EMI?
Many reasons exist for isolating or shielding wireless devices, but our focus is on law enforcement and military use. The following applications are the most common within the space.
-
- Digital forensics / mobile device forensics
- Clandestine operations
- Secure facilities BYOD management
This post will cover how to choose a bag specifically for digital forensics and mobile device forensics.
Digital Forensics / Mobile Device Forensics
Forensic investigators seize devices such as cell phones, laptops, tablets, smart watches, GPS units, etc., at crime scenes or directly from criminal suspects. Three primary issues require the use of signal-blocking technology immediately after device seizure.
- Evidence integrity: to make sure no text messages, GPS points, emails, etc., enter or leave the device after the point of seizure
- Remote wiping or locking: iCloud and other services allow devices to be remotely wiped or locked in an instant
- Remote locating: law enforcement and military are vulnerable to being remotely located with devices seized from criminal suspects
Although powering devices off is a seemingly good solution, in practicality this procedure is flawed. The investigator may accidentally leave a device powered on, the device may “refuse” to power off, or there may simply not be enough time to power multiple devices off. Faraday bags offer a secure alternative that virtually eliminates the potential for human error.
Keeping digital evidence effectively shielded is of grave importance. Lives may be lost and criminals let free if digital evidence is corrupted. For this reason, forensics requires faraday bags with the highest shielding. As a purchasing manager, or even a forensics investigator, it may not be apparent which products actually offer the highest shielding or the right characteristics. Numerous signal isolation solutions claim to be "forensic," but this may simply not be the case. The following guidelines can help offer clarity into which type of bag to choose.
Do I even need a faraday bag? What about a paint can or a piece of faraday fabric?
Faraday bags are designed to isolate digital evidence from RF signals while paint cans and pieces of faraday fabric are not. How many layers of fabric should you wrap around the device? Is it closed completely? What kind of paint can should I use? If you answer these questions yourself and think your solution is good enough, you’re leaving the integrity of your evidence entirely up to chance.
Products geared towards preppers or consumers may not offer adequate shielding or account for forensic needs. Forensics is already difficult—don't leave human error in the picture!
What makes a specific faraday bag a "forensic faraday bag?"
Many types of cheap, consumer grade faraday bags exist and, "semi-forensic" solutions complicate the landscape. A few important characterizes can help determine whether a faraday bag is truly suitable or not for forensics use.
CLOSURE METHOD
The way a faraday bag closes is integral to its ability to shield. A bag that closes with with a single flap, like an envelope, is certainly more convenient to use than a double roll. Consumers with less of a requirement for shielding reliability (i.e. it’s ok if the bag fails every once in a while) may prefer this configuration, but forensics should never use single flap closures.
A double roll closure relies on pressure to maintain contact between faraday layers, as well as plenty of surface area to account for any small impeding particles or material imperfections. This ensures that the faraday bag can shield properly.
Forensics requires a double roll closure method to maintain adequate faraday material surface area and contact pressure. Bags with single flap closures are not designed for forensics.
Double roll and Velcro closure
Double roll and NeoLok™ magnetic closure
For users that transfer faraday bags to analysis enclosures or forensic boxes, like the BlockBox Lab, faraday bags with a NeoLok™ magnetic closure are preferred.
The magnetic seal is the most secure faraday bag closure method, preferred for long-term evidence storage and forensic use. It opens easily inside of an analysis enclosure without worry of damaging conductive gloves (opposed to bags that use harsh Velcro or need to be cut open).
MATERIAL LAYERS
Faraday bags made with a single layer of faraday fabric are unlikely to shield all wireless signals in all situations, specifically 5G and Wi-Fi. It’s important to achieve a high level of shielding with two layers or more of fabric on each side. Flat bags will have four layers total, while dimensional bags with continuous fabric may have two layers. Both are equivalent in shielding. These high shielding bags are called “dual paired seams."
Single layer faraday bag - consumer grade
FARADAY FABRIC MATERIALS
Not only is it important to have dual paired seams, but the types of materials are also imperative to the effectiveness of any faraday bag. Faraday fabric is metallized fabric. It is made of highly conductive metals like silver and copper. These metals are not cheap, so high-quality faraday fabric is not either. If you see a faraday bag for $10, just remember that you get what you pay for. The metals used are likely to be less conductive, such as tin or nickel. Less conductivity results in less effective signal attenuation.
Anti-static bags (or metal-coated plastic bags) are not forensic faraday bags! Many companies offer anti-static bags, marketed as EMP bags or bug out bags. Almost always these are not high-shielding and should not be relied upon for forensics. "If you put enough of them around the device and seal it with tape...it can work," is not a phrase you want to hear from your investigator.
This particular metalized fabric offers shielding capability, but at 24dB attenuation it's not high-shielding. It's also important to use fabrics that can sustain long-term bending and folding, while being as resistant as possible to the elements. Not all bags include the right fabrics.
This metalized fabric offers 70-80dB attenuation, which puts it in the high-shielding category. All Mission Darkness faraday bags include at least two layers of high-shielding TitanRF™ Faraday Fabric on all interior sides with dual paired seam construction (TitanRF Faraday Fabric is lab certified MIL STD 188-125 compliant).
FORENSIC FEATURES
Mission Darkness faraday bags include a unique serial number on each bag, a necessity for police departments and corporations looking to track the assets they purchase. If a department includes multiple evidence-handling units, serial numbers can help the bags end up back at their respective units. Mission Darkness bags also include a Velcro-sealable pocket on the backside. This business card sized pocket provides a means to personalize each bag. If a more permanent solution is required, stickers can be printed online and adhered to the plastic on the pocket.
Unique serial numbers assist with chain of custody maintenance as well as internal asset tracking.
This pocket is sized for a business card, to make sure your bags stay within your unit or department. Place an identifying card or order custom stickers for a more permanent solution.
I tested a faraday bag and it shields cell signals, that’s good enough right?
Many factors influence the characteristics of signal attenuation, even down to the weather. It's beyond the scope of this post to discuss all of those factors, so we can focus on a few general characteristics of signals and signal isolation.
-
- IN GENERAL, 5G cell signals are more difficult to shield than 4G
- Wi-Fi is more difficult to shield than cell signals
- Industrial routers (like those in airports or big office buildings) emit higher power so they are harder to shield
- Bluetooth, GPS, RFID are easier to shield than Wi-Fi and cell signals
- Wi-Fi within 10 feet of a router will be much harder to shield than Wi-Fi 30 feet away
- Cell signals under a tower will be harder to shield than cell signals far away from a tower
- Small packets of data like text messages may penetrate an isolation enclosure while continuous packets of data like a call may not be effective
- Because of the large range of possible situations, it's simply not sufficient to quickly try a faraday bag and say it works
Short of performing lab tests, however, we can make a testing recommendation. A decent at-home test would be to place a latest generation device in a faraday bag, place the bag right next to as high power of a router as you can find, and send text messages to the device. If the messages do not go through to the isolated device, the bag is likely performing well. Additionally, move to an outside area close to a cell tower, in as flat of an area as possible. Perform the same text message test, and make calls. This scenario can offer reasonable assurance that your faraday bag will shield in a wide range of situations.
Mission Darkness also offers a free testing app for performing shielding tests with a cell phone. The app is designed to test the signal blocking strength of any faraday bag or RF enclosure to determine whether it completely or only partially blocks signal transmission. The app is called "Faraday Test" for iOS and "MD Faraday Bag Tester" for Android.
Conclusion
Hopefully this post offered a few pointers to help clarify what to look for when purchasing a forensic faraday bag. Many faraday bags on the market make big claims but simply miss the mark in performance. It's important to remember that you truly do get what you pay for, and to purchase a proven solution. Mission Darkness bags offer high performance shielding with mandatory forensic features.
