Enhancing Digital Forensics: A Guide to Using a Faraday Box with a Mounted Camera

Digital forensics is a vital component of modern investigations, from criminal law to corporate and cyber security. Among the various tools and techniques employed in this field, faraday boxes (radio frequency shielding enclosures) have become crucial for preserving electronic evidence, particularly that which is held on device screens. Innovative tools and techniques are continually being developed to meet this need, one of which involves the use of a hands-on faraday box with a mounted camera for capturing images of device screens securely. In contrast to a conventional tripod mount, this setup offers distinct advantages pertinent to the demanding requirements of digital forensics. This blog post aims to guide digital forensics investigators through the process of using a hands-on faraday box with a transparent window equipped with a mounted camera for effectively documenting screen evidence. The camera can be mounted internally or externally; read on to learn the benefits of both options.

A faraday box, also known as a faraday cage, is a structure designed to block electromagnetic fields. Named after the scientist Michael Faraday, who invented it in 1836, the faraday box is crucial in many areas of technology and science, including digital forensics.

In the context of digital forensics, a faraday box can be used to isolate electronic devices from external radio frequency signals, preventing any incoming or outgoing transmissions. This is critical when analyzing electronic devices like smartphones or tablets, as it allows investigators to view and document the device's current state without worrying about remote wiping or data alteration. These boxes used in digital forensics inestigations have transparent windows and conductive gloves built into the box allowing interaction with the contents inside, including touch-screen device interrogation and analysis. There is a wide variety of these types of boxes, which offer different features, filters, and accessory components (such as a camera mount).

Some techniques for documenting digital evidence include photographing device screens and recording the entire interrogation process. To capture device screens in digital forensics, you'll need to take photographs or videos without introducing any additional interference or risking any data alteration. This is where a faraday box with a mounted camera comes into play.

Mounting a camera to the interior or exterior window of the faraday box provides numerous advantages:

• Consistent Angle and Position: The camera is always positioned at the correct angle to the device screen, ensuring consistency in the photographs and minimizing the risk of evidence loss due to improper positioning.

• Efficiency: The camera can be left in place even when the box's lid is opened. This saves time and allows for a faster investigation process.

• Reduced Risk of Tampering: Since the camera is mounted on the box, there's less chance of accidental alteration or tampering with the evidence.

• Maintains Organization: A mounted camera not only maintains procedural organization, but also eliminates clunky setups utilizing cables and tripods.

The options listed below are variations of the Mission Darkness™ BlockBox Lab XL that include a camera mounted internally and externally.

Webcam Mounted Internally and Connected Tablet Mounted Externally

This variation includes an optional Anker PowerConf C200 2K Webcam mounted internally to the lid, connected to a Microsoft Surface Pro 7+ Tablet mounted externally to the lid. A shielded USB filter through the lid enables connectivity. The camera offers ultra-clear resolution from a wide field of view allowing users to view and record device interrogations. The Surface Pro 7+ offers high-speed performance, giving you premium laptop power from a powerful tablet. *While it's possible to purchase this variation without the tablet inculuded, it's advised against using untested tablets with the product due to compatibility issues. However, for bulk inquiries, the company offers to test the compatibility of different tablets upon request.

Main Benefits:

• Clearest Photo and Video Option: A camera positioned directly above the device will produce better quality photos and videos than a camera capturing images through a shielded window.
• Webcam Mounted Internally: The webcam takes up little space internally, has a wide field of view, and can have the angle adjusted.
• Comfortable Viewing Experience: Using a tablet for a viewing screen provides comfortable viewing for the investigator, since they do not need to hover over the shielded window for analysis.
• Tablet Connected: The recommended Microsoft Surface Pro 7+ Tablet clearly displays the internal investigation, offers high-speed performance, and can be used in a variety of ways for capturing data plus additional capabilities.
  
  

Main Drawbacks:

• Limited Webcam Interaction: The user has some, but limited access to the webcam once the lid is closed.
• More Expensive Option: This variation utilizes more expensive components, such as the shielded USB filter through the lid and the recommended Microsoft Surface Pro 7+ Tablet, increasing the overall cost significantly.

External Camera Mount With or Without Camera

This variation includes a camera mount on the external side of the lid, with an optional Canon T6i camera. This allows users to photograph evidence and device screens through the shielded window.

Main Benefits:

• Effective Positioning: The camera doesn't need repositioning, offering consistency with photos and videos captured.
• Camera Connected: The recommended Canon T6i camera clearly displays the internal investigation and offers high-quality performance.
• Affordability: This variation is more affordable because it doesn't require a shielded USB filter through the lid.
  
  

Main Drawbacks:

• Limited Viewing: The shielded window is transparent, but reduces the image and video quality. Additionally, the user is limited to viewing the device through window dimensions.

Most faraday boxes do not come equipped with a mounted camera. The Mission Darkness™ BlockBox Lab XL is an example of a faraday box specifically designed for digital forensics investigations that offers camera mount add-ons, either attached internally or externally to the lid. Otherwise, an off-the-shelf camera mount can be permanently attached to a faraday box lid using an adhesive like epoxy (assuming there is enough usable space on the lid for this type of attachment). Drilling into a faraday box lid or piercing the structure will degrade the shielding capabilities and is not recommended.

Be aware that each time the box's lid is opened, there's a risk of tampering, remote wiping, or accidental alteration of the evidence, therefore the device should remain isolated inside of the box or a separate faraday bag for the duration of the investigation.

Here's a step-by-step guide on how to use a faraday box with a mounted camera.

Ensure that the camera is securely mounted in a fixed position above, facing toward the screen of the device that will be placed inside the box. The camera should have manual focus capabilities, to allow for precise adjustments and ensure the device's screen is perfectly in focus.

Place the device whose screen you want to photograph inside the faraday box, facing the camera. Align the device such that the entire screen is in the frame of the camera.

Adjust the camera settings to capture the screen correctly. This usually involves setting the camera to manual mode and adjusting the exposure settings to suit the brightness of the screen. Make sure to use a low ISO setting to minimize image noise and a fast shutter speed to freeze any screen animations.

With everything set up, you're ready to start capturing images or videos of the screen. Take multiple shots, ensuring you have a clear, well-lit image of the screen that is easily readable and ready for analysis.

After capturing the images, transfer them securely to your forensic workstation for analysis. Ensure this process adheres to your standard operational procedures to maintain the integrity of the evidence.

At first glance, a handheld camera or a camera attached to a tripod might seem like viable options for taking photographs and videos of device screens. However, in the context of digital forensics, there are a few reasons why these options are not ideal.

The tripod must be rearranged each time the box's lid is opened. This constant rearranging leads to inconsistency in the photo's angle and position, resulting in reduced image quality and potential loss of vital evidence. This is the same if someone were to manually hold the camera above the window for photo documentation.

Cutting corners like this becomes more time-consuming in the long run.

The use of a faraday box with a mounted camera significantly improves the process of preserving and documenting evidence on device screens. By eliminating the need for constant repositioning of a camera, this method allows for consistent, high-quality evidence collection while minimizing the risk of evidence tampering. Therefore, it's an excellent feature for any digital forensics investigator's toolkit.

Remember, it's always important to follow proper protocol and legal guidelines when conducting digital forensics investigations. Happy investigating!