Image of a cell phone connected to the Mission Darness™ Window Charge & Shield Faraday Bag, a portable faraday enclosure with an RF shielded filter offering long-term charging and data extraction capabilities
Why Do Digital Forensics Investigators Need to Keep Devices Charged and Live?
When a digital device is seized as part of a criminal investigation, it is important to not only transport it in a secure RF shielded enclosure, but also keep it charged and live until it is examined by a digital forensics investigator. These combined efforts enables maximum password and data recovery using tools such as GrayKey, Cellebrite, XRY, and others. Keeping the device isolated from wireless signals prevents chain of custody corruption and remote wiping. The reason the device should stay powered on is because digital forensics tools rely on a live device to access data and recover passwords. These tools use various methods to bypass security measures and gain access to the device’s data, including brute-force attacks, dictionary attacks, and other techniques.
How to Charge and Shield a Device
In order to charge and shield a device during transport, a specialized faraday enclosure must be used. There are a few different options depending on end-use and expected time between device seizure to interrogation, which offer short-term or long-term charging capabilities.
For short-term transport, using a rechargeable battery inside of a faraday bag to keep the device live offers a cost-effective and simple solution. However, this solution only offers a limited amount of power until the battery runs out.
Short-Term Charging Solutions — Faraday Bags With Battery Kits
A long-term shielded charging solution is required if the expected time period between seizure and interrogation is longer than a day. For this, a special faraday bag with an RF shielded filter should be used, to connect to an unlimited power source. The filter also allows for data extraction.
Long-Term Charging Solutions — Faraday Bags With RF Shielded Filters
Having a live and charged device can greatly increase the chances of successful data recovery and password cracking. This is because some devices have security features that may be triggered if the device is turned off or if the battery runs out. For example, some devices may automatically erase data or lock down the device if too many incorrect passcode attempts are made.
Tools such as GrayKey, Cellebrite, XRY, and others can be used to bypass these security measures and gain access to the device’s data. These tools use advanced algorithms and techniques to analyze the device’s file system, recover deleted data, and extract information that may be useful in an investigation.
Image of a device connected to GrayKey, inside of the Mission Darkness™ BlockBox Lab, an RF shielded box used for device interrogation
Use the Right Tools to Extract the Most Data
However, it is important to note that these tools are not foolproof and may not work on all devices. They also require specialized training and expertise to use effectively. In addition, the legality of using these tools may vary depending on the jurisdiction and the circumstances of the investigation.
In conclusion, special faraday enclosures with charging capabilities keep a device uncompromised, charged, and live until it can be examined by a digital forensics investigator, in order to increase the chances of successful password and data recovery. Contact us if you'd like to discuss the best faraday products to use for all device processing stages ranging from seizure to analysis.
