In the fast-paced realm of digital forensics, investigators require tools that can keep pace with the evolving challenges they face. Mission Darkness™ understands these challenges and has unveiled a groundbreaking solution: faraday bags and transportable analysis enclosures equipped with shielded USB filters. If you’re a digital forensics professional, this innovation promises to be a notable asset. Here’s why:
1. Preserve Device Integrity with Faraday Shielding
While engaging with a seized device such as a smartphone, ensuring it's shielded from external radio frequency (RF) signals is paramount. This is crucial to prevent attempts at remote wiping, location tracking, unsolicited incoming communications, and chain-of-custody corruption—all potential risks that can compromise the forensic process. The USB filter embedded in many Mission Darkness faraday bags is meticulously designed to maintain the RF shielding, ensuring that the device remains in a secure, isolated state, whether it's being charged or data is being extracted via the filter connection.
2. Swift Action in the Field
The moments following device confiscation can be critical for preserving its data integrity. With the Mission Darkness faraday bags fitted with USB filters, investigators can act immediately. Right after a device is seized, they can initiate the charging or data extraction process, while the device remains isolated from signals. Such instant action can prove invaluable, especially when every second counts. The bags come equipped with a variety of cable tips housed in the accessory pocket to connect to a wide range of devices.
The most popular faraday bags with filters installed are the Mission Darkness Charge & Shield Faraday Bags (as pictured above), available in phone and tablet size, and with a transparent front window or without one.
3. Preventing Before First Unlock (BFU) Mode
There's a looming threat with many smartphones: the dreaded 'BFU' or 'Before First Unlock' which can be caused by a device dying before interrogation, reducing data collection capabilities with forensics tools.
Belkasoft, a leader in digital forensics and cyber incident response software, states:
Before First Unlock refers to the mode an iPhone is in immediately after reboot or power-on when it is yet to be unlocked.
In other words, after you reboot or put on your iPhone, your iPhone enters BFU and it remains in that mode until you input your passcode.
Security experts consider BFU the most secure mode for an iPhone. The files inside an iPhone stay encrypted until a user fills in the required password, which (if correct) is used to decrypt its file system.
To reiterate, Cellebrite, the global leader in partnering with public and private organizations to transform how they manage Digital Intelligence in investigations, explains:
When an iPhone is seized, measures should be taken to ensure that the maximum amount of data can be extracted from the device. An iPhone has two states: After First Unlock (AFU) and Before First Unlock (BFU) extraction.
When in AFU iPhone state, the device has been unlocked at least once after it was powered on. In this state, tools are able to collect a lot of information from the device. If the phone is turned off or loses power, it will revert to the less helpful Before First Unlock mode. Without the user password, BFU iPhone data collection is all you’re going to get.
If you seize an iPhone and it is already powered on, try to keep it that way. This will ensure you can get AFU iPhone data collection.
Simply put, the optimal stage a device should be in from the moment it's seized until the point it can be investigated is live, AFU, and shielded. The second best option is shielded, that way you can recover some data and potentially find leads for your case. When left unshielded, you risk the chance of the device being remotely wiped, eliminating all device data.
With the charging capability of our faraday bags, investigators can keep devices shielded and powered, effectively avoiding BFU and ensuring the most data accessible.
The two types of transportable shielded charging solutions are: faraday bags with battery kits and faraday bags with filters.
- Farady bags with battery kits (like the Mission Darkness NeoLok Faraday Bag for Phones with Battery Kit) placed inside of the bag only offer a temporary charging solution. This may be enough to keep the device powered on for a few days, but it is problematic if not investigated in time before both the battery and device runs out of power.
- Faraday bags with filters offer a long-term charging solution. The device is able to receive power by connecting the bag to a battery or outlet.
Order of Preferred Faraday Solutions
Best option: a faraday bag with a USB filter will keep a device shielded and powered indefinitely. An extraction tool can be connected directly as well. This is the more expensive solution, reserved for significant cases.
Second best option: a faraday bag with a battery kit will keep a device shielded and powered for a short period (days). It's a more cost-effective solution than faraday bags with filters, but limited in charging capabilities.
Third best option: a standard faraday bag that will keep the device shielded. It should be lab tested and certified high-shielding, not just an anti-static bag or cheap disposable faraday bag. This is the most cost-effective solution that can be deployed widely.
No protection (not recommended): simply checking a device into evidence unshielded is the riskiest option, potentially providing less access to recoverable data. This allows the device to be tracked, wiped, and returned to BFU state.
4. Shielded USB Filter Offers Device Connectivity
Mission Darkness’s faraday bags with shielded USB filters offer a seamless connection experience. Once a device is inside the bag, it connect to an inner USB hub using a USB extension cable plus one of the provided USB cable tips. The extension cable makes it easier to connect to the filter instantly. On the bag's exterior, a power source (such as a power bank during transport or outlet while awaiting interrogation) or extraction tool can be linked, facilitating a streamlined approach to device handling.
Mission Darkness offers a variety of faraday bags that come equipped with a USB filter and cable set. These bags are designed with a patented NeoLok™ magnetic closure which allows it to be easily opened inside of a forensic box with conductive gloves. They are also compatible with the Mission Darkness Blocker Locker and the Mission Darkness Forensic Crack Cabinet, mobile device charging evidence cabinets. Additionally, almost all Mission Darkness faraday bags can be modified to have one or more filters inserted, should a customer request this customized product. In addition to shielded USB filters, we also offer other filter types, such as RJ45 ethernet port, that can be installed int a product. Contact us for further information.
Example of a stock bag (Mission Darkness Charge & Shield Faraday Bag) equipped with a shielded USB filter.
Example of a custom modification bag (Mission Darkness T10 Faraday Bag for Towers) equipped with a shielded USB filter.
Example of a stock soft-sided analysis enclosure (Mission Darkness BlockBox Touch USB) equipped with a shielded USB filter and conductive glove allowing device screen operation.
5. Tailored for Forensic Needs
Beyond just RF shielding, the inclusion of a USB filter means investigators no longer have to make a choice between charging a device and ensuring its RF isolation. This dual capability offers a significant advantage in forensic scenarios, where the integrity of the device and its data is of utmost importance.
In conclusion, the fusion of shielded USB filters in Mission Darkness's faraday bags is more than just a feature; it signifies an evolution in digital forensics tools. By blending trusted RF shielding with the flexibility to either charge or extract data, investigators are positioned for greater success in their crucial operations. In a domain where the right tools can set the trajectory of an investigation, these enhanced faraday bags ensure you're always equipped for the challenge.
