±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36775
New Yesterday: 0 Visitors: 121

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Faraday Protection

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4  Next 
  

Forensication-can-be-fun
Member
 

Re: Faraday Protection

Post Posted: Mar 20, 09 19:07

Does anyone out there have experience with Faraday tents/cages? whats the verdict?  
 
  

Forensication-can-be-fun
Member
 

Re: Faraday Protection

Post Posted: Mar 20, 09 20:26

Thanks for your response Trewmte, I am primarily concerned with the overwriting of stored data by incoming transmissions, calls, deleted text messages, etc. Certain tools on the market are now able to recover deleted data in much more detail than previously available, this necessitates the prevention of incoming transmissions, thereby preserving this deleted information. I am aware that as soon as the handset is powered on certain information is updated and therefore changed, but steps have to be taken to ensure that stored data remains unchanged as a result of the examination process.  
 
  

bigjon
Senior Member
 

Re: Faraday Protection

Post Posted: Mar 20, 09 21:27

FCBF OVERWRITING OF STORED DATA? TEXT MESSAGES WILL NOT BE OVERWRITTEN AS THEY DONT ENTER THE HANDSET AS SUCH, THERE IS A MESSAGE DISPLAYED TO TELL YOU THERE ARE MESSAGES WAITING TO BE READ,INDEED IF YOUR INBOX WAS FULL YOUR HANDSET WOULD NOT LET YOU READ THE WAITING MESSAGES UNTILL OTHERS ARE DELETED BY YOU, THE ONLY ITEM BOX YOU WILL OVERWRITE IS THE MISSED CALLS DIRECTORY,( AS THE HANDSET IS POWERED UP YOU MAY "RECEIVE" A CALL)
When you power on SOME handsets they update yes....but this is done by the internal clock/calendar setting so your faraday cage wont help you anyway as it doesnt need the airwaves to do it.
Lastly Home office rules state that post seizure text messages not only CAN be read they MUST be read, now if you use your Faraday cage to protect yourself from airwaves and, presumably you would the copy some details of SIM to access handset, when do you get YOUR post seizure messages FARADAY?....no thanks  
 
  

Forensication-can-be-fun
Member
 

Re: Faraday Protection

Post Posted: Mar 20, 09 22:14

- bigjon
FCBF OVERWRITING OF STORED DATA? TEXT MESSAGES WILL NOT BE OVERWRITTEN AS THEY DONT ENTER THE HANDSET AS SUCH, THERE IS A MESSAGE DISPLAYED TO TELL YOU THERE ARE MESSAGES WAITING TO BE READ,INDEED IF YOUR INBOX WAS FULL YOUR HANDSET WOULD NOT LET YOU READ THE WAITING MESSAGES UNTILL OTHERS ARE DELETED BY YOU,


Apologies: Overwriting of deleted messages, primarily on the SIM if the "slots" arent full, and also on the handset.  
 
  

trewmte
Senior Member
 

Re: Faraday Protection

Post Posted: Mar 20, 09 23:08

- Forensication-can-be-fun
Overwriting of deleted messages, primarily on the SIM if the "slots" arent full, and also on the handset.


F-c-b-f if you read the SIM first before handset you wouldn't lose deleted text messages.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

pbeardmore
Senior Member
 

Re: Faraday Protection

Post Posted: Mar 21, 09 13:01

I am new to the phone side of forensics so sorry if this is a stupid question. Completely understand that you would do the SIM card first, but would you not need to check the date and time setting on the phone before removing the card? and this brings us back to the requirement for faraday protection.  
 
  

trewmte
Senior Member
 

Re: Faraday Protection

Post Posted: Mar 21, 09 15:24

- pbeardmore
but would you not need to check the date and time setting on the phone before removing the card? and this brings us back to the requirement for faraday protection.


Hi pbeardmore, there is no definite position or mandatory requirement or legal enabler that prescribes that a procedure for radio dempening/barrier measures to be used or must be used.

No you wouldn't need to check the handset clock first unless the officer/defence solicitor specifically thought it had a bearing on a case. Unlike computer forensics, mobile phone forensics seeks to establish accuracy on timing matters from the clock details recorded in the mobile network records and not the user defined clocks which are invariably inaccurate. The overriding position is to deal with mobile phones on a case by case basis, using methodology best suited to the make/model under examination.

Use of radio dampening fields/barriers are not being used to be able to see the date and time stamp on a mobile phone and you wouldn't use dampening/barriers for that purpose, unless you are thinking about a particular mobile phone that is sync'd to a particular mobile network clock. In which case:

a) as soon as a device is within dampening/barriers causing loss of sync with network what happens to the handset clock?
b) what about business enterprise devices sync'd clocks with servers that where a break in network connection sync timing could be critical to data being wiped?
c) in the case of mobile phones subscription, how many actually pay for a subscription for their devices to use GSM network clock and in which countries do the operators actually provide the mobile network sync clock service?

None of the above suggests any reason for the promulgated position of blanket approach always use faraday bags/barriers; which is analogous to the notion of suggesting I'll have Ketchup with eveything.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 


Last edited by trewmte on Mar 21, 09 21:12; edited 1 time in total
 

Page 2 of 4
Page Previous  1, 2, 3, 4  Next