Original Post Date: November 24, 2014
Potato Chip Bags and False Promises
Before we begin this particular article, a brief explanation
is necessary…
As was mentioned in previous articles, your author, Patrick
Siewert, is a former law enforcement officer and current law enforcement
instructor (switching to first person).
As such, my career has taken me along two very interesting, yet very
different paths – Technical and Tactical.
I instruct law enforcement officers on many different things,
concentrating mainly on Active Shooter / Terrorism response, but have also
developed and delivered many trainings and presentations on high tech crime
investigation, case studies & digital forensics.
Recently, I attended another tactical trainer course given
by the Advanced Law Enforcement Rapid Response Training (ALERRT) group out of Texas State University in
San Marcos, TX. Tactical cops are
fun. They know how to laugh and play and
still get the most value out of outstanding training such as this. But they rarely (if ever) cross over into any
real technical expertise (present company excluded). So it annoyed me, as a Digital Forensic
Professional, when one of my classmates stood up in front of the entire class at
lunch one day and professed that foil potato chip bags act in the place of a
faraday bag or other signal-blocking device to cut off network access to mobile
devices when said devices are seized by patrol officers and/or
investigators. You see, out of the
hundreds (if not thousands) of hours of training I’ve been to, the litany of
articles I read every week on current digital forensic practices and years of
hands-on experience with digital forensics, I have never heard that a potato chip bag acts as a makeshift faraday bag
for even temporary storage. This
irritated me, so I blurted out from the back of the room “make sure to test and
validate that before you employ it, folks!”
I don’t think anyone heard me.
So I decided to test it myself, right then & there. I turned to the guy next to me, a former
co-worker, and proposed that whichever one of us was finished with our potato
chips first, (they were provided in our catered lunch for the day) we’d test
this theory that now had at least 20 other cops in the room thinking they knew
something no one else did. My partner
finished his chips first and put his county-owned iPhone 5 into the potato chip
bag and called it from his personal phone.
No connection. Then we reversed
the test. He put his iPhone 6 Plus into
the potato chip bag and called it using the iPhone 5. The call went through as normal. Myth busted in under 3 minutes.
This “armchair” testing and validation of an obvious
horrible practice raised a bigger question… What else is being spread around
the law enforcement community as fact insofar as digital forensics that is, in
fact, patently false? It’s disturbing to
even think about.
The next day, I tried to speak to our classmate about his
prophecy. I approached him from a place
of knowledge without handing him a copy of my resume. He was, after all, an accomplished combat
veteran and medic – not a stupid man by any means. I fear my admonishments fell upon deaf ears.
But I couldn’t help but think that if he would just set his ego aside and
really listen, he might understand that I’m actually trying to help him. Think about it… if you seize a phone (or any
electronic device), it is considered evidence.
Does it really sound like a
good idea to store evidence in a potato chip bag? Of course not. It’s absurd!
Even if it worked, it just sounds absurd. Several other much more reasonable means have
been vetted for the temporary storage of portable digital media devices to
prevent them from gaining network access such as storing them in an all-metal
paint can or wrapping them in heavy duty tinfoil. But we also need to bear in mind that the
antennas and software on these newer devices are getting stronger and more
discriminating to increase potential usage, so with each iteration, these measures
need to be tested and validated… and it’s not just every time a new device is
put out on the market. The difference in
cellular carriers bears heavy weight on whether or not these measures will work
as well. There’s much more to consider
than plopping your Samsung Galaxy 5 into an Utz potato chip bag and hoping for
the best.
And in the spirit of “plan for the worst and hope for the
best”, this practice also falls short.
Let us say, for example, that an officer seizes a mobile device in a
homicide case or a child exploitation case and that device turns out to be a
vital piece of evidence. The case comes
to a motion hearing or to trial and the officer is subpoenaed to testify in
front of a judge and/or jury about the measures he took when the device was
seized. How does it sound to the layperson
that the officer put a crucial piece of evidence into a potato chip bag? It sounds ridiculous, right? Of course it does. It’s a potato chip bag! What’s more, no one ever trained anyone to do
that. It cannot be justified or explained. What’s the rationale for doing that? Some guy at some class told me it works? It’s just complete nonsense.
This example is not intended to bash anyone’s good
intentions or pick on a certain segment of the law enforcement community. Rather, it’s brought to light here as an
example of why we need to think more critically about the methods we employ and
test & validate those methods before actually putting them into
practice. Even if it worked like a
charm, I’m pretty sure every reputable digital forensic professional society
would denounce this practice as simply bad.
Maybe they actually know what they’re talking about… Just some food for
thought.
Author:
Patrick J.
Siewert
Owner, Lead
Forensic Examiner
Professional
Digital Forensic Consulting, LLC
Based in
Richmond, Virginia
Available
Globally
Ph: 804.588.9877
Web: www.ProDigital4n6.com
