Friday, January 2, 2015
Potato Chip Bags & False Promises
Original Post Date: November 24, 2014
Potato Chip Bags and False Promises
Before we begin this particular article, a brief explanation is necessary…
As was mentioned in previous articles, your author, Patrick Siewert, is a former law enforcement officer and current law enforcement instructor (switching to first person). As such, my career has taken me along two very interesting, yet very different paths – Technical and Tactical. I instruct law enforcement officers on many different things, concentrating mainly on Active Shooter / Terrorism response, but have also developed and delivered many trainings and presentations on high tech crime investigation, case studies & digital forensics.
Recently, I attended another tactical trainer course given by the Advanced Law Enforcement Rapid Response Training (ALERRT) group out of Texas State University in San Marcos, TX. Tactical cops are fun. They know how to laugh and play and still get the most value out of outstanding training such as this. But they rarely (if ever) cross over into any real technical expertise (present company excluded). So it annoyed me, as a Digital Forensic Professional, when one of my classmates stood up in front of the entire class at lunch one day and professed that foil potato chip bags act in the place of a faraday bag or other signal-blocking device to cut off network access to mobile devices when said devices are seized by patrol officers and/or investigators. You see, out of the hundreds (if not thousands) of hours of training I’ve been to, the litany of articles I read every week on current digital forensic practices and years of hands-on experience with digital forensics, I have never heard that a potato chip bag acts as a makeshift faraday bag for even temporary storage. This irritated me, so I blurted out from the back of the room “make sure to test and validate that before you employ it, folks!” I don’t think anyone heard me.
So I decided to test it myself, right then & there. I turned to the guy next to me, a former co-worker, and proposed that whichever one of us was finished with our potato chips first, (they were provided in our catered lunch for the day) we’d test this theory that now had at least 20 other cops in the room thinking they knew something no one else did. My partner finished his chips first and put his county-owned iPhone 5 into the potato chip bag and called it from his personal phone. No connection. Then we reversed the test. He put his iPhone 6 Plus into the potato chip bag and called it using the iPhone 5. The call went through as normal. Myth busted in under 3 minutes.
This “armchair” testing and validation of an obvious horrible practice raised a bigger question… What else is being spread around the law enforcement community as fact insofar as digital forensics that is, in fact, patently false? It’s disturbing to even think about.
The next day, I tried to speak to our classmate about his prophecy. I approached him from a place of knowledge without handing him a copy of my resume. He was, after all, an accomplished combat veteran and medic – not a stupid man by any means. I fear my admonishments fell upon deaf ears. But I couldn’t help but think that if he would just set his ego aside and really listen, he might understand that I’m actually trying to help him. Think about it… if you seize a phone (or any electronic device), it is considered evidence. Does it really sound like a good idea to store evidence in a potato chip bag? Of course not. It’s absurd! Even if it worked, it just sounds absurd. Several other much more reasonable means have been vetted for the temporary storage of portable digital media devices to prevent them from gaining network access such as storing them in an all-metal paint can or wrapping them in heavy duty tinfoil. But we also need to bear in mind that the antennas and software on these newer devices are getting stronger and more discriminating to increase potential usage, so with each iteration, these measures need to be tested and validated… and it’s not just every time a new device is put out on the market. The difference in cellular carriers bears heavy weight on whether or not these measures will work as well. There’s much more to consider than plopping your Samsung Galaxy 5 into an Utz potato chip bag and hoping for the best.
And in the spirit of “plan for the worst and hope for the best”, this practice also falls short. Let us say, for example, that an officer seizes a mobile device in a homicide case or a child exploitation case and that device turns out to be a vital piece of evidence. The case comes to a motion hearing or to trial and the officer is subpoenaed to testify in front of a judge and/or jury about the measures he took when the device was seized. How does it sound to the layperson that the officer put a crucial piece of evidence into a potato chip bag? It sounds ridiculous, right? Of course it does. It’s a potato chip bag! What’s more, no one ever trained anyone to do that. It cannot be justified or explained. What’s the rationale for doing that? Some guy at some class told me it works? It’s just complete nonsense.
This example is not intended to bash anyone’s good intentions or pick on a certain segment of the law enforcement community. Rather, it’s brought to light here as an example of why we need to think more critically about the methods we employ and test & validate those methods before actually putting them into practice. Even if it worked like a charm, I’m pretty sure every reputable digital forensic professional society would denounce this practice as simply bad. Maybe they actually know what they’re talking about… Just some food for thought.
Patrick J. Siewert
Owner, Lead Forensic Examiner
Professional Digital Forensic Consulting, LLC
Based in Richmond, Virginia
Ph: 804.588.9877Web: www.ProDigital4n6.com