Monday, December 22, 2014

EDC - Mobile Forensics Toolkit


Didn't mention it in the previous post toolkit post, but EDC is the acronym for Every Day Carry. Basically it is what you would carry, on your person, in terms of tools for your everyday life requirements. For most people this comes down to flashlight, pocket knife, sun glasses, watch, etc ... While I will admit to the guilty pleasure of occasionally browsing some of the EDC forums, I've found them to be lacking in work focused materials.

My EDC kit for mobile forensic is not as mature or as well abused as the one I created for computer forensics, but it has come in handy on multiple occasions.


The basic design follows the same contraints that I outlined in the previous post on the computer forensics EDC. Has to be small, sturdy, and portable. For the most part I attempted to avoid having to much functional overlap between the two EDC kits. If I ended having to throw both into a pack, I didn't want to be carrying extra weight.

The packaging is the same as the other EDC, a "Maxpedition Mini Pocket EDC". For whatever reason, manufacturing changes or just stretching of the material, this one would appear to be slightly smaller than my first one.  I think I would have trouble cramming the computer forensic EDC components into this one.

Image: Front of the tool kit.

Image: back of the toolkit

And for the unzippered reveal (see below).  The items I have in the kit are primary concerned with the seizure, disassembling of mobile devices, accessing JTAG/testpoints, or chip off activities. Predominantly tasks you would not do in a field expedient manner or location, however if you had a bent pin, a gunked up connector, the need to swap parts from a donor device, or keep a device powered .... you are covered.

Image: Interior of the tool kit.

Here are the close up shots. 


Image: Right hand side contents.


    1. China markers (AKA grease pencils). These can be used to mark smooth surfaces which the permanent markers can not.
    2. ESD Needle Nose Tweezers - You never know when you need to fish a stuck card from a slot, or to un-bend a pin. Good tweezers can be hit or miss. ESD is always a good thing.The other issue is that is if you go cheap you tend to end up with a tweezer which has a problem with closure between the teeth of the two sides. This will really affect your ability to grip,, often leading to a large amount harsh words as you crawl around looking for a tiny screw.
    3. Small Suction Cups - A good way to get that extra grip or traction on a slippery smooth case surface. You probably can't see it in the picture, but there is a small white plastic grip at the top. Provides a nice means to grab and pull.
    4. Dental Pick - I've mainly used it as a means to ungunk a connector or unbend a pin. 
    5. Small Stylus -  For those times when you don't want to get overly familiar with a touch screen device. 
    6. Small Metal Ruler - For all your measuring needs.
    7. Fiber Glass Pen (the red barrel next to the brush) - For when you need to remove a layer of lacquer covering a testpoint.
    8. ESD Brush - Phones are very personal items which can get covered in all manners of evil sludge in hard to reach places i.e. connectors. You can't get a data connection with a cable if you have a layer of grime. The previous one I had in my kit I gave to an investigator after hearing about his successful repair and extraction of data from a phone which had been the victim of adipose break down among other things. All that he had on hand at the time was tooth brush.
    9. iSesamo Opening Tool -  A nice flexible shim which comes to a point. For those time when you have to really work your way into a case. It has a nice clear rubberized exterior coating around the handle for grip and to keep your hands safe. As far as I'm aware this was the first manufacturer of this tool format. Recently I've seen similar versions from out of China and Hong Kong. I can't speak to the effectiveness of those tools, but from this manufacturer I can say I love it.
    10. Portable Power Pack - The white cylindrical item on the far right is a USB based power pack. I would have preferred to have a nice ruggedized one, but the one I have is a brick and would not fit in the kit. You could always put it in a water proof Loksak, or perhaps some other type of waterproofing prophylactic. 
    11. SIM Card Adapter (green and white L shaped item) - Some of the SIM card readers on the market require a SIM card to be inserted to be read. A warped SIM card due to heat, rough treatment, or other catastrophic experience may not willing insert into that type of reader. Full disclosure though, I picked up the adapter on the just the chance basis and haven't done my empirical testing. If I find time and a lighter/match/"magnifying glass" in the upcoming months I'll put it through it's paces. I would rather have this in my kit when I need it, than have to worry about taking apart my working reader in order to fit in a SIM. If you are in a position where you have the only SIM card reader, and a replacement is farther away than actionable I would think the adapter is the way to go. Again, I still need to test and verify. The white area on the adapter is a hinged SIM card seat where you place your card of interest. The far end of the L shape is the necessary circuit trace to connect with a slot based SIM reader, or at least that is the theory.  
    12. Spudgers - The last two items on the bottom are rather solid spudgers. These tools are essentially pry tools. Fairly resilient, with a little give, but sturdy enough to win an argument with residual glue.  
    13. Addendum: One item in the above picture did not make it into the close ups, and that is the light gray box on the lower right of the left hand side of the kit. It has an assortment of SIM adapters ( micro and nano to full size), micro SD and mini SD adapter, M2 card adapter, and a iPhone SIM ejection tool. These are all stored in a hard surface case which was repurposed from it's previous life as a government issue ear plugs holder. 

    Image: Left hand side contents.

    1. USB Micro Adapter Tips - Another item that I haven't put through testing. These are adapters for a micro-USB cable to various phone manufacturer tips. I have it for power. I would not trust this type of tip for data transfer. 
    2. Fiber Glass Refills - Blurry white bag underneath the blurry black bag in the top left corner. Sorry for the picture quality. My good camera was out on loan and I had to improvise with a webcam. These are for the red fiber glass pen in the previous image. 
    3. Fine Tip Indelible Marker - If you have to slap a small label on a small device using a a regular indelible marker feels like writing with a banana. This has a fine tip for your smaller writing needs. 
    4. Various Small Tip Phillips Screw Drivers -      These are the black with red top, and the two green with black tops (and black bands). The black and red is a Wiha (German brand). The other two I believe are generic. I can't stress the importance enough of having the correct sized screw driver for the job. If you have the wrong shaped tip or sized tip you can end up stripping the screws. 
    5. Eraser/Corrections Pencil - Essential a glorified eraser. Useful for removing corrosion and other trace which would affect the operation of a device. Think water damage on a circuit board. 
    6. Screwdriver with multiple adapters - The screwdriver has several different tips in the base plug. This is my backup, just in case I lose my good ones. I tend not to reach for this if I need to take apart a device. I picked it up and then shortly after I found the kit I use all the time. It's pictured two pictures down.
    7. Yellow Highlighter -  Reading the laser etched writing on a chip you desoldered can be difficult. If you can get some contrasting color to fill in the laser etched grooves it can make it easier to read. I've used a yellow highlighter with some success. A quick swipe over the area and tilt the chip just right under a magnifying device (microscope USB is handy) with the right amount of light.
    8. Exacto-Blade - A general utility item. 
    9. Metal Spudger/Pry - This is the last item far right. A stiff and inflexible tool. I used it when all else fails, definitely not the first item I reach for.
    10. Plastic Picks - These are plastic picks (think thick guitar picks, those work too). For those times when you need to gently persuade to open. Usually use more than one in a concerted attack on stubborn cover or glass face. Depending on the device you may need to warm up the glue first. Plastic credit card items, like reward cards, are also handy.
    11. Short Mobile Device Connectors -  male to female USB adapter, lightening adapter, older apple connector, micro USB, and mini-USB. These are cables which should be suitable for power and data, but I have them included for the purpose of power.
    12. Stronghold Faraday Bag - For securing a mobile device for transport. I keep it tucked away in the back pocket. I also have a EDEC Blackhole Faraday bag which is a much sturdier construction with the downside of not fitting in the mini-EDC toolkit. I do have the concern a pointed tool like the dental pick will rip the Stronghold bag in transit. If you have the plastic tips that a lot of the dental picks ship with I recommend trying to keep them.



     
    Image: Stronghold faraday bag.

    Finally, not something that fits in the EDC, but complements it nicely. If i need to remove a screw, this is the kit I reach for first. It's a nice selection of different mini screw drivers from iFixIt. I like the pouch design and the quality of the drivers. So far I haven't had any complaints and would recommend it. 

    Image: Closed iFixIt pouch.


    Image: Unrolled kit.


     This ends your unscheduled coffee break. I have at least one other EDC-ish kit which I may post on in the future that deals with verification/validation.


    1 comment: