AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

Travel: It Is Not Just For Airline Status Pt. 2

In my last post, we were merely discussing things very pre-planning stages. While much of that was most likely already information known by the masses, it is still very important information for anyone who has never traveled abroad before for business. It is a different animal than when you do it for personal leisure.

For the continuance of this, we are going to look at what is in my carry on bag when I am traveling to these places. While technology has changed, some things will always remain the same. Remember that you are most likely going to a location where you are working anywhere from 8-16 hours while there. After all, they didn’t send you to another country to sight see!

Back in the public sector days, I was always told to “over prepare” because what you will need may not be available when you need it the most. I still have this mantra but to be perfectly honest — things like write blockers and power strips are going in my checked bag. My carry on is designed to be as lightweight as possible so it doesn’t feel like I’m carrying an 80lb child on my back while walking from concourse A to concourse F in ATL (which by the way is about 1.5 miles).

Laptop

Get a laptop that is going to be lightweight and be able to handle everything you’ll need it for while away from your lab computers. Does that mean you need a Dell Precision Laptop with 17″ screen and 64GB of RAM? Probably not. If you’re doing anything remotely that intensive, then you’ve got other nightmares to handle. I’ve never needed that much RAM or that big of a screen while working. Remember, lightweight. You are most likely bringing evidence back with you anyways.

So for me, it is a MacBook Pro that was built in early 2016. 1TB internal hard drive and 16GB of RAM. Just a plain old MacBook Pro. And it works. It does everything I need it to do. Namely because of the software that is installed on it: which is mostly within the VM’s.

Dongles

Oh yes, we wouldn’t be in digital forensics if we didn’t have to carry dongles around. Sigh. There are only 3 dongles I ever have with me: X-Ways, Cellebrite Physical Analyzer and BlackBag. Why just those three? X-Ways is super robust and if I am going to need a GUI to dig into a laptop or image, it is going to do it for me without needing a ton of resources. Physical Analyzer is still the de facto standard for cellphone acquisitions. When going to countries out of the United States, you just don’t know what you’re going to run into. Having this software is basically a foregone conclusion that you need it. Additionally, if you are still using Cellebrite Touch, ditch it and get 4PC already. For starters, it comes with Physical Analyzer within the dongle so you’ll be able to do both software from the same dongle. And most importantly it is one less bulky thing to have with you while traveling. We won’t even get into the discussion that Touch is running on an Intel Atom processor and is slow as all get out. Using 4PC/PA on your own laptop will allow you collect and/or process MUCH faster. And BlackBag is my “in case of emergency” software since it run on both Windows and MacOS.

I’ve started to use Axiom a little bit more because the program allows me to send a license key to the VM so I do not need to authenticate with my license server. However, I’m still skittish for using it as a replacement for the above tools. Although the tool did work amazingly while I was in Argentina and Cellebrite wouldn’t dump an Android phone for some reason. Magnet’s Acquire software got me at least a dump of the phone, just missed the key file needed to decrypt a specific database sadly.

Cables

If you don’t have one of these cables in your bag, go buy 3 of them right now. If you’re private sector, you are already going to know what type of phones you will most likely be collecting, but this one cable alone almost wipes out the need to bring any of the Cellebrite cables, but possibly Cable 133.

 

Battery Packs

I typically travel with 2 of these things, depending on my travel time. The obvious reason for these is nothing new. They are great if you need to charge multiple phones at the same time, and are super slick if you’re in a place where you only have one international adapter and to charge would require either no laptop power or no phone power. The one pictured here is the same one I own. It will last me all week with keeping two iPhones charged the entire time. So this is perfect if you’re sitting in the back of a cab and your phone is eating away at your battery as you play Candy Crush to waste time till you arrive your destination.

International Adapter

This is seriously something you just need to have in your bag and not your checked bag. In the event your luggage is lost (which knock on wood, has never happened). This is basically going to be your lifeline for power. Make sure you have one that can either convert properly as many countries have a little bit more power going to their outlets than the US does. That could mean you destroy your electronics if you’re not careful. Also, make sure you bring an adapter specific to your laptop maker. So if you have a MacBook, go get one from Apple. If you have a Dell, go get one from Dell. While your adapter will work just fine with your laptop — you and I both know that laptop is probably going to be the primary asset you’ll be using. It will make life easier to not have to get that adapter out every single time you want to use your laptop while traveling or sitting at the airport or hotel.

Paper

Thanks to Phil Hagen, I went and bought one of these and have been very impressed by it. The company is Rocketbook and here is their website. Not going super in-depth on it because there are videos for it, but you can reuse the paper within the notebook and also has the capability to scan the pages and send them to a desired location (Cloud, OneNote, etc). This thing is absolutely perfect if you are drawing schematics or taking notes and sending them your case notes for safe keeping. The fact you can get it in a pocket size is even more of a perk since it doesn’t take up a lot of space.

WiFi Adapter

This is more for my own fun than anything, but you never know when you may need it in a pinch. Typically I’ve only used it for scanning for hotspots when doing wireless assessments. It is lightweight enough you won’t really notice that you have it anyways.  The one I have can be bought on Newegg.

Hard Drives

Normally just two of these things with me. I elected for hardware encryption over software since it is quicker to decrypt and doesn’t require me to install anything on a computer to utilize it. BitLocker is fine until you have to use FOSS to decrypt it on a Mac or Linux system. Save yourself a lot of stress and make sure you get 3.0 ones. Don’t just use regular hard drives with no encryption. Cannot stress this enough. You never know when your bag may be stolen, or worse, you are detained.

Miscellaneous 

The last bit of stuff I typically bring is something that may not have crossed your mind. Things like bandaids, cough drops, aspirin, tums, pepto and sore throat drops. You will never know when you could come down with something, and there is low odds you’ll be able to pick this stuff up right away if you’re in a place that doesn’t have stores nearby. I’ve been to some austere conditions and came down with travelers sickness (those who travel know what that means!) and thankfully I had something to help alleviate it.

As I’ve said, this isn’t meant to be the encompassing list of everything you would need for an engagement. But this is pretty much everything I need whether it be a foreign or domestic travel. My bag is light enough that I can wear it comfortably everywhere, and small enough that I can put it under the seat on the plane if need be.

 

 

Related Posts