OpenSourceSDRLab PortaRF · Volume 11

OpenSourceSDRLab PortaRF Volume 11 — Operational Posture

Regional rules, antenna safety, capture data chain-of-custody, detection signatures, when-NOT-to-use, pre-engagement checklist

Contents

SectionTopic
1About this volume
2Regional RF rules
3Antenna safety + TX-into-mismatch
4Battery + thermal posture under field deployment
5Capture data chain-of-custody
6Detection considerations when broadcasting
7Legal posture for unauthorized RF
8When NOT to use PortaRF
9Pre-engagement checklist
10Discovery + response posture
11Engagement closeout discipline
12Resources

1. About this volume

Vol 11 is the operational-posture synthesis for PortaRF — the volume that closes the loop between the technical capability (Vols 2-10) and the discipline required to use it without harming yourself, your operation, or unrelated parties.

Most of the posture content parallels HackRF One Vol 11 — regional RF rules, antenna safety, capture-data discipline. The PortaRF-specific deltas all flow from the handheld form factor:

  1. Field deployment changes the discipline — you are in someone else’s RF environment, not your lab. Strong adjacent emitters, unknown reflective surfaces, unpredictable thermal conditions.
  2. Integrated battery means engagement duration is finite (~6-10 hours typical without external power). Plan accordingly.
  3. Standalone operation via Mayhem means engagements happen without lab supervision — no oscilloscope on the bench to catch a malfunctioning RF chain in real time. You see what Mayhem shows you and nothing more.
  4. Single-box mechanical means accidental TX with no antenna is less likely than with a stacked porta setup (the antenna is fixed to the unit) but still possible if the antenna is broken or detached.
  5. Pocket-portable form means PortaRF is more likely to be deployed in environments where detection is consequential — engagement venues, conferences, public spaces with regulated airspace.

Cross-reference: ../../../HackRF One/03-outputs/HackRF_One_Complete.html Vol 11 covers the foundational posture. This volume specializes to handheld field use.

This volume is also the load-bearing read before deploying — printable summary in § 9, but the reasoning matters and is here.

2. Regional RF rules

PortaRF can technically transmit anywhere from 1 MHz to 6 GHz. The silicon imposes no jurisdictional constraints; the operator does.

2.1 Regulatory framework summary

RegionPrimary regulatorKey framework
United StatesFCCTitle 47 CFR — Part 15 (unlicensed), Part 97 (amateur), Part 90 (LMR), etc.
United KingdomOfcomWireless Telegraphy Act + UK Interface Requirements
European UnionNational regulators + ETSI harmonized standardsEN 300 220, EN 300 328, EN 301 893
CanadaISEDRSS-210, RSS-247
JapanMIC + ARIBARIB STD-T108 (920 MHz), STD-T66 (2.4 GHz)
Australia / New ZealandACMA / RSMRadiocommunications Class Licence
Most jurisdictionsLocal regulator with international harmonizationITU regions framework

The general principle holds across jurisdictions: transmitting in licensed bands without authorization is illegal. Receiving (passive listening) is generally legal with some exceptions (encrypted military, certain cellular). Transmitting in unlicensed ISM bands has power, duty cycle, and modulation constraints that vary by region.

2.2 Common allowed bands (unlicensed ISM)

These are bands where PortaRF can typically transmit with no license required (subject to power + duty-cycle limits):

BandUS (FCC)EU (ETSI)Common use
433.05–434.79 MHzPart 15 § 15.231 (event/periodic only)EN 300 220 (1% duty cycle, +10 dBm)LPRF telemetry, garage door openers
868–870 MHz (EU)(not allocated to ISM in US)EN 300 220 (1% duty cycle, +14 dBm)LoRa, Sigfox, Z-Wave EU
902–928 MHz (US)Part 15 § 15.247 (+30 dBm, spread spectrum)(cellular in EU)LoRa US, Zigbee US, RFID
2400–2483.5 MHzPart 15 § 15.247 (+30 dBm, spread spectrum)EN 300 328 (+20 dBm)Wi-Fi, BLE, Zigbee
5725–5850 MHzPart 15 § 15.247 (+30 dBm)EN 300 440 / 301 893Wi-Fi 5GHz subset, RC video

Power limits matter: PortaRF’s +15 dBm max output is below most regional limits in unlicensed ISM bands, so within these bands PortaRF can transmit at full silicon power without legal concern (assuming reasonable modulation + duty cycle).

2.3 Forbidden bands (without authorization)

BandWhy forbidden
Cellular uplinks (700-900, 1700-1900, 2100-2700 MHz region-dependent)Carrier-licensed exclusive use
GPS L1 (1575.42 MHz)Reserved; jamming is a federal crime in US
Aviation 108-137 MHzATC + ILS; jamming endangers aircraft
Public-safety 150-160, 450-470, 700-800 MHzEmergency services; interference is criminal
Maritime 156-162 MHzDistress channels; protected
Amateur radio bands (without license)Licensed to amateur operators only
Most spectrum outside ISM bandsLicensed to specific carriers/services

PortaRF does not block transmission in these bands — the silicon will happily TX. The operator is solely responsible for staying out of them.

2.4 The “I’m just testing on my own equipment” defense

This defense works only in very specific circumstances:

  1. Transmission is contained within shielded enclosure (Faraday cage, anechoic chamber) — confirmed RF leakage <1 µW
  2. Transmission is in ISM bands at compliant power even outside containment
  3. Transmission is received by your own equipment that you own and control, on bands where reception is legal

It does not work for: “I’m just testing my replay attack on my neighbor’s garage” (you don’t own it), “I’m jamming my own Wi-Fi to see if it works” (interference radiates beyond your property), “I’m transmitting on a cellular band to test a SIM card” (carrier-licensed band, full stop).

The PortaRF’s portability makes the “shielded enclosure” defense harder to invoke — you’re not in your lab, you’re in the field. Default to “every TX is potentially regulated; have authorization in writing”.

3. Antenna safety + TX-into-mismatch

3.1 Never TX without an antenna

This is the cardinal rule of HackRF operation and applies identically to PortaRF:

  • The TX path expects a ~50 Ω load. With nothing connected, the SMA jack is essentially open-circuit at RF, which reflects nearly all TX power back toward the LNA / first-stage amplifier.
  • Reflected RF energy can damage the LNA (the input transistor’s gate) or the TX final stage (depending on the path topology).
  • Heath’s CLA4611-085LF protection chip mitigates this risk significantly — it clamps RF voltages above the safe threshold. But it is not a guarantee — protection chips have limits, and sustained TX into an open SMA exceeds them.
  • A 50 Ω SMA dummy load on the antenna jack is the safe “no transmit” position when the unit is on but no antenna is connected.

3.2 TX into mismatched antenna

The second most common LNA-blow vector:

  • The antenna is connected but designed for a different frequency band — e.g., a 433 MHz whip on a unit transmitting at 2.4 GHz, or a 5 GHz Yagi on a unit transmitting at 70 cm.
  • Mismatched antennas reflect substantial power back into the TX path. The reflection coefficient at the antenna feedpoint determines how much TX power becomes return loss.
  • Even with protection chips, sustained TX into a 10 dB-mismatched antenna is risky.

For PortaRF specifically: the integrated form factor encourages “one antenna fits all” thinking. Resist this — carry a few different antennas tuned to the bands you’ll work in and swap appropriately. A 433 MHz whip, a 900 MHz whip, and a 2.4/5 GHz whip cover most ISM TX work.

3.3 Broken / damaged antennas

A whip antenna that has been bent, dropped, or had its base connector damaged may present a poor RF load even though it looks fine visually. Before TX’ing into an antenna:

  • Visually inspect for damage to the base, the whip itself, any cable connector
  • Verify continuity with a multimeter (DC continuity from SMA shield to whip body, or open-circuit depending on antenna design — know your antenna)
  • Use hackrf_sweep first — confirm the antenna is receiving in the expected band before transmitting through it
  • For high-power or sustained TX, use a SWR meter or a NanoVNA to characterize the antenna at the operating frequency

3.4 Adjacent emitter risks

PortaRF’s LNA is exposed to whatever RF is in the environment, not just signals coming through the antenna feedline. Strong adjacent emitters can damage even a receiver:

  • Standing within ~1 m of a high-power TX (FM broadcast, ham repeater, cellular antenna at a tower) can deliver enough RF into PortaRF’s LNA to cause damage
  • Construction equipment, microwave ovens, defective consumer electronics can produce broadband emissions
  • The CLA4611-085LF helps but isn’t designed for sustained high-RF input

Practical: before deploying in an unfamiliar RF environment, check for nearby strong emitters. If unsure, RX-only sweep first and look for ADC clipping indicators in Mayhem.

3.5 What the protection chip cannot save you from

  • TX with a damaged final-stage MMIC — if the MAX2837 or TRF37B73 is already damaged, the protection chip cannot un-damage it
  • Continuous high-RF input — protection chips clamp transients, not sustained energy
  • DC damage — touching the SMA pin to a 12 V source, for example, bypasses the protection chip
  • Operator error — if you select the wrong frequency or wrong modulation, the protection chip does not save the engagement

The protection chip is one layer in a defense-in-depth strategy. Operator discipline is the other layers.

4. Battery + thermal posture under field deployment

Cross-ref Vol 5 for the full power profile. Field-deployment-specific posture:

4.1 Power planning

  • Always plan to engagement duration + 50% margin — if expected runtime is 4 hours, plan for 6 hours of capacity
  • Always carry USB-C battery pack for any engagement >3 hours
  • Test the pack works with PortaRF before deploying — some PD-only packs don’t fall back to 5V output cleanly
  • Top up the internal battery before deployment — start at 100%, not “the unit was at 60% when I picked it up”

4.2 Thermal management in the field

  • Avoid hot ambient during sustained TX — direct sun + hot vehicle interior pushes PortaRF case temperature into the uncomfortable / silicon-thermal-protection zone
  • Don’t operate in sealed bags / pockets — the unit needs airflow to dissipate TX heat
  • Reduce TX power when possible — +10 dBm dissipates ~50% less heat than +15 dBm with most of the practical RF benefit
  • Duty-cycle sustained TX — 20 minutes work, 10 minutes idle for cooldown; prevents reaching steady-state high temperatures

4.3 Cold-weather operation

LiPo capacity drops at low temperature:

  • At 0 °C: ~80% of room-temperature capacity
  • At -10 °C: ~60% of room-temperature capacity
  • At -20 °C: ~40% of room-temperature capacity; protection IC may trip on undervoltage

For cold-weather field work:

  • Keep PortaRF body-warmed when not in active use — inside a jacket, near a hand-warmer
  • Don’t try to charge a cold battery (<0 °C) — lithium plating damages the cell permanently
  • Plan for shorter runtime in cold conditions

4.4 Storage during engagement gaps

If PortaRF will sit between engagement sessions for hours-to-days:

  • Power off completely during gaps >2 hours — not standby; full power down
  • Disconnect USB-C if connected — sustained float-charge ages the cell slightly faster than “stop charging at 100% and disconnect”
  • Store at room temperature — not in a hot car, not in a freezer

5. Capture data chain-of-custody

For RF captures intended as engagement deliverables — evidence, demonstration, or analyst handoff — captures must be defensibly handled:

5.1 Capture-time integrity

At capture time, on the PortaRF (or immediately on transfer to host):

# Compute SHA-256 of capture file
sha256sum capture_20260513_142300.cfile > capture_20260513_142300.cfile.sha256

# For high-value captures, also compute SHA-512
sha512sum capture_20260513_142300.cfile >> capture_20260513_142300.cfile.sha512

This establishes the integrity timestamp — anyone later trying to alter the capture would have to recompute (and have you re-sign) the hash.

5.2 Transport encryption

Captures should never transit in cleartext. The standard pattern:

# Tar the capture + metadata + hashes
tar czf capture_bundle.tar.gz capture_20260513_*.cfile *.sha256 metadata.json

# Encrypt with age (preferred, modern)
age -r <recipient-public-key> capture_bundle.tar.gz > capture_bundle.tar.gz.age

# Or GPG (legacy, still works)
gpg --encrypt --recipient analyst@example.com capture_bundle.tar.gz

Transfer the encrypted bundle via whatever channel (USB drive, encrypted cloud storage, courier). The cleartext should exist only on PortaRF’s SD card (which is secured by the operator’s physical possession) and the analyst’s workstation (after decryption).

5.3 Out-of-band hash verification

Share the SHA-256 hash of the bundle via a separate channel from the bundle itself:

  • Bundle: USB drive, encrypted cloud
  • Hash: SMS to analyst, encrypted email, in-person verbal confirmation

This protects against bundle substitution — if an adversary intercepts the bundle in transit, they cannot fake the hash through a different channel.

5.4 Source SD card sanitization

After captures are transferred and verified:

# Wipe the SD card to NIST 800-88 standard
# (single-pass overwrite is sufficient for flash; multi-pass is wasted on flash)
dd if=/dev/urandom of=/dev/sdX bs=4M status=progress

# Re-format for next engagement
mkfs.vfat -F 32 /dev/sdX

For high-value engagements, physically destroy the SD card after a single use rather than reuse. SD cards are cheap; engagement integrity is not.

5.5 Retention discipline

Retain captures only as long as scope authorizes:

  • Engagement deliverable phase: captures retained until delivery
  • Post-delivery: source captures retained per engagement contract (typically 30-90 days)
  • Long-term archive (if contract permits): encrypted offline storage
  • Bystander data: purge with documentation — record what was captured, what was incidental, what was deleted

Cross-ref ../../../_shared/legal_ethics.md for the Hack Tools shared posture.

6. Detection considerations when broadcasting

PortaRF TX is detectable. Every transmission leaves signatures that adversarial monitoring can pick up:

6.1 RF signatures

  • Carrier emission — anyone with a receiver tuned to your frequency hears the signal
  • Modulation pattern — even encrypted payloads have characteristic modulation envelopes
  • Spurious emissions — the HackRF’s TX chain has measurable spurs at ~30-50 dB below the carrier
  • Burst timing — replay attacks and beacon flooding have characteristic burst patterns recognizable by anomaly detectors
  • Frequency stability — the Si5351 clock has characteristic phase noise that distinguishes HackRF-generated signals from purpose-built emitters

A skilled RF analyst can often identify “this signal came from a HackRF-class SDR” rather than “this signal came from a legitimate device” based on these subtle signatures.

6.2 Geographic signatures

For longer-duration TX sessions, direction-finding (using KrakenSDR, ELINT systems, or even just multiple receivers) can locate the source. Mobile TX (PortaRF in a vehicle) is harder to triangulate but not impossible.

6.3 Network signatures

When PortaRF is tethered to a host PC for processing:

  • The host’s network activity may correlate with TX bursts
  • WLAN association (if the host PC is on a network) is logged by the network operator
  • DNS queries from analysis tools may reveal intent (resolving SDRangel update servers, fetching protocol-decoder dependencies)

6.4 Physical signatures

  • The PortaRF unit itself is identifiable on body / in a pocket
  • Antenna whip is visible
  • Operator behavior (frequent reference to the screen, focused attention) is recognizable to trained observers

6.5 Operational implication

Assume detection for any TX in:

  • Licensed bands (cellular, public safety, aviation, ham bands without your license)
  • Sensitive venues (corporate campuses with their own RF security, government facilities, airports)
  • Areas with high RF awareness (broadcast facilities, telecom infrastructure)

Authorization (written, scoped, dated) is the only defense. If your authorization doesn’t cover what you’re transmitting, stop.

In essentially every jurisdiction with a modern radio-regulatory framework:

7.1 Criminal severity

  • TX in licensed bands without authorization = federal-level offense in US (FCC 47 USC § 333); equivalent in most jurisdictions. Penalties: fines + criminal record + potential prison time
  • Jamming any band (interfering with legitimate RF) = explicit prohibition in US (FCC 47 USC § 333), severe globally
  • Interfering with cellular = additional carrier-specific federal/state charges
  • Interfering with public safety or aviation = severe criminal penalties; aviation interference is treated as terrorism in some jurisdictions
  • GPS jamming = federal crime in US (US Code 47 § 333 + dedicated GPS-jamming statutes)

7.2 Civil exposure

Even unauthorized TX that doesn’t trigger criminal prosecution can result in:

  • Civil suits from affected parties (carriers, broadcasters, licensees)
  • FCC NALs (Notices of Apparent Liability) for forfeiture — typically $5,000-$100,000+
  • Loss of any amateur radio license if the operator holds one
  • Professional consequences — security clearances revoked, employment terminated
  • Pure RX (passive listening) — generally legal in most jurisdictions, with exceptions for encrypted government / military traffic
  • TX in unlicensed ISM bands at compliant power and duty cycle
  • TX on amateur radio bands by licensed operators (within license privileges)
  • TX on your own equipment in shielded enclosures (Faraday cage with verified <1 µW leakage)
  • TX with explicit written authorization from a properly-licensed party (carrier, facility owner, etc.)

7.4 The “research” defense

“I’m just doing security research” is not a legal defense for unauthorized TX in most jurisdictions. The defense applies in limited circumstances (academic research with IRB approval + carrier coordination, vulnerability research with vendor cooperation) but not as a general blanket.

For PortaRF operators: if you can’t show written authorization for the specific transmission in the specific band at the specific time, treat the transmission as illegal.

7.5 Cross-jurisdictional considerations

For international travel:

  • PortaRF possession is generally legal in most jurisdictions
  • PortaRF importation may require declaration in some countries (RF transmitters)
  • TX while traveling may be subject to host-country rules, not home-country rules
  • EU export controls apply to high-power RF equipment in some categories

Verify before crossing borders. The capabilities the unit can exercise are subject to the rules of the jurisdiction you’re standing in.

Cross-ref HackRF One Vol 11 § 8 for the legal-posture deep dive.

8. When NOT to use PortaRF

ScenarioWhy PortaRF is wrongBetter alternative
Need full-duplex TX/RXHackRF silicon is half-duplexUSRP, BladeRF
Need sample rate >20 MS/sUSB 2.0 / HackRF silicon limitUSRP, BladeRF, KrakenSDR
HF work (< 1 MHz)HackRF doesn’t cover HFHF upconverter + HackRF, or SDRplay RSPdx
Direction-findingSingle antenna; no multi-channel coherent receiveKrakenSDR (5-receiver coherent)
Sustained high-power TX (1 W+)Silicon-limited to ~+15 dBm; external PA neededHackRF + external PA + 50 Ω dummy load on bench
Sustained TX >30 minutes in hot ambientThermal limit in sealed handheldporta on a bench, or tether PortaRF to USB-C with active cooling
Sustained 24+ hour deploymentBattery + thermal limitsTethered laptop + HackRF
Weak-signal narrowband work (RX below -85 dBm)HackRF 8-bit ADC noise floorSDRplay RSPdx (14-bit) or RTL-SDR + LNA
5 GHz Wi-Fi work specificallyHackRF performance degrades above 4 GHzAWOK ESP32-C5, Banshee, dedicated 5 GHz RX
Cellular interception (any band)Illegal in essentially every jurisdictionDon’t
Public safety / aviation RX (research)Often legal for RX; need a robust SDRSDRplay RSPdx, dedicated scanner
GPS work specificallyHackRF can RX GPS but doesn’t have a GPSDO; relative accuracy is limitedDedicated GPS receiver, Leo Bodnar GPSDO + HackRF
When porta already worksDuplicate capability for $400-600Keep porta unless porta has failed

9. Pre-engagement checklist

The single-page list below is the load-bearing PortaRF deployment artifact — print, laminate, tape inside the gear bag, run before every engagement. § 12 in Vol 12 has the laminate-ready field-card version.

Authorization

  • Written authorization for TX operations (scope, bands, duty cycle, dates explicit)
  • Authorization copy on person (signed, dated, contact info for verifying party)
  • Out-of-band escalation contact prepared (if challenged, who do you call?)

Regulatory

  • Region setting in Mayhem matches operational area
  • Bands of intended TX verified within authorized scope
  • Power limits within regional rules (typically +20 dBm for ISM TX; less for some sub-GHz)
  • Duty cycle limits understood (1% for EU 433 MHz, etc.)

Hardware

  • Antenna physically attached (NEVER power on without antenna)
  • Antenna appropriate for operating frequency (433 MHz whip, 900 MHz whip, 2.4 GHz whip — bring all)
  • Antenna inspected — no visible damage, base connector tight
  • SMA connector on PortaRF inspected — clean, undamaged
  • Spare antenna(s) carried for redundancy

Power

  • Internal battery charged to ≥80% before deployment
  • USB-C battery pack charged to ≥90% (10000 mAh minimum for any engagement >3 hours)
  • USB-C cable quality (data + 3 A power capable, not a charge-only cable)
  • Wall charger carried for opportunistic top-up if engagement allows

Storage / capture

  • SD card formatted FAT32 with adequate free space (calculate: bytes/sec at expected sample rate × engagement duration × 1.5 margin)
  • SD card health verified (no recent corruption; SD card not at capacity-degradation end of life)
  • Capture destination plan specified (which files, how named, where transferred post-engagement)
  • Encryption keys prepared for post-capture encryption (age recipient or GPG public key)

Firmware

  • Mayhem version locked to known-good release (not a release-night build)
  • HackRF firmware version noted (hackrf_info output before deployment)
  • Mayhem settings at known-good values (gain, sample rate, modulation)
  • No untested custom firmware — engagement is not the time to debug custom Mayhem builds

Operational

  • Engagement scope internalized (what’s in, what’s out, what’s gray)
  • Time bounds (engagement window start/end clear; alarm set if needed)
  • Sanitization plan for post-engagement (SD wipe procedure, evidence handoff)
  • Discovery response plan (if observed, stop, produce authorization, document, escalate)
  • Out-of-band channel for security to reach you (phone with signal at venue, established protocol)

Final

  • All items above checked

If any single item isn’t checked, abort. Engagement re-scheduling is always cheaper than the consequences of unauthorized or unprepared TX.

10. Discovery + response posture

What happens if you are observed during an engagement by venue security, law enforcement, or curious bystanders.

10.1 Immediate response

  1. Stop transmitting immediately. Mayhem → exit current app → main menu → power off if appropriate.
  2. Stay visible. Don’t hide the unit. Don’t pocket it suddenly. Concealment looks worse than open carry of an antenna-bearing device.
  3. Stay calm. Anxiety reads as guilt; calm composure reads as legitimate.
  4. Identify yourself before being asked. “Hi, I’m conducting authorized RF testing for [client/facility].“

10.2 Producing authorization

Have authorization documents:

  • On person — folded paper copy in a wallet pocket; not just a phone PDF
  • Verifiable — contact info for the authorizing party who can confirm scope by phone in real time
  • Specific — names the venue, dates, scope of activity; not a generic “to whom it may concern”
  • Recent — current dated; not a year-old letter

If venue security or law enforcement asks, show the document, don’t argue. Let them call the authorizing party.

10.3 If escalated to law enforcement

  • Cooperate — refusing to identify or to show the device increases suspicion
  • Decline to answer technical questions in detail without your authorizing party present (the difference between “I’m doing authorized RF testing” — fine — and “I’m using a HackRF One to do replay attacks on garage door openers as part of a penetration test of access control systems” — too much information without counsel)
  • Don’t power-on the device for officers — they may interpret this as continued operation
  • Document the interaction — note officer names, times, what was said, what was seized (if anything)

10.4 If the device is seized

This is the worst-case scenario:

  • Don’t physically resist. The unit is replaceable; you are not.
  • Note exactly what is taken — serial numbers, SD card contents (if known), accessories
  • Get a receipt for any property seized
  • Contact counsel immediately — RF possession + unclear authorization is a complicated legal area
  • Notify the authorizing party that the engagement was disrupted

For sensitive engagements, prearrange a legal-response contact before deployment.

11. Engagement closeout discipline

After every engagement, before storing or redeploying PortaRF:

11.1 Data handling

  • Transfer captures from SD card to encrypted host storage
  • Verify hashes match what was captured (cross-reference timestamp + hash)
  • Sanitize SD card per § 5.4 — single-pass overwrite or physical destruction
  • Re-format SD card for next engagement (FAT32)
  • Encrypt deliverable bundle for analyst handoff

11.2 Hardware checks

  • Inspect antenna(s) for damage from field use
  • Inspect SMA connector for wear, contamination
  • Inspect case for new dents/cracks
  • Verify USB-C charging works (some adversarial environments may have caused damage)
  • Verify Mayhem boots normally and all apps load

11.3 Battery handling

  • Recharge to ~80% for storage (not 100% if storing >1 week)
  • Verify internal battery healthy — runtime under standard load matches baseline
  • Recharge USB-C pack to full
  • Note any unusual thermal behavior during engagement — log for next baseline

11.4 Logging

Per Hack Tools convention, append an entry to the unit’s narrative .md in 00-inventory/:

- **YYYY-MM-DD**: engagement at [venue]; [duration]; [observations]; battery / hardware status post-engagement

This builds a longitudinal record useful for warranty claims, capacity-trend analysis, and pattern-of-life on the unit.

11.5 Lessons learned

For each engagement, write a brief retrospective in the engagement record:

  • What went well — confirmed capabilities, smooth workflows
  • What broke — hardware issues, firmware quirks, unexpected detections
  • What to change next time — adjust the checklist, swap an antenna, change a workflow

The single retrospective sentence per engagement compounds into substantial institutional knowledge over a year of field work.

12. Resources

Foundational posture (cross-ref)

Regional regulators

Legal references

Capture data integrity tools

RF safety + antenna theory

  • ARRL Antenna Book (general reference): ARRL publications
  • W3DZZ antenna theory primers
  • NanoVNA documentation for antenna characterization

End of Vol 11. Next: Vol 12 is the laminate-ready cheatsheet — synthesis of every preceding volume for in-the-field reference.