Scribd
Upload
84 views17 pages

Unit 1 Mobile Forensics 1.0

The document discusses SIM cards and mobile forensics. It covers: 1) SIM cards contain sensitive subscriber information like contacts and messages, as well as identifiers. They have memory, processors and operating systems. 2) Data on SIM cards can be accessed and extracted at different levels of forensic tools, from manual/logical extraction to various types of physical extraction. 3) Physical extraction may involve tools like JTAG interfaces, EEPROM readers and chip-off methods to access raw memory at the lowest hardware level.

Uploaded by

ninja
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
84 views17 pages

Unit 1 Mobile Forensics 1.0

The document discusses SIM cards and mobile forensics. It covers: 1) SIM cards contain sensitive subscriber information like contacts and messages, as well as identifiers. They have memory, processors and operating systems. 2) Data on SIM cards can be accessed and extracted at different levels of forensic tools, from manual/logical extraction to various types of physical extraction. 3) Physical extraction may involve tools like JTAG interfaces, EEPROM readers and chip-off methods to access raw memory at the lowest hardware level.

Uploaded by

ninja
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Unit 1

Mobile Forensics
Tripti Misra
SIM Cards
• The SIM (subscriber identity module) is a fundamental component of cellular
phones.
• USIMs are enhanced versions of present-day SIMs, containing backward-compatible
information. A USIM has a unique feature in that it allows one phone to have
multiple numbers.

• A SIM card contains a processor and operating system with between 16 and 256 KB
of persistent, electronically erasable, programmable read-only memory (EEPROM). It
also contains RAM (random access memory) and ROM (read-only memory).
SIM Size
Sensitive Data in SIM
• The SIM card contains sensitive information about the subscriber. Data such as contact lists and messages can be stored in SIM. SIM cards themselves
contain a repository of data and information, some of which is listed below:
• Integrated circuit card identifier (ICCID)
• International mobile subscriber identity (IMSI)
• Service provider name (SPN)
• Mobile country code (MCC)
• Mobile network code (MNC)
• Mobile subscriber identification number (MSIN)
• Mobile station international subscriber directory number (MSISDN)
• Abbreviated dialing numbers (ADN)
• Last dialed numbers (LDN)
• Short message service (SMS)
• Language preference (LP)
• Card holder verification (CHV1 and CHV2)
• Ciphering key (Kc)
• Ciphering key sequence number
• Emergency call code
• Fixed dialing numbers (FDN)
• Local area identity (LAI)
• Own dialing number
• Temporary mobile subscriber identity (TMSI)
• Routing area identifier (RIA) network code
• Service dialing numbers (SDNs)
SIM Security
• Always (ALW): file access is allowed without restrictions and the command is
executable upon the file.
• Card Holder Verification 1 (CHV1): file access is allowed with the valid verification of
the users PIN1 (or PIN1 verification is disabled) and the command is executable upon
the file.
• Card Holder Verification 2 (CHV2): file access is allowed with a valid verification of
the user’s PIN2 (or PIN2 verification is disabled) and the command is executable
upon the file.
• Administrative (ADM): the administrative authority (i.e. the card issuer who provides
the SIM card to subscribers), is responsible for the allocation of these levels.
• Never (NEV): file access is prohibited and the command is never executable upon the
file.
PUK
• PIN Unblocking key

• Your phone can become blocked in a number of ways - one of them is if you enter
your SIM card PIN number incorrectly three times in a row. To unblock your SIM card,
you will need to use something called a PUK (Personal Unblocking Key).
SIM Card File System
IMSI & LAI
• An International Mobile Subscriber Identity (IMSI) is a unique number associated with all Global
System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS)
network mobile phone users used for identifying a GSM subscriber.
• IMSI is available in EF IMSI with file identifier 6f07h = 28423d
• IMSI = MCC + MNC + MSIN
• Mobile Country Code
• Mobile Network Code
• Mobile Subscriber Identity Number

• LAI = MCC + MNC + LAC


• LAI = Location Area Identification
• LAC = Location Area Code

• The LAC determines the wider area which includes hundreds of cells but this LAC can be combined with
BCCH (Broadcast Control Channel) which is available in EF BCCH file.
First Byte of Each SMS Slot
Byte Meaning
00000000 Unused
00000001 Read Incoming Message
00000011 Unread Incoming Message
00000101 Outgoing & Already Sent Message
00000111 Outgoing Message which has not yet been sent

EF SMS, file identifier 6f3Ch = 28476d


Levels of Mobile Forensics Tool
L1 - Manual Extraction
L2 - Logical Extraction
L3 - Physical Extraction
What is Hex Dump & JTAG?
In computing, a hex dump is a hexadecimal view (on
screen or paper) of computer data, from RAM or
from a file or storage device. Looking at a hex dump
of data is commonly done as a part of debugging, or
of reverse engineering. In a hex dump, each byte (8-
bits) is represented as a two-digit hexadecimal
number.

JTAG is a common hardware interface


that provides your computer with a
way to communicate directly with the
chips on a board. It was originally
developed by a consortium, the Joint
(European) Test Access Group, in the
mid-80s to address the increasing
difficulty of testing printed circuit
boards (PCBs).
L4 – Physical Extraction
EEPROM Reader
An EEPROM, or electrically erasable
programmable read only memory, like a
regular ROM chip, uses a grid and electrical
impulses in order to create binary data.
However, the difference between ROM chips
and EEPROM chips is that EEPROM chips can
be reprogrammed without removing them
from the computer, contrary to basic ROM
chips which can only be programmed one
time. A localized charge from an electrical
field is all that is needed in order to erase
the EEPROM chip. Also, the entire EEPROM
chip does not need to be erased at one
time, which therefore allows specific
changes to be made. Other erasable
programmable ROM (EPROM) chips must be
entirely erased if any data is to be erased.
EEPROMs are constructed as arrays of
floating-gate transistors.
L5 – Physical Extraction

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy