Popular in Mobile Digital Forensics I
Popular in Information technology
This 5 page One Day of Notes was uploaded by James Cha on Friday January 23, 2015. The One Day of Notes belongs to TINFO444 at University of Washington taught by John Bair in Winter2015. Since its upload, it has received 146 views. For similar materials see Mobile Digital Forensics I in Information technology at University of Washington.
Reviews for TINFO444Week32Notes.pdf
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 01/23/15
T INFO 444 Week 3 January 22quot I CHAPTER 4 Primarily covers information and details about the SIM card KNOW THESE TERMS o Subscriber Identification Module SIM o A small wafer sized card that contains its own ICCID 0 Integrated Circuit Card Identifier ICCID o A 20digit identifying number contained in a SIM card 0 ICCID Value unique to the SIM card Even if the user changes GSM phones but keeps the same SIM card the ICCID value will stay the same 0 Using ICCID as evidence I Can be traced back to an account I Does not change even when the handset changes as long as the SIM is swapped I Is needed for SIM cloning network isolation technique I Will never be the same 0 International Mobile Subscriber Identity IMSI o Identifies the actual user or subscriber of the wireless network 0 Links the card to the subscriber o Abbreviated Dialing Numbers ADN 0 Entries on the SIM card the quotphone book or contacts 0 250 available slots 0 Using ADN for evidence I The names can help link a person to the device and or codefendant or associates I Can provide other names and numbers for additional investigation leads I Many times this contains monikers or AKA s that help link gang other criminal members to a specific targeted group Last Number Dialed LND 0 Entries that can show up to the last number dialed on the handset 0 Only 10 fields in the Elementary File EF location and they reflect the MOST RECENT CALLS Short Message Service SMS 0 The texts you receive or send on your cellular device 0 SMS for evidence I Has been and continues to be one of the top areas of recovery requested in most cases I Can be on the handset but not retained by the service provider VerizonMetroPCS 3 to 5 day window I Deleted entries may be found LOCI Location Information 0 The location where the device was LAST POWERED DOWN 0 Using LOCI for investigations I This area can store the Temporary Mobile Subscriber Identity TMSI which will be linked to the Visitor Location Registry VLR I Should be aware that this TMSI can change which is referred to as ID HOPPING Mobile Subscriber Integrated Services Digital Network Number MSISDN O O O Commonly referred to as the phone number assigned to the subscriber This number will typically include the country code On some SIM cards other than North America there can be MORE THAN ONE MSISDN VALUE PRESENT For evidence Like SMS this is very important to indicate the assigned phone number Forbidden Public Land Mobile Network FPLMN O 0 Will generate values when a device attempts to obtain access on a network that IS NOTALLOCATED SERVICE Example I If device has service in the US but gets close enough to towers from another country such as Canada it will not detect towers Over the past several years SIM cards have gotten smaller and smaller Used to be the size of a credit card in appearance Current and newer devices now have either a MICRO NANO or EMBEDDED SIM 5 VERSIONS 0F SIM CARDS 1FF 1st Form Factor Credit card sized SIM First generation SIM card ZFF MINI SIM Second generation SIM card that eliminated most of the plastic around the board 3FF MICRO SIM Third generation SIM card that eliminated additional plastic 4FF NANO SIM Fourth generation SIM card which reduced the outside wafer area EMBEDDED SIM Nonremovable SIM cards which are soldered directly to the main board of the device that has better security and connections SIM CARD FILE SYSTEM Contains Master File MF Dedicated File DF and Elementary File EF Master File MF The root directory of the SIM card Dedicated File DF Folders contained in the SIM card Elementary File EF Data within the folders in the SIM card 39I39yp it al SIIVI C ard File Systeln IVIa ster File RIF YOU SHOULD UNDERSTAND SIM cards may or may not always have specific values in the fields in the next few slides A SIM from a phone may have many data and the same model phone from another user may show very little It is important to know that sometimes the user can control what is on the SIM as well as what the network places there What is surprising is that the assign phone number does not show up in every SIM This is especially true in Verizon 4G LTE smart phones such as Android s and Apple SIM SECURITY INFORMATION Every SIM card can be protected by a PIN Can be a default number set by the manufacturer Usually 4 digits but can be 8 PIN attempts are usually 3 attempts before lock but newer SIMs are 5 After exhausting the attempts the SIM requires a PUK Personal Unblocking Key The PUK is set by the manufacturer Usually 10 attempts at a PUK before the SIM is disabled permanently do way to ever unlock However if you enter the correct PUK you can make a new PIN number of your choice PUK KEYS PUK keys can be supplied to LE through a search warrant Time however is important as the account must be fairly new A cold case where the number was ported or the account closed generally results in quotNo PUK located PUK key also resets So if you enter the correct value on the 10th try you now have a new set of 10 attempts Unlike the PIN which does not SAMPLE REVIEW QUESTIONSINFORMATION 1 10 A MicroSIM is considered the THIRD GENERATION SIM CARD LND stands for Last Number Dialed A suspect turns off his phone at the scene of a homicide Which EF location would provide investigators with the geographical information where the device was turned off LOCI SIM card which are not removable are referred to as EMBEDDED SIM MSISDN values will NOT always be present ICCID values are typically referred to as the serial number of the SIM card while the IMSI values are used to determine who owns or accesses the device SIM card SMS entries can NOT have slack space When a SMS message is read sent or deleted on a SIM card what part of the SMS message changes The byte value or statusflag What is the difference between a SIM PIN and PU K PIN is the Personal Identification Number and is typically 4 digits long can be 8 while the PUK is the Personal Unlocking Key that must be inputted after the PIN is incorrectly inputted 3 times 250 AND entries can be stored on a SIM card New entries will take place of old entries that have been deleted even when 250 slots have not been reached THIS IS FALSE because new entries will not take place of old ones until the 250 slots have been filled