Popular in Mobile Digital Forensics I
Popular in Information technology
This 3 page Class Notes was uploaded by James Cha on Friday January 30, 2015. The Class Notes belongs to TINFO444 at University of Washington taught by John Bair in Winter2015. Since its upload, it has received 144 views. For similar materials see Mobile Digital Forensics I in Information technology at University of Washington.
Reviews for TINFO444Week4Notes.pdf
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 01/30/15
T INFO 444 Week 4 Tuesday January 27th CHAPTER 5 SIMcon Lab SlMcon About SIN1 Con simc on SILVI CON I ENT CON I ROL 14E R SIMCon V 1 2 Copyright InsideOut Forensics All rights reserved Unauthorized copying is illegal and may be prosecuted La39A39 Enforcement of cers may be entitled to a Free copy of SIMCon by identifying themselves and their agency See http39quotAquotAquotNsimconnoquot IF you have any questions or comments please do not hesitate to contact InsideOut staff at simcon simconno SIMcon was originally a free tool Reads various stored data fields to include deleted SMS Allows exporting saving to excel and specific fieds reporting Parsed Something you can see with the naked eye No tools needed QuestionsAnswers About SlMcon to Consider Reading a SIM card using this particular tool can be accomplished how many different ways within the interface There are 2 different ways What important values will the examiner see during the initial acquisition even if the SIM is locked with a user enabled PIN The important value that an examiner will first see is the ICCID This particular tool does NOT have a robust help menu Case acquisition notes may only be entered at the beginning of using this program If entered in correctly the first time you must redo the whole process This only appears after the card is read It cannot be corrected unless you read the contents again This will be at the beginning of your report Last fields from previous exam appear Acquisition ixotes I Investigator IDBL Balr Date 2 Time 12 Mar 2014 195205 Case 1 40090455 Evidence Number I Notes When printing a report using this program you have the option of printing the Checked Items Highlighted Items or ALL of them Save Report Report for Checked items Highlighted item 39 All items Show only teactx39number for SMSXN umber items T1 When saving the exam you conducted using this utility the file extension will be a sim gar Save As 5 Save in Documents Name Date modif Type A Battlefield 2 Demo L Hunting Unlimited 2 Demo Hunting Unlimited 3 My Games vb 3 Recent Places Rosenappi T Computer I Network Cancel File name Untitled LI 1 J Save as type ISIMCon Files sim Fields that have no data within EF files will always have the same hash value quotVerify Hash is a confirmation that these fields have not known hash issue redundancy The primary purpose of this utility is to understand every single piece of stored data that can be located on a SIM card file system