Difference between pages "Websites" and "SIM Cards"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Digital Forensics)
 
(Moved some forensics stuff from "uses" to "forensics" section and merged it with what I had, also added "Referen)
 
Line 1: Line 1:
'''Websites''' about [[digital forensics]] and related topics.
+
__TOC__
  
= Digital Forensics =
+
[[Image:Simpic.jpg|frame|A Typical SIM Card]]
; Bruce Nikkel's Computer Forensics Homepage
+
== SIM-Subscriber Identity Module ==
: [http://digitalforensics.ch/ Bruce Nikkel's Computer Forensics Homepage]
+
: Presentations, links, references
+
  
; Certfied Computer Examiner Website
+
The terms SIM, smart card, and UICC have an unfortunate tendency to be used interchangeably. The UICC is hardware.  A SIM is a software application.  Generally speaking a smart card is a UICC running a SIM as well as possibly other applications.
: [http://certified-computer-examiner.com/ Certfied Computer Examiner Website]
+
: Open certification process for digital forensics.
+
  
; Computer Forensics and Investigations
+
SIM is actually just an application running on a smartcard. A given card could contain multiple SIM’s, allowing, for instance, a given phone to be used on multiple networks.
: [http://computer-forensics-lab.org/ project “COMPUTER FORENSICS AND INVESTIGATIONS”]
+
: Computer Forensics articles, and website of Igor Michailov
+
  
; [[Cyberspeak podcast]]
+
A typical SIM contains several categories of information. One is the actual identity of the card itself. The SIM needs to have a unique identity to the network.  This allows the network to identify what sources the subscriber is entitled to, billing information, etc.  A second category relates to the actual operation of the device.  Information such as the last number called, or the length of the phone call can be stored.  A third category of information is personalized information.  Phonebooks or calendars fall into this category.
: [http://cyberspeak.libsyn.com/ Cyberspeak Podcast]
+
: Computer forensics, network security, and computer crime podcast.
+
  
; Digital Forensics Discussion Forum
+
A SIM has three major purposes
: [http://www.multimediaforensics.com/ Digital Forensics Discussion Forum]
+
* Uniquely identify the subscriber
: A forum for the discussion of computer and digital forensics examinations, certified and non-certified investigators welcome
+
* Determines phone number
 +
* Contains algorithms for network authentification
  
; Digital Forensic Research Workshop (DFRWS)
+
A Sim contains
: [http://www.dfrws.org/ Official Website for Digital Forensic Research Workshop]
+
* 16 to 64 KB of memory
: Open forum for research in digital forensic issues, hosting annual meeting and annual forensics challenge.
+
* Processor
 +
* Operating System
  
; E-Evidence Information Centre
 
: [http://www.e-evidence.info/ E-Evidence Information Centre]
 
: An online digital forensics bibliography, updated monthly
 
  
; FCCU GNU/Linux Forensic Boot CD
+
== Uses of SIMs ==
: [http://www.lnx4n6.be/ Belgian Computer Forensic Website]
+
: Belgian Computer Forensic Website - Forensic Boot CD  - Linux
+
  
; International Association of Computer Investigative Specialists
+
SIM cards can be used in any kind of device or situation where there is a need to authenticate the identity of a user. They are particularly useful when  there is a need or desire to provide different types or levels of service to many users who have different configurations.
: [http://www.iacis.info/ International Association of Computer Investigative Specialists]
+
: Volunteer non-profit corporation composed of law enforcement professionals.
+
  
; Litilaw Computer Forensics
+
The primary use of SIM cards in the United States is in cell phones. There are other uses as well. The US military issues smart cards as identification to its personnel. These cards are used to allow users to log into computers. 
: [http://computer-forensics-litilaw.lexbe.com/ Litilaw Computer Forensics]
+
: Computer forensics article collection.
+
  
; MySecured.com
+
Europe has seen a wider use of these cards. The credit and debit card industry has integrated this technology in their cards for years. Similarly, a number of European phone companies have used these as phone cards to use in public telephones. The card companies in the United States have evidently not seen enough fraud to have a business justification to switch to this technology. There is some speculation that American credit cards will use a future generation of the technology when the added robustness and security of the system will make more economic sense.
: [http://www.MySecured.com/ MySecured.com]
+
: Mobile phone forensics, cellphone related investigation and data analysis site.
+
  
; NIST: Secure Hashing
+
The SIM uses a hierarchically organized file system that stores names, phone numbers, received and sent text messages.  It also contains the network configuration information.  The SIM also allows for easy transporting of all information from one phone to another.
: [http://csrc.nist.gov/CryptoToolkit/tkhash.html NIST: Secure Hashing]
+
: The Computer Security Division's (CSD) Security Technology Group (STG) is involved in the development, maintenance, and promotion of a number of standards and guidance that cover a wide range of cryptographic technology.
+
  
; Open Source Digital Forensics
+
One downside to the use of SIM cards is the amount of thefts that occurA person could steal a SIM card and use it for their own personal calls, which would be still on the original owners information log. This is becoming a problem in European countries with the theft of SIM cards.
: [http://www.opensourceforensics.org “OpenSourceForensics.org”]
+
: The Open Source Digital Forensics site is a reference for the use of open source software in digital investigations (a.k.a. digital forensics, computer forensics, incident response).
+
  
; University of Delaware] Computer Forensics Lab
+
== SIM Security ==
: [http://128.175.24.251/forensics/default.htm University of Delaware]
+
: Computer Forensics Lab Resource Site.
+
  
= Non-Digital Forensics =
+
There are two things that help secure the information located on your SIM.  The PIN (Personal Identification Number) and the PUK (Personal Unlocking Code).
; NIST Image Group
+
: [http://fingerprint.nist.gov/ NIST Image Group]
+
: Many reports, including the [[NIST]] report on [[AFIS]] [[fingerprint]] testing.
+
  
= Wikis =
+
When PIN protection is enabled, every time the phone is turned on - the PIN must be entered. The information on the SIM is locked until the correct code is entered.  The PIN by default is at a standard default number and can be changed on the handset.  If the PIN is entered incorrectly 3 times in a row the phone is locked and another code called the PUK is needed from the network provider. 
; Forensics Wiki (Russian Language)
+
: [http://www.computer-forensics-lab.org/wiki/ Forensics Wiki in Russian]
+
  
= Blogs =
+
If the PIN is incorrectly entered 3 times in a row, the phone is locked making the phone unable to make or receive any calls or SMS messages.  The PUK, which is an 8 digit code, is needed from the network provider to unlock the phone.  If the pin is entered 10 times incorrectly, the SIM is permanently disabled and the SIM must be exchanged.
; Checkmate
+
: http://www.niiconsulting.com/checkmate/
+
: The expertise involved in a forensic investigation is best showcased through the documentation of the evidence and the recording of the techniques used for forensic investigation.
+
  
; Computer Forensics World
+
==SIM Forensics==
: http://www.computerforensicsworld.com/
+
: Website with online discussion forums relating to computer forensics.
+
  
; Forensic Focus
+
The data that a SIM card can provide the forensics examiner can be invaluable to an investigation. Acquiring a SIM card allows a large amount of information that the suspect has dealt with over the phone to be investigated.<br />
: http://www.forensicfocus.com/
+
In general, some of this data can help an investigator determine:
: News, blog, forums, and other resources for folks engaged in or interested in digital forensics.
+
* Phone numbers of calls made/received
 
+
* Contacts
; Solid Forensics Blog
+
* SMS Details (time/date, recipient, etc.)
: http://www.solidforensics.com/
+
* SMS Text (the message itself)
: News, tools, and techniques for investigators who deal with cell forensics, computer forensics, telephone records, DNA forensics, and virtually any software based digital forensics analysis.
+
There are many software solutions that can help the examiner to acquire the information from the SIM card. One example of such a title is Paraben Forensics’ [http://www.paraben-forensics.com/catalog/product_info.php?products_id=289 SIM Card Seizure].<br /><br />
 
+
These software titles can extract such technical data from the SIM card as:
 
+
* Integrated Circuit Card ID (ICCID)
 
+
* International Mobile Subscriber Identity (IMSI)
= See Also =
+
* Mobile Country Code (MCC)
[[Journals]]
+
* Mobile Network Code (MNC)
 +
* Mobile Subscriber Identification Number (MSIN)
 +
* Mobile Subscriber International ISDN Number (MSISDN)
 +
This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.

Revision as of 16:10, 7 March 2006

A Typical SIM Card

SIM-Subscriber Identity Module

The terms SIM, smart card, and UICC have an unfortunate tendency to be used interchangeably. The UICC is hardware. A SIM is a software application. Generally speaking a smart card is a UICC running a SIM as well as possibly other applications.

SIM is actually just an application running on a smartcard. A given card could contain multiple SIM’s, allowing, for instance, a given phone to be used on multiple networks.

A typical SIM contains several categories of information. One is the actual identity of the card itself. The SIM needs to have a unique identity to the network. This allows the network to identify what sources the subscriber is entitled to, billing information, etc. A second category relates to the actual operation of the device. Information such as the last number called, or the length of the phone call can be stored. A third category of information is personalized information. Phonebooks or calendars fall into this category.

A SIM has three major purposes

  • Uniquely identify the subscriber
  • Determines phone number
  • Contains algorithms for network authentification

A Sim contains

  • 16 to 64 KB of memory
  • Processor
  • Operating System


Uses of SIMs

SIM cards can be used in any kind of device or situation where there is a need to authenticate the identity of a user. They are particularly useful when there is a need or desire to provide different types or levels of service to many users who have different configurations.

The primary use of SIM cards in the United States is in cell phones. There are other uses as well. The US military issues smart cards as identification to its personnel. These cards are used to allow users to log into computers.

Europe has seen a wider use of these cards. The credit and debit card industry has integrated this technology in their cards for years. Similarly, a number of European phone companies have used these as phone cards to use in public telephones. The card companies in the United States have evidently not seen enough fraud to have a business justification to switch to this technology. There is some speculation that American credit cards will use a future generation of the technology when the added robustness and security of the system will make more economic sense.

The SIM uses a hierarchically organized file system that stores names, phone numbers, received and sent text messages. It also contains the network configuration information. The SIM also allows for easy transporting of all information from one phone to another.

One downside to the use of SIM cards is the amount of thefts that occur. A person could steal a SIM card and use it for their own personal calls, which would be still on the original owners information log. This is becoming a problem in European countries with the theft of SIM cards.

SIM Security

There are two things that help secure the information located on your SIM. The PIN (Personal Identification Number) and the PUK (Personal Unlocking Code).

When PIN protection is enabled, every time the phone is turned on - the PIN must be entered. The information on the SIM is locked until the correct code is entered. The PIN by default is at a standard default number and can be changed on the handset. If the PIN is entered incorrectly 3 times in a row the phone is locked and another code called the PUK is needed from the network provider.

If the PIN is incorrectly entered 3 times in a row, the phone is locked making the phone unable to make or receive any calls or SMS messages. The PUK, which is an 8 digit code, is needed from the network provider to unlock the phone. If the pin is entered 10 times incorrectly, the SIM is permanently disabled and the SIM must be exchanged.

SIM Forensics

The data that a SIM card can provide the forensics examiner can be invaluable to an investigation. Acquiring a SIM card allows a large amount of information that the suspect has dealt with over the phone to be investigated.
In general, some of this data can help an investigator determine:

  • Phone numbers of calls made/received
  • Contacts
  • SMS Details (time/date, recipient, etc.)
  • SMS Text (the message itself)

There are many software solutions that can help the examiner to acquire the information from the SIM card. One example of such a title is Paraben Forensics’ SIM Card Seizure.

These software titles can extract such technical data from the SIM card as:

  • Integrated Circuit Card ID (ICCID)
  • International Mobile Subscriber Identity (IMSI)
  • Mobile Country Code (MCC)
  • Mobile Network Code (MNC)
  • Mobile Subscriber Identification Number (MSIN)
  • Mobile Subscriber International ISDN Number (MSISDN)

This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.