Difference between pages "SIMIS" and "JTAG Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
Back to [[SIM Card Forensics]]
+
== Definition ==
 +
=== From Wikipedia ([http://en.wikipedia.org/wiki/Joint_Test_Action_Group http://en.wikipedia.org/wiki/Joint_Test_Action_Group ]): ===
  
SIMIS is a range of products developed for forensic examination of GSM SIM Cards.
+
Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.
  
== SIMIS 2G ==  
+
=== Forensic Application ===
  
'''Feature Overview'''
+
JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.
* Forensically safe - no facility for the modification of system or user data held on the SIM
+
* Correctly handles PIN and PUK entry under controlled conditions.
+
* Builds a database with unique file references for each SIM Card.
+
* Searchable database with appropriate index categories.
+
* Facility to read data from the SIMIS Mobile card interrogation unit.
+
* Presents data in a printable format for reports.
+
* Provides commented RAW data in a standard format for use in third party applications.
+
  
 +
== Tools and Equipment ==
  
'''Typically a SIMIS package consists of:'''
+
* [[JTAG and Chip-Off Tools and Equipment]]
* PC based software application
+
* PC/SC Smart Card Reader (USB or Serial)
+
* Mini-Sim Adapter
+
* USB License Key
+
  
There is also the option to use a PC Card (PCMCIA) Reader for laptops and notebooks.
+
== Procedures ==
  
 
+
* [[JTAG HTC Wildfire S]]
'''The Search Engine'''
+
* [[JTAG LG P930]]
 
+
* [[JTAG Samsung Galaxy S4 (SGH-I337)]]
The SIMIS database search engine, allows comprehensive searches to be made across all SIM cards data that have been interrogated. Searches can be carried out across the entire database, or can be narrowed down to things like a specific case reference, or a specific mobile number.
+
 
+
A typical search would allow you to enter a mobile phone number and identify if that number was held in the ADN of any card previously interrogated - potentially opening up new lines of inquiry in investigations, or linking suspected criminals and networks together.
+
 
+
== SIMIS 3G ==
+
SIMIS 3G provides the examiner with broadly similar features and facilities to SIMIS 2, however the 3G 'SIM' holds a vast amount of user and network information. SIMIS 3G is a most comprehensive tool for the recovery and clear precise presentation of the data.
+
 
+
SIMIS 3G presents the recovered data in its original language (Unicode fully supported), in an easily browsable format, complete with comprehensive print facilities and selectable scan depth. SIMIS 3G allows the examiner to view recovered data (including phone book contacts and numbers, SMS text messages, deleted text messages, time and date information and more )
+
 
+
SIMIS3G provides access to all areas of the USIM, however SIMIS3G was designed to be intuitive and easy to use, requiring no detailed knowledge of the USIM operating system. SIMIS3G will generate human readable clear concise reports for each USIM interrogation, with optional additional user entered information such as, operator name, case ID, exhibit number, Handset type etc.
+
 
+
Recovered data is secured against tampering using both MD5 and SHA-1 hashing techniques. Recovered data, reports and hashing codes are stored locally in unique folders to ensure integrity of data and ease of access.
+
 
+
Dual SIMIS 2 and SIMIS3G licensing with Auto Detect of card format allows the user to harvest data in a clean simple environment with robust powerful tools, configured for everyday use.
+
 
+
SIMIS 3G has been evaluated tested and used by leading mobile intelligence examiners and forensic experts. Meeting or exceeding their every needs.
+
 
+
 
+
'''SIMIS 3G is comprised of:'''
+
* USB card readers (PCSC Industry standard)
+
* PC software on CDROM
+
* mini sim adapter and USIM storage card
+
* license
+
 
+
 
+
== SIMIS Mobile ==
+
The SIMIS Mobile reader allows SIM cards to be read whilst away from the SIMIS software installation. The SIMIS Mobile can read and store the essential contents of up to 8 SIM cards. The SIM card data can viewed via the large 128X64 graphicSIMIS mobile is a small handheld device display, then transferred to True GSM specification cards, creating a 'clone' of the original as a backup for reading in any SIM reading application at a later date. Transfer cards can be erased and re-used and additional transfer cards are available as required. The mobile unit is palm size, powered by 2 AAA cells, and supplied with 8 data transfer cards (data storage cards). The 64x128 pixel LCD displays an intuitive menu to guide the user through reading, browsing and saving recovered data. Work in the field or covert operation is aided by simple three button operation (excluding PIN entry and on/off). PIN and PUK entry are catered for.
+
 
+
'''The browser function allows viewing of:'''
+
* ICC and IMSI
+
* ADN
+
* FDN
+
* LDN
+
* SDN
+
* MSISDN
+
* SMS
+
* SMSP
+
 
+
 
+
'''The SIMIS Mobile package includes:'''
+
 
+
* Small hand-held card reader for use in the field
+
* 8 x Data Transfer cards (enabling SIM cloning)
+
* Batteries
+
 
+
 
+
== SIMIS Engine ==
+
 
+
The knowledge required to read and understand the data within a SIM or USIM takes time to accumulate and even more time to then understand and interpret the recovered data. Some end users and companies wishing to enter the market don't have the required knowledge or experience to accurately recover all the data from a SIM or USIM.
+
 
+
The SIMIS engine can be licensed to facilitate the development of independent SIM interrogation products. We impose no restrictions on the use of the engine or the sale of any product that may compete with our own. We make regular updates to our SIMIS engine and provide the licensee with updates as required.
+
 
+
 
+
== References ==
+
1. http://www.3gforensics.co.uk/simis.htm
+
 
+
 
+
 
+
 
+
Back to [[SIM Card Forensics]]
+

Revision as of 23:23, 17 August 2013

Definition

From Wikipedia (http://en.wikipedia.org/wiki/Joint_Test_Action_Group ):

Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.

Forensic Application

JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.

Tools and Equipment

Procedures