Difference between pages "SIM Card Forensics" and "Slack"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Software)
 
(New page: {{Expand}} == Definition == In Computer Forensics 'slack' refers to the bytes after the logical end of a file and the end of the cluster wherein the final byte of the valid file resides. ...)
 
Line 1: Line 1:
== Procedures ==
+
{{Expand}}
  
Acquire [[SIM Card]] and analyze the following:
+
== Definition ==
 +
In Computer Forensics 'slack' refers to the bytes after the logical end of a file and the end of the cluster wherein the final byte of the valid file resides.
  
* ICCID - Integrated Circuit Card Identification
+
== Slack Types ==
* MSISDN - Subscriber phone number
+
* IMSI - International Mobile Subscriber Identity
+
* LND - Last Dialed numbers
+
* [[LOCI]] - Location Information
+
* LAI - Location Area Identifier
+
* ADN - Abbreviated Dialing Numbers (Contacts)
+
* FDN - Fixed Dialing Numbers (Provider entered Numbers)
+
* SMS - (Short Messages)
+
* SMSP - Text Message parameters
+
* SMSS - Text message status
+
* Phase - Phase ID
+
* SST - SIM Service table
+
* LP - Preferred languages variable
+
* SPN - Service Provider name
+
* EXT1 - Dialing Extension
+
* EXT2 - Dialing Extension
+
* GID1 - Groups
+
* GID2 - Groups
+
* CBMI - Preferred network messages
+
* PUCT - Calls per unit
+
* ACM - Accumulated Call Meter
+
* ACMmax - Call Limit
+
* HPLMNSP - HPLMN search period
+
* PLMNsel - PLMN selector
+
* FPLMN - Forbidden PLMNs
+
* CCP - Capability configuration parameter
+
* ACC - Access control class
+
* BCCH - Broadcast control channels
+
* Kc - Ciphering Key
+
  
 +
=== Ram Slack ===
 +
=== File Slack ===
  
== Hardware ==
 
  
=== Serial ===
+
== External Links ==
 
+
* [[MicroDrive 120]] with SmartCard Adapter
+
 
+
=== USB ===
+
 
+
* [[ACR 38T]]
+
 
+
== Software ==
+
 
+
* [[ForensicSIM]]
+
* [http://www.quantaq.com/usimdetective.htm USIM Detective]
+
* [[Paraben SIM Card Seizure]]
+
* [[SIMIS]]
+
* [http://www.simcon.no/ SIMcon]
+
 
+
== Recovering SIM Card Data ==
+
 
+
* [[Damaged SIM Card Data Recovery]]
+
 
+
== Security ==
+
 
+
SIM cards can have their data protected by a PIN, or Personal Identification Number.  If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered.  Some phones provide the option of using a second PIN, or PIN2, to further protect data.  If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key.  The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone.  Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered.  The PUK must be obtained from the SIM's network provider.  If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone.  In some cases the phone will request a PUK2 before it permanently locks the SIM card.
+

Revision as of 11:05, 15 May 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Definition

In Computer Forensics 'slack' refers to the bytes after the logical end of a file and the end of the cluster wherein the final byte of the valid file resides.

Slack Types

Ram Slack

File Slack

External Links