|
|
| Line 1: |
Line 1: |
| − | == Procedures ==
| + | {{Expand}} |
| | | | |
| − | Acquire [[SIM Card]] and analyze the following:
| + | == Definition == |
| | + | In Computer Forensics 'slack' refers to the bytes after the logical end of a file and the end of the cluster wherein the final byte of the valid file resides. |
| | | | |
| − | * ICCID - Integrated Circuit Card Identification
| + | == Slack Types == |
| − | * MSISDN - Subscriber phone number
| + | |
| − | * IMSI - International Mobile Subscriber Identity
| + | |
| − | * LND - Last Dialed numbers
| + | |
| − | * [[LOCI]] - Location Information
| + | |
| − | * LAI - Location Area Identifier
| + | |
| − | * ADN - Abbreviated Dialing Numbers (Contacts)
| + | |
| − | * FDN - Fixed Dialing Numbers (Provider entered Numbers)
| + | |
| − | * SMS - (Short Messages)
| + | |
| − | * SMSP - Text Message parameters
| + | |
| − | * SMSS - Text message status
| + | |
| − | * Phase - Phase ID
| + | |
| − | * SST - SIM Service table
| + | |
| − | * LP - Preferred languages variable
| + | |
| − | * SPN - Service Provider name
| + | |
| − | * EXT1 - Dialing Extension
| + | |
| − | * EXT2 - Dialing Extension
| + | |
| − | * GID1 - Groups
| + | |
| − | * GID2 - Groups
| + | |
| − | * CBMI - Preferred network messages
| + | |
| − | * PUCT - Calls per unit
| + | |
| − | * ACM - Accumulated Call Meter
| + | |
| − | * ACMmax - Call Limit
| + | |
| − | * HPLMNSP - HPLMN search period
| + | |
| − | * PLMNsel - PLMN selector
| + | |
| − | * FPLMN - Forbidden PLMNs
| + | |
| − | * CCP - Capability configuration parameter
| + | |
| − | * ACC - Access control class
| + | |
| − | * BCCH - Broadcast control channels
| + | |
| − | * Kc - Ciphering Key
| + | |
| | | | |
| | + | === Ram Slack === |
| | + | === File Slack === |
| | | | |
| − | == Hardware ==
| |
| | | | |
| − | === Serial === | + | == External Links == |
| − | | + | |
| − | * [[MicroDrive 120]] with SmartCard Adapter
| + | |
| − | | + | |
| − | === USB ===
| + | |
| − | | + | |
| − | * [[ACR 38T]]
| + | |
| − | | + | |
| − | == Software ==
| + | |
| − | | + | |
| − | * [[ForensicSIM]]
| + | |
| − | * [http://www.quantaq.com/usimdetective.htm USIM Detective]
| + | |
| − | * [[Paraben SIM Card Seizure]]
| + | |
| − | * [[SIMIS]]
| + | |
| − | * [http://www.simcon.no/ SIMcon]
| + | |
| − | | + | |
| − | == Recovering SIM Card Data ==
| + | |
| − | | + | |
| − | * [[Damaged SIM Card Data Recovery]]
| + | |
| − | | + | |
| − | == Security ==
| + | |
| − | | + | |
| − | SIM cards can have their data protected by a PIN, or Personal Identification Number. If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered. Some phones provide the option of using a second PIN, or PIN2, to further protect data. If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key. The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone. Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered. The PUK must be obtained from the SIM's network provider. If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone. In some cases the phone will request a PUK2 before it permanently locks the SIM card.
| + | |
In Computer Forensics 'slack' refers to the bytes after the logical end of a file and the end of the cluster wherein the final byte of the valid file resides.
