Difference between pages "License transition status" and "Sim Filesystem"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Updated PDA page; I removed infringing material)
 
(Getting Started)
 
Line 1: Line 1:
This page keeps track of the '''license status''' of the wiki.
+
''Under Construction''
  
All contributions after '''March 19th, 2006''' are under the [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons Attribution-ShareAlike 2.5] license. Contributions prior to that date have an unclear license. We are currently contacting the authors of the respective content, asking them whether they agree to license their contributions under the [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons Attribution-ShareAlike 2.5] license...
+
The [[SIM Card]] is the basic memory device inside of many mobile phones in use today. This small piece of hardware has been key to solving many cases in the world of [[SIM Card Forensics]]. However, without the proper knowledge of the SIM card's filesystem, the user will be missing out on all the valuable information the [[SIM Card]] holds.
  
__TOC__
 
  
== HOWTO ==
+
== Getting Started ==
  
If you have contributed to this wiki '''before March 19th, 2006''', please consider (re-)licensing your contributions under this license. You can do that by adding this small paragraph to your user page:
+
[[File:What_you_need.jpg|250px|thumb|Items you'll need]]
  
'''I hereby license all my contributions to this wiki (before and after March 19th, 2006) under the [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons Attribution-ShareAlike 2.5] license.'''
+
This is a list of items to get you started on reading SIM Cards and their information:
  
Thanks in advance.
+
# [[Windows]] operating system
 +
# [[SIMCon]][http://www.simcon.no/]
 +
#* Program used to read SIM Cards
 +
# [[SIM Cards]]
 +
# SIM Card Reader
  
== Current License Status ==
+
== Quick Guide for SIMCon ==
  
=== Pages ===
+
# Make sure the SIM Card Reader with SIM Card is connected
 +
# Open [[SIMCon]]
 +
# Click File > Read SIM or Click [[File:Simcon.png]] in the upper left corner of [[SIMCon]]
 +
# Click OK when the next dialog box pops up
 +
#* '''Note''', some SIM cards are locked. This is where the PIN needs to be entered if known.
 +
#* If the PIN is unknown, the SIM cannot be read.
 +
# Click OK again when the next dialog box pops up
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
== Definitions ==
|- style="background:#bfbfbf; font-weight: bold"
+
! Page
+
! License Status
+
! Checked for copyright infringement
+
|-
+
| [[AFF]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[AFIS]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[AFOSI]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ASR]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ASR Data]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[AccessData]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Adobe PDF Format]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Afflib]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Anti-forensic techniques]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Applied Cellphone Forensics]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Audio Devices]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[BMP]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Bad blocks]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Bibliography]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Blackbag]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Blackberry Forensics]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Books]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Cellphones]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Conferences]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[DCFL]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[DIBS]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Data Reduction]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Dcfldd]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Dd]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Digital Evidence Bags]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[EVT]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[EXIF]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Email Headers]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[EnCase]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Epilogue to Gutmann's 1996 paper]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Exif]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[FAT]]
+
| ?
+
| style="background:lime" | OK
+
|-
+
| [[FCCU Gnu/Linux Boot CD]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[File Formats]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[File Systems]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Flash IDE Adapters]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Foremost]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Forensic Toolkit]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Forensic file formats]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Full Disk Encryption]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Gfzip]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Harvard Forensics Project]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Helix]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ILook]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ILook External Imager]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ILook Imager]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ILook Investigator]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ILook file format]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[IXimager]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[JPEG]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Jesse Kornblum]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Journals]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[LNK]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[License transition status]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Linux]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Mailing lists]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Main Page]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Md5deep]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Metadata]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Microsoft PocketPC]]
+
| ?
+
| ?
+
|-
+
| [[Microsoft Windows]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Microsoft Windows Mobile]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[National Software Reference Library]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Ontrack Data Eraser]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Organizations]]
+
| style="background:lime" | OK (Not copyrightable)
+
| style="background:lime" | OK
+
|-
+
| [[Other Websites]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[PDAs]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Palm]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Papers]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Paraben]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[People]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Personal Digital Devices]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ProDiscover]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ProDiscovery]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[PyFlag]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Pyflag]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[RIM Blackberry]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Raw image file]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Raw image files]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Recovering Overwritten Data]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Recovering bad data]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Recovering deleted data]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Reports]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[SIM Cards]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[SMART]]
+
| style="background:lime" | OK (Original unlicensed, copyright-infringing content was removed)
+
| style="background:lime" | OK
+
|-
+
| [[Safeback]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Sanitization Standards]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Scalpel]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Simson Garfinkel]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Sleuthkit]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[SmartPhones]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[SpinRite]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Symbian]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Techniques]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Tools]]
+
| style="background:lime" | OK (All content created after March 19)
+
| style="background:lime" | OK
+
|-
+
| [[UNIX]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[VMware]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Vendors]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Websites]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Wetstone]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Write Blockers]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
|}
+
  
=== Files/Images ===
+
=== MF ===
 +
* Only '''one''' MF
 +
* The Master File (MF)
 +
* Root of the SIM Card file system
 +
* Equivalent to the root directory or "/" in the Linux filesystem
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
=== DF ===
|- style="background:#bfbfbf; font-weight: bold"
+
* Dedicated Files (DF)
! File
+
* Equivalent to a folder in a Windows/Linux filesystem
! License Status
+
* Usually three DF's
! Comments
+
** DF_GSM / DF_DCS1800 / DF_TELECOM
|-
+
| [[:Image:Simpic.jpg]]
+
| style="background:lime" | OK
+
| Replaced with free version.
+
|-
+
| [[:Image:Treo.jpg]]
+
| style="background:lime" | OK
+
| Deleted.
+
|-
+
| [[:Image:Pocketpc.jpg]]
+
| style="background:lime" | OK
+
| Replaced with free version.
+
|-
+
| [[:Image:Newton.jpg]]
+
| style="background:lime" | OK
+
| Deleted.
+
|-
+
| [[:Image:Zaurus-front.jpg]]
+
| style="background:lime" | OK
+
| Replaced with free version.
+
|-
+
| [[:Image:Sharp sl-c3100-thm.jpg]]
+
| style="background:lime" | OK
+
| Deleted.
+
|-
+
| [[:Image:Yale fat16 diagram.jpg]]
+
| style="background:lime" | OK
+
| Deleted.
+
|-
+
| [[:Image:Recover-FAT-volume-structur.jpg]]
+
| style="background:lime" | OK
+
| Deleted.
+
|-
+
| [[:Image:HelixGroupPaper.pdf]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Network Appliance DataFort.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Draft Paper.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Survey3.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Survey.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Biblio.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:HelixCFS.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Init2.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Init.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Securing Storage White Paper.pdf]]
+
| style="background:lime" | OK
+
| Decru white paper. Not Creative Commons licensed, but we'll keep it here, as it might disappear from the net.
+
|-
+
  
|}
+
==== DF_DCS1800 / DF_GSM ====
 +
* Contains network related information
 +
* Specifying data in DF_GSM writes only to DF_GSM on the SIM
 +
* The SIM is expected to mirror GSM and DCS1800
 +
 
 +
==== DF_TELECOM ====
 +
* Contains the service related information
 +
 
 +
=== EF ===
 +
* Elementary Files (EF)
 +
* Holds one to many records
 +
* Represent the leaf node of the filesystem
 +
* EF's sit below the DF's in the filesystem hierarchy
 +
 
 +
=== PLMN ===
 +
* Public Land Mobile Network
 +
** A PLMN is a network that is established and operated by an administration or by a recognized operating agency (ROA) for the specific purpose of providing land mobile telecommunications services to the public. [http://en.wikipedia.org/wiki/Public_land_mobile_network]
 +
 
 +
=== LAI ===
 +
* Location Area Identity
 +
** Each location area of a public land mobile network (PLMN) has its own unique identifier which is known as Location Area Identity (LAI). [http://en.wikipedia.org/wiki/Location_Area_Identity]
 +
 
 +
== Filesystem ==
 +
 
 +
=== EF_ICCID ===
 +
 
 +
This displays the ID or Card Identity of the SIM Card, this can also be found on the SIM card itself.
 +
 
 +
[[File:Ef_iccid.png|350px|thumb|left|EF_ICCID]]
 +
 
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
----
 +
 
 +
=== DF_GSM ===
 +
 
 +
==== EF_IMSI ====
 +
 
 +
* International Mobile Subscriber Identity (IMSI)[http://en.wikipedia.org/wiki/IMSI]
 +
* 310  -  260  -  653235860
 +
* MCC  -  MNC  -  MSIN
 +
** MCC[http://en.wikipedia.org/wiki/List_of_mobile_country_codes] (3 Digits)
 +
*** Mobile Country Code
 +
** MNC[http://en.wikipedia.org/wiki/Mobile_Network_Code] (2 Digits EU / 3 Digits NA)
 +
*** Mobile Network Code
 +
** MSIN[http://en.wikipedia.org/wiki/MSIN] (Remaining Digits)
 +
*** Mobile Subscription Identification Number
 +
*** Within the network's customer base
 +
 
 +
[[File:Ef_imsi.png|350px|thumb|left|EF_IMSI]]
 +
 
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
----
 +
 
 +
==== EF_PLMNSEL ====
 +
 
 +
* List of all PLMN's (see [[Sim_Filesystem#PLMN]])
 +
 
 +
[[File:Plmnsel.png|350px|thumb|left|EF_PLMNSEL]]
 +
 
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
----
 +
 
 +
==== EF_LOCI ====
 +
* Location Information
 +
** Contains Location Area Identity (see [[Sim_Filesystem#LAI]])
 +
*** LAI Network Code (see [[Sim_Filesystem#PLMN]] / [[Sim_Filesystem#LAI]])
 +
 
 +
[[File:Ef_loci.png|350px|thumb|left|EF_LOCI]]
 +
 
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
----
 +
 
 +
=== DF_TELECOM ===
 +
 
 +
==== EF_ADN ====
 +
 
 +
 
 +
[[File:EF_adn.png|350px|thumb|left|EF_ADN]]
 +
 
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
<br />
 +
----

Revision as of 12:13, 12 April 2011

Under Construction

The SIM Card is the basic memory device inside of many mobile phones in use today. This small piece of hardware has been key to solving many cases in the world of SIM Card Forensics. However, without the proper knowledge of the SIM card's filesystem, the user will be missing out on all the valuable information the SIM Card holds.


Getting Started

Items you'll need

This is a list of items to get you started on reading SIM Cards and their information:

  1. Windows operating system
  2. SIMCon[1]
    • Program used to read SIM Cards
  3. SIM Cards
  4. SIM Card Reader

Quick Guide for SIMCon

  1. Make sure the SIM Card Reader with SIM Card is connected
  2. Open SIMCon
  3. Click File > Read SIM or Click Simcon.png in the upper left corner of SIMCon
  4. Click OK when the next dialog box pops up
    • Note, some SIM cards are locked. This is where the PIN needs to be entered if known.
    • If the PIN is unknown, the SIM cannot be read.
  5. Click OK again when the next dialog box pops up

Definitions

MF

  • Only one MF
  • The Master File (MF)
  • Root of the SIM Card file system
  • Equivalent to the root directory or "/" in the Linux filesystem

DF

  • Dedicated Files (DF)
  • Equivalent to a folder in a Windows/Linux filesystem
  • Usually three DF's
    • DF_GSM / DF_DCS1800 / DF_TELECOM

DF_DCS1800 / DF_GSM

  • Contains network related information
  • Specifying data in DF_GSM writes only to DF_GSM on the SIM
  • The SIM is expected to mirror GSM and DCS1800

DF_TELECOM

  • Contains the service related information

EF

  • Elementary Files (EF)
  • Holds one to many records
  • Represent the leaf node of the filesystem
  • EF's sit below the DF's in the filesystem hierarchy

PLMN

  • Public Land Mobile Network
    • A PLMN is a network that is established and operated by an administration or by a recognized operating agency (ROA) for the specific purpose of providing land mobile telecommunications services to the public. [2]

LAI

  • Location Area Identity
    • Each location area of a public land mobile network (PLMN) has its own unique identifier which is known as Location Area Identity (LAI). [3]

Filesystem

EF_ICCID

This displays the ID or Card Identity of the SIM Card, this can also be found on the SIM card itself.

EF_ICCID











DF_GSM

EF_IMSI

  • International Mobile Subscriber Identity (IMSI)[4]
  • 310 - 260 - 653235860
  • MCC - MNC - MSIN
    • MCC[5] (3 Digits)
      • Mobile Country Code
    • MNC[6] (2 Digits EU / 3 Digits NA)
      • Mobile Network Code
    • MSIN[7] (Remaining Digits)
      • Mobile Subscription Identification Number
      • Within the network's customer base
EF_IMSI











EF_PLMNSEL

EF_PLMNSEL











EF_LOCI

EF_LOCI











DF_TELECOM

EF_ADN

EF_ADN