Difference between pages "Tools:Visualization" and "SIM Card Forensics"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m (Graph Drawing Applications)
 
(Software)
 
Line 1: Line 1:
Although not strictly for forensic purposes, '''visualization tools''' such as the ones discussed here can be very useful for visualizing large data sets. As forensic practitioners need to process more and more data, it is likely that some of the techniques implemented by these tools will need to be adopted.
+
== Procedures ==
  
= Open Source=
+
Acquire [[SIM Card]] and analyze the following:
  
==Visualization Toolkits and Libraries ==
+
* ICCID - Integrated Circuit Card Identification
 +
* MSISDN - Subscriber phone number
 +
* IMSI - International Mobile Subscriber Identity
 +
* LND - Last Dialed numbers
 +
* [[LOCI]] - Location Information
 +
* LAI - Location Area Identifier
 +
* ADN - Abbreviated Dialing Numbers (Contacts)
 +
* FDN - Fixed Dialing Numbers (Provider entered Numbers)
 +
* SMS - (Short Messages)
 +
* SMSP - Text Message parameters
 +
* SMSS - Text message status
 +
* Phase - Phase ID
 +
* SST - SIM Service table
 +
* LP - Preferred languages variable
 +
* SPN - Service Provider name
 +
* EXT1 - Dialing Extension
 +
* EXT2 - Dialing Extension
 +
* GID1 - Groups
 +
* GID2 - Groups
 +
* CBMI - Preferred network messages
 +
* PUCT - Calls per unit
 +
* ACM - Accumulated Call Meter
 +
* ACMmax - Call Limit
 +
* HPLMNSP - HPLMN search period
 +
* PLMNsel - PLMN selector
 +
* FPLMN - Forbidden PLMNs
 +
* CCP - Capability configuration parameter
 +
* ACC - Access control class
 +
* BCCH - Broadcast control channels
 +
* Kc - Ciphering Key
  
  
; [http://csbi.sourceforge.net/index.html Graph Interface Library (GINY)]
+
== Hardware ==
: In Java. Stunning graphics with some layout smarts.
+
  
; [http://ivtk.sourceforge.net/ InfoViz Toolkit]
+
=== Serial ===
: Java, originally developed at [[INRA]].
+
  
; [http://jgrapht.sourceforge.net/ JGraphT]
+
* [[MicroDrive 120]] with SmartCard Adapter
: A Java visualization kit designed to be simple and extensible.
+
  
; [http://prefuse.sourceforge.net/ Perfuse]
+
=== USB ===
: "A Java-based toolkit for building interactive information visualization applications."
+
  
; [http://touchgraph.sourceforge.net/ TouchGraph]
+
* [[ACR 38T]]
: A library for building graph-based interfaces. Some systems that have been built with it include [http://kaon.semanticweb.org/Members/motik/oimodeller KAon AI Modeler], GraphLayout, WikiBrowser, and LinkBrowser
+
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr3311.html SCR3311]
 +
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr335.html SCR335]
  
; [http://www.ssec.wisc.edu/~billh/visad.html#intro VisAD]
+
== Software ==
: A Java component library for interactive and collaborative visualization.
+
  
; [http://public.kitware.com/VTK/ The Visualization Toolkit]
+
Wiki Links
: C++ multi-platform with interfaces available for Tcl/Tk, Java and Python. Professional support provided by [http://www.kitware.com/ Kitware].
+
* [[ForensicSIM]]
 +
* [[Paraben SIM Card Seizure]]
 +
* [[SIMiFOR]]
 +
* [[SIMIS]]
  
; [http://zvtm.sourceforge.net/index.html ZVTM - Zoomable Visual Transformation Machine]
+
External Links
: Originally started at Xerox Research Europe, written in Java 2D.
+
* [http://www.forensicts.co.uk SIMiFOR]
 +
* [http://www.simcon.no/ SIMcon]
 +
* [http://www.quantaq.com/usimdetective.htm USIM Detective]
 +
* [http://www.dekart.com/products/card_management/sim_explorer/ SIM Explorer], [http://www.youtube.com/watch?v=P5dJS7g1o_c video demo of SIM Explorer]
 +
* [http://www.data-recovery-mobile-phone.com/ Pro Data Doctor]
 +
* [http://www.becker-partner.de/index.php?id=17 Forensic Card Reader (FCR) - German]
 +
* [http://www.txsystems.com/sim-manager.html SIM Manager]
 +
* [http://vidstrom.net/otools/simquery/ SIMQuery]
 +
* [http://users.net.yu/~dejan/ SimScan]
 +
* [http://www.nobbi.com/download.htm SIMSpy]
 +
* [http://vidstrom.net/stools/undeletesms/ UnDeleteSMS]
 +
* [http://www.bkforensics.com/FCR.html Forensic SIM Card Reader]
 +
* [http://www.dekart.com/products/card_management/sim_manager/ Dekart SIM Manager], [http://www.youtube.com/watch?v=VaBaqZiNW4U video tutorial on how to recover a deleted SMS]
 +
* [http://www.brickhousesecurity.com/cellphone-spy-simcardreader.html Cell Phone SIM Card Spy]
 +
* [http://www.mobile-t-mobile.com/mobile-network/SIM-card-reader.html SIM Card Reader]
 +
* [http://www.download3000.com/download_46892.html Sim Card Reader Software]
 +
* [http://www.freedownloadscenter.com/Utilities/Backup_and_Copy_Utilities/Sim_Card_Recovery.html Sim Card Recovery]
 +
* [http://www.spytechs.com/phone-recorders/sims-card-reader.htm Sim Recovery Pro]
  
==Graph Drawing Applications==
+
== Recovering SIM Card Data ==
  
; [http://www.graphviz.org/ Graphviz]
+
* [[Damaged SIM Card Data Recovery]]
: Originally developed by the [http://public.research.att.com/areas/visualization/ AT&T Information Visualization Gorup], designed for drawing connected graphs of nodes and edges. Neato is a similar system but does layout based on a spring model. Can produce output as [[PostScript]], [[PNG]], [[GIF]], or as an annotated graph file with the locations of all of the objects — ideal for drawing in a GUI. Runs from the command line on [[Unix]], [[Windows]] and [[Mac]], although there is also a [http://www.pixelglow.com/graphviz/ MacOS GUI version].
+
  
; [http://graphexploration.cond.org/ Guess: The Graph Exploration System]
+
== Security ==
: Originally developed at HP, this is a large Jython/Java-based system that you can use for building your own applications. Distributed under GPL.
+
  
; [http://hypergraph.sourceforge.net/ HyperGraph]
+
SIM cards can have their data protected by a PIN, or Personal Identification Number. If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered. Some phones provide the option of using a second PIN, or PIN2, to further protect data. If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key. The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone. Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered. The PUK must be obtained from the SIM's network provider.  If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone.  In some cases the phone will request a PUK2 before it permanently locks the SIM card.
: Hyperbolic trees, in Java. Check out the home page. Try clicking on the logo...
+
  
; [http://sourceforge.net/projects/ivc/ InfoVis Cyberinfrastructure]
+
== See also ==
: Another graph drawing system written in Java.
+
  
; [https://jdigraph.dev.java.net/ Jdigrah]
+
* [[SIM Cards]]
: Java Directed Graphs.
+
  
; [http://bioinformatics.icmb.utexas.edu/lgl/ Large Graph Layout (LGL)]
+
== References ==
: A bioinformatics system from University of Texas. They really mean Large.
+
  
; [http://www.opendx.org/ OpenDX]
+
E-evidence Info - http://www.e-evidence.info/cellular.html
: Based on [[IBM]]'s Visualization Data Explorer, runs on [[Unix]]/X11/Motif.
+
Purdue Phone Phorensics Knowledge Base - http://mobileforensicsworld.com/p3/
 
+
; [http://jung.sourceforge.net/ Java Universal Network/Graph Framework (JUNG)]
+
: Graphing, [[data mining]], [[social network]] analysis, and other stuff.
+
 
+
; [http://web.mit.edu/bshi/Public/nv2d/ NetVis 2D]
+
: Another graph visualization and layout tool written in Java.
+
 
+
; [http://sourceforge.net/projects/sonia/ Social Network Image Automater (SoNIA)]
+
: Originally developed at Stanford. Written in Java.
+
 
+
; [http://www.informatik.uni-bremen.de/uDrawGraph/en/uDrawGraph/uDrawGraph.html uDrawGraph]
+
 
+
; [http://www.wilmascope.org/ WilmaScope]
+
: Real-time animations of dynamic graph structures. Written in Java. Sophisticated force model with strings and attraction.
+
 
+
; [http://www.caida.org/tools/visualization/walrus/ Walrus]
+
: A 3-d graph network exploration tool. Employs 3D hyperbolic displays and layout based on a user-supplied spanning tree.
+
 
+
== Geographical Drawing Programs ==
+
 
+
; [http://openmap.bbn.com/ OpenMap]
+
: From [[BBN]].
+
 
+
= Commercial Tools =
+
 
+
; [http://www.aisee.com/ aiSee Graph Layout Software]
+
: Supports 15 layout algorithms, recursive graph nesting, and easy printing. Runs on [[Windows]], [[Linux]], [[Solaris]], [[NetBSD]], and [[MacOS]]. 30-day trial and free registered versions available. Academic pricing available.
+
 
+
; [http://www.geomantics.com/ Geomantics]
+
: Geographical, Visualization and Graphics software. Runs on [[Windows]].
+
 
+
; [http://www.kylebank.com/ Graphis 2D and 3D graphing software]
+
: Runs on [[Windows]]. Free 30-day evaluation copy available.
+
 
+
; [http://www.openviz.com/ OpenViz] and  [http://www.powerviz.com/ PowerViz]
+
: Both from Advanced Visual Systems, super high-end visualization toolkits. $$$$
+
 
+
; [http://www.tomsawyer.com/ Tom Sawyer Software] Analysis, Visualizaiton, and Layout programs.
+
: Heavy support for drawing graphs. Beautiful gallery. ActiveX, Java, C++ and .NET editions.
+
 
+
= Other Resources =
+
 
+
; [http://www.palgrave-journals.com/ivs/index.html Information Visualization Journal]
+
 
+
; [http://www-static.cc.gatech.edu/gvu/ii/resources/infovis.html GVU's Information Visualization Resources link farm]
+
 
+
; [http://www.msi.umn.edu/user_support/scivis/scivis-list.html Scientific Visualization at the Supercomputing Institute]
+
 
+
; [http://directory.google.com/Top/Science/Math/Combinatorics/Software/Graph_Drawing/ Google Directory of Graph Drawing Software]
+
 
+
; [http://rw4.cs.uni-sb.de/~diehl/softvis/seminar/index.php?goto=seminar ACM Symposium on Software Visualization]
+
: May give you some ideas.
+
 
+
; [http://directory.fsf.org/science/visual/ GNU Free Software directory of scientific visualization software]
+
 
+
; [http://www.cs.brown.edu/people/rt/gd.html Roberto Tamassia's resources on Graph Drawing]
+
 
+
; [http://www.manageability.org/blog/stuff/open-source-graph-network-visualization-in-java/view Open Source Graph Network Visualization in Java]
+

Revision as of 11:33, 21 April 2009

Contents

Procedures

Acquire SIM Card and analyze the following:

  • ICCID - Integrated Circuit Card Identification
  • MSISDN - Subscriber phone number
  • IMSI - International Mobile Subscriber Identity
  • LND - Last Dialed numbers
  • LOCI - Location Information
  • LAI - Location Area Identifier
  • ADN - Abbreviated Dialing Numbers (Contacts)
  • FDN - Fixed Dialing Numbers (Provider entered Numbers)
  • SMS - (Short Messages)
  • SMSP - Text Message parameters
  • SMSS - Text message status
  • Phase - Phase ID
  • SST - SIM Service table
  • LP - Preferred languages variable
  • SPN - Service Provider name
  • EXT1 - Dialing Extension
  • EXT2 - Dialing Extension
  • GID1 - Groups
  • GID2 - Groups
  • CBMI - Preferred network messages
  • PUCT - Calls per unit
  • ACM - Accumulated Call Meter
  • ACMmax - Call Limit
  • HPLMNSP - HPLMN search period
  • PLMNsel - PLMN selector
  • FPLMN - Forbidden PLMNs
  • CCP - Capability configuration parameter
  • ACC - Access control class
  • BCCH - Broadcast control channels
  • Kc - Ciphering Key


Hardware

Serial

USB

Software

Wiki Links

External Links

Recovering SIM Card Data

Security

SIM cards can have their data protected by a PIN, or Personal Identification Number. If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered. Some phones provide the option of using a second PIN, or PIN2, to further protect data. If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key. The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone. Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered. The PUK must be obtained from the SIM's network provider. If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone. In some cases the phone will request a PUK2 before it permanently locks the SIM card.

See also

References

E-evidence Info - http://www.e-evidence.info/cellular.html Purdue Phone Phorensics Knowledge Base - http://mobileforensicsworld.com/p3/