Difference between pages "SIM Card Forensics" and "Tools:Data Recovery"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Hardware)
 
m
 
Line 1: Line 1:
== Procedures ==
+
{{Wikify}}
  
Acquire [[SIM Card]] and analyze the following:
+
= Partition Recovery =
  
* ICCID - Integrated Circuit Card Identification
+
; [[Partition Table Doctor]]
* MSISDN - Subscriber phone number
+
: http://www.ptdd.com/index.htm
* IMSI - International Mobile Subscriber Identity
+
* LND - Last Dialed numbers
+
* [[LOCI]] - Location Information
+
* LAI - Location Area Identifier
+
* ADN - Abbreviated Dialing Numbers (Contacts)
+
* FDN - Fixed Dialing Numbers (Provider entered Numbers)
+
* SMS - (Short Messages)
+
* SMSP - Text Message parameters
+
* SMSS - Text message status
+
* Phase - Phase ID
+
* SST - SIM Service table
+
* LP - Preferred languages variable
+
* SPN - Service Provider name
+
* EXT1 - Dialing Extension
+
* EXT2 - Dialing Extension
+
* GID1 - Groups
+
* GID2 - Groups
+
* CBMI - Preferred network messages
+
* PUCT - Calls per unit
+
* ACM - Accumulated Call Meter
+
* ACMmax - Call Limit
+
* HPLMNSP - HPLMN search period
+
* PLMNsel - PLMN selector
+
* FPLMN - Forbidden PLMNs
+
* CCP - Capability configuration parameter
+
* ACC - Access control class
+
* BCCH - Broadcast control channels
+
* Kc - Ciphering Key
+
  
 +
; [[parted]]
 +
: The Linux partition management tool.
  
== Hardware ==
+
; [[Active Partition Recovery]]
 +
: ...
  
=== Serial ===
+
; [[gpart]]
 +
: http://www.stud.uni-hannover.de/user/76201/gpart/
  
* [[MicroDrive 120]] with SmartCard Adapter
+
; [[Testdisk]]
 +
: http://www.cgsecurity.org/wiki/TestDisk
  
=== USB ===
+
== See Also ==
  
* [[ACR 38T]]
+
* [http://support.microsoft.com/?kbid=166997 Using Norton Disk Edit to Backup Your Master Boot Record]
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr3311.html SCR3311]
+
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr335.html SCR335]
+
* [http://www.dekart.com/products/hardware/sim_card_reader/ Dekart SIM Card reader]
+
  
== Software ==
+
== Notes ==
  
Wiki Links
+
* "fdisk /mbr" restores the boot code in the [[MBR]], but not the partition itself.
* [[ForensicSIM]]
+
= Data Recovery =
* [[Paraben SIM Card Seizure]]
+
* [[SIMiFOR]]
+
* [[SIMIS]]
+
  
External Links
+
; [[BringBack]]
* [http://www.forensicts.co.uk SIMiFOR]
+
: http://www.toolsthatwork.com/
* [http://www.simcon.no/ SIMcon]
+
: BringBack offers easy to use, inexpensive, and highly successful data recovery for Windows and Linux (ext2) operating systems and digital images stored on memory cards, etc.
* [http://www.quantaq.com/usimdetective.htm USIM Detective]
+
* [http://www.dekart.com/products/card_management/sim_explorer/ SIM Explorer], [http://www.youtube.com/watch?v=P5dJS7g1o_c video demo of SIM Explorer]
+
* [http://www.data-recovery-mobile-phone.com/ Pro Data Doctor]
+
* [http://www.becker-partner.de/index.php?id=17 Forensic Card Reader (FCR) - German]
+
* [http://www.txsystems.com/sim-manager.html SIM Manager]
+
* [http://vidstrom.net/otools/simquery/ SIMQuery]
+
* [http://users.net.yu/~dejan/ SimScan]
+
* [http://www.nobbi.com/download.htm SIMSpy]
+
* [http://vidstrom.net/stools/undeletesms/ UnDeleteSMS]
+
* [http://www.bkforensics.com/FCR.html Forensic SIM Card Reader]
+
* [http://www.dekart.com/products/card_management/sim_manager/ Dekart SIM Manager], [http://www.youtube.com/watch?v=VaBaqZiNW4U video tutorial on how to recover a deleted SMS]
+
* [http://www.brickhousesecurity.com/cellphone-spy-simcardreader.html Cell Phone SIM Card Spy]
+
* [http://www.mobile-t-mobile.com/mobile-network/SIM-card-reader.html SIM Card Reader]
+
* [http://www.download3000.com/download_46892.html Sim Card Reader Software]
+
* [http://www.freedownloadscenter.com/Utilities/Backup_and_Copy_Utilities/Sim_Card_Recovery.html Sim Card Recovery]
+
* [http://www.spytechs.com/phone-recorders/sims-card-reader.htm Sim Recovery Pro]
+
  
== Recovering SIM Card Data ==
+
; [[ByteBack Data Recovery Investigative Suite v4.0]]
 +
: http://www.toolsthatwork.com
 +
: Now with UDMA, ATA & SATA support, memory management and greater ease and control of partition and MBR manipulations, ByteBack continues to uphold it's viability as the computer forensics and recovery application of professionals.
  
* [[Damaged SIM Card Data Recovery]]
+
; [[RAID Reconstructor]]
 +
: http://www.runtime.org/raid.htm
 +
: Runtime Software's RAID Reconstructor will reconstruct [[RAID Level 0]] (Striping) and [[RAID Level 5]] drives.
  
== Security ==
+
; [[Salvation Data]]
 +
: http://www.salvationdata.com
 +
: Claims to have a program that can read the "[[bad blocks]]" of [[Maxtor]] drives with proprietary commands.
  
SIM cards can have their data protected by a PIN, or Personal Identification Number.  If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered.  Some phones provide the option of using a second PIN, or PIN2, to further protect data.  If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key.  The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone.  Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered.  The PUK must be obtained from the SIM's network provider.  If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone.  In some cases the phone will request a PUK2 before it permanently locks the SIM card.
+
=Carving=
 
+
; [[DataLifter DataLifter® - File Extractor Pro]]
== See also ==
+
: http://www.datalifter.com/products.htm
 
+
* [[SIM Cards]]
+
 
+
== References ==
+
 
+
E-evidence Info - http://www.e-evidence.info/cellular.html
+
Purdue Phone Phorensics Knowledge Base - http://mobileforensicsworld.com/p3/
+

Revision as of 20:38, 17 December 2006

40px-Ambox warning pn.png

This article, and others, needs to be wikified.
Please remove this template after wikifying.

Partition Recovery

Partition Table Doctor
http://www.ptdd.com/index.htm
parted
The Linux partition management tool.
Active Partition Recovery
...
gpart
http://www.stud.uni-hannover.de/user/76201/gpart/
Testdisk
http://www.cgsecurity.org/wiki/TestDisk

See Also

Notes

  • "fdisk /mbr" restores the boot code in the MBR, but not the partition itself.

Data Recovery

BringBack
http://www.toolsthatwork.com/
BringBack offers easy to use, inexpensive, and highly successful data recovery for Windows and Linux (ext2) operating systems and digital images stored on memory cards, etc.
ByteBack Data Recovery Investigative Suite v4.0
http://www.toolsthatwork.com
Now with UDMA, ATA & SATA support, memory management and greater ease and control of partition and MBR manipulations, ByteBack continues to uphold it's viability as the computer forensics and recovery application of professionals.
RAID Reconstructor
http://www.runtime.org/raid.htm
Runtime Software's RAID Reconstructor will reconstruct RAID Level 0 (Striping) and RAID Level 5 drives.
Salvation Data
http://www.salvationdata.com
Claims to have a program that can read the "bad blocks" of Maxtor drives with proprietary commands.

Carving

DataLifter DataLifter® - File Extractor Pro
http://www.datalifter.com/products.htm