|
|
| Line 1: |
Line 1: |
| − | == Procedures == | + | {{Infobox_Software | |
| | + | name = CarvFs | |
| | + | maintainer = [[KLPD]] | |
| | + | os = [[Linux]] | |
| | + | genre = {{Analysis}} | |
| | + | license = {{GPL}}, {{LGPL}} | |
| | + | website = [https://sourceforge.net/projects/carvpath/ sourceforge.net/projects/carvpath/] | |
| | + | }} |
| | | | |
| − | Acquire [[SIM Card]] and analyze the following:
| + | CarvFs is a modular [[Fuse]] based user space file system on top of [[LibCarvPath]]. |
| | + | CarvFS makes CarvPath style annotations as used by LibCarvPath available as files. |
| | + | Using CarvFs makes it possible to process carved entities as files without the need for copy-out. |
| | | | |
| − | * ICCID - Integrated Circuit Card Identification
| + | CarvFs is modular with respect to access to image files. |
| − | * MSISDN - Subscriber phone number
| + | The CarvFs distribution comes with a default module for access to [[Raw Image Format|(split) raw files]]. |
| − | * IMSI - International Mobile Subscriber Identity
| + | |
| − | * LND - Last Dialed numbers
| + | |
| − | * [[LOCI]] - Location Information
| + | |
| − | * LAI - Location Area Identifier
| + | |
| − | * ADN - Abbreviated Dialing Numbers (Contacts)
| + | |
| − | * FDN - Fixed Dialing Numbers (Provider entered Numbers)
| + | |
| − | * SMS - (Short Messages)
| + | |
| − | * SMSP - Text Message parameters
| + | |
| − | * SMSS - Text message status
| + | |
| − | * Phase - Phase ID
| + | |
| − | * SST - SIM Service table
| + | |
| − | * LP - Preferred languages variable
| + | |
| − | * SPN - Service Provider name
| + | |
| − | * EXT1 - Dialing Extension
| + | |
| − | * EXT2 - Dialing Extension
| + | |
| − | * GID1 - Groups
| + | |
| − | * GID2 - Groups
| + | |
| − | * CBMI - Preferred network messages
| + | |
| − | * PUCT - Calls per unit
| + | |
| − | * ACM - Accumulated Call Meter
| + | |
| − | * ACMmax - Call Limit
| + | |
| − | * HPLMNSP - HPLMN search period
| + | |
| − | * PLMNsel - PLMN selector
| + | |
| − | * FPLMN - Forbidden PLMNs
| + | |
| − | * CCP - Capability configuration parameter
| + | |
| − | * ACC - Access control class
| + | |
| − | * BCCH - Broadcast control channels
| + | |
| − | * Kc - Ciphering Key
| + | |
| | | | |
| | + | A separate [[Libewf]] module is available for access to [[Encase image file format|EWF images]]. |
| | | | |
| − | == Hardware == | + | == External Links == |
| − | | + | * [http://sourceforge.net/apps/mediawiki/carvpath/ CarvPath wiki] |
| − | === Serial ===
| + | |
| − | | + | |
| − | * [[MicroDrive 120]] with SmartCard Adapter
| + | |
| − | | + | |
| − | === USB ===
| + | |
| − | | + | |
| − | * [[ACR 38T]]
| + | |
| − | | + | |
| − | == Software ==
| + | |
| − | | + | |
| − | Wiki Links
| + | |
| − | * [[ForensicSIM]]
| + | |
| − | * [[Paraben SIM Card Seizure]]
| + | |
| − | * [[SIMIS]]
| + | |
| − | | + | |
| − | External Links | + | |
| − | * [http://www.simcon.no/ SIMcon]
| + | |
| − | * [http://www.quantaq.com/usimdetective.htm USIM Detective]
| + | |
| − | * [http://www.data-recovery-mobile-phone.com/ Pro Data Doctor]
| + | |
| − | * [http://www.becker-partner.de/index.php?id=17 Forensic Card Reader (FCR) - German]
| + | |
| − | * [http://www.txsystems.com/sim-manager.html SIM Manager] | + | |
| − | * [http://vidstrom.net/otools/simquery/ SIMQuery]
| + | |
| − | * [http://users.net.yu/~dejan/ SimScan]
| + | |
| − | * [http://www.nobbi.com/download.htm SIMSpy]
| + | |
| − | * [http://vidstrom.net/stools/undeletesms/ UnDeleteSMS]
| + | |
| − | * [http://www.bkforensics.com/FCR.html Forensic SIM Card Reader]
| + | |
| − | * [http://www.brickhousesecurity.com/cellphone-spy-simcardreader.html Cell Phone SIM Card Spy]
| + | |
| − | * [http://www.mobile-t-mobile.com/mobile-network/SIM-card-reader.html SIM Card Reader]
| + | |
| − | * [http://www.download3000.com/download_46892.html Sim Card Reader Software]
| + | |
| − | * [http://www.freedownloadscenter.com/Utilities/Backup_and_Copy_Utilities/Sim_Card_Recovery.html Sim Card Recovery]
| + | |
| − | * [http://www.spytechs.com/phone-recorders/sims-card-reader.htm Sim Recovery Pro]
| + | |
| − | | + | |
| − | == Recovering SIM Card Data ==
| + | |
| − | | + | |
| − | * [[Damaged SIM Card Data Recovery]]
| + | |
| − | | + | |
| − | == Security ==
| + | |
| − | | + | |
| − | SIM cards can have their data protected by a PIN, or Personal Identification Number. If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered. Some phones provide the option of using a second PIN, or PIN2, to further protect data. If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key. The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone. Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered. The PUK must be obtained from the SIM's network provider. If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone. In some cases the phone will request a PUK2 before it permanently locks the SIM card.
| + | |
| − | | + | |
| − | | + | |
| − | == References ==
| + | |
| − | | + | |
| − | E-evidence Info - http://www.e-evidence.info/cellular.html
| + | |
| − | Purdue Phone Phorensics Knowledge Base - http://mobileforensicsworld.com/p3/
| + | |
CarvFs is modular with respect to access to image files.
The CarvFs distribution comes with a default module for access to (split) raw files.
