Difference between pages "SMS" and "1-Page Report"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Created page with "The idea of a 1-Page Forensics Report is to have a single page that conveys information about a piece of media, a network capture, or a file. ==Disk Forensics 1-Page Report==...")
 
Line 1: Line 1:
'''Short Message Service''' ('''SMS''') is a service that [[cell phones|digital phones]] can use to send short messages between phones. SMS messages are more commonly called text messages, and very popular among today's youth.
+
The idea of a 1-Page Forensics Report is to have a single page that conveys information about a piece of media, a network capture, or a file.
  
== History ==
+
==Disk Forensics 1-Page Report==
 
+
Thoughts about what should go on the report:
SMS was originally designed for [[GSM]], but most all of the large digital mobile phone providers provide the ability to send messages to other phones via the SMS.
+
* OS Release, Version and Patch Level
 
+
* Kernel Release
== Popularity ==
+
* Language
 
+
* Distribution
== Forensics Standpoint ==
+
* Last Boot
Most modern phones store the SMS in their internal memory, rather than on the SIM card; in this case forensics should target the phone itself. If the phone does not store the SMS on the SIM card, it can be reconfigured to do so (whether this is possible and how it is done depends on the phone brand and model).
+
* Installation Date
 
+
* Per-user information --- how many users? When was each logged on last
If the phone stores the SMS on the SIM card, forensics should target the card; there is a chance to recover a deleted SMS.
+
* IP addresses assigned.
 
+
* DHCP information
This is possible because some phones will only mark the SMS as deleted (instead of overwriting it with 0 or 1 bits); the text of the SMS will continue to reside on the card until a new SMS is received and the space will be overwritten with the contents of the new message.
+
* ISPs that were in use
 
+
* DNS information
== External Links ==
+
* Where the connections came from
* [http://www.dekart.com/howto/howto_sim_reader/how_to_recover_a_deleted_sms/ An entry level tutorial that explains the details behind the SMS recovery process]
+
* [http://www.youtube.com/watch?v=VaBaqZiNW4U A video tutorial that shows how an SMS can be recovered] (but does not go into the low-level details of the process)
+

Revision as of 09:09, 18 July 2013

The idea of a 1-Page Forensics Report is to have a single page that conveys information about a piece of media, a network capture, or a file.

Disk Forensics 1-Page Report

Thoughts about what should go on the report:

  • OS Release, Version and Patch Level
  • Kernel Release
  • Language
  • Distribution
  • Last Boot
  • Installation Date
  • Per-user information --- how many users? When was each logged on last
  • IP addresses assigned.
  • DHCP information
  • ISPs that were in use
  • DNS information
  • Where the connections came from