Difference between pages "SIM Forensics" and "Sim forensics"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Created page with "''Under Construction'' The SIM Card is the basic memory device inside of many mobile phones in use today. This small piece of hardware has been key to solving many cases in ...")
 
(Redirected page to SIM Forensics)
 
Line 1: Line 1:
''Under Construction''
+
#REDIRECT [[SIM_Forensics]]
 
+
The [[SIM Card]] is the basic memory device inside of many mobile phones in use today. This small piece of hardware has been key to solving many cases in the world of [[SIM Card Forensics]]. However, without the proper knowledge of the SIM card's filesystem, the user will be missing out on all the valuable information the [[SIM Card]] holds.
+
 
+
 
+
== Getting Started ==
+
 
+
[[File:What_you_need.jpg|250px|thumb|Items you'll need]]
+
 
+
This is a list of items to get you started on reading SIM Cards and their information:
+
 
+
# [[Windows]] operating system
+
# [[SIMCon]][http://www.simcon.no/]
+
#* Program used to read SIM Cards
+
# [[SIM Cards]]
+
# SIM Card Reader
+
 
+
<br />
+
<br />
+
<br />
+
<br />
+
 
+
== Quick Guide for SIMCon ==
+
 
+
# Make sure the SIM Card Reader with SIM Card is connected
+
# Open [[SIMCon]]
+
# Click File > Read SIM or Click [[File:Simcon.png]] in the upper left corner of [[SIMCon]]
+
# Click OK when the next dialog box pops up
+
#* '''Note''', some SIM cards are locked. This is where the PIN needs to be entered if known.
+
#* If the PIN is unknown, the SIM cannot be read.
+
# Click OK again when the next dialog box pops up
+
 
+
== Definitions ==
+
 
+
=== MF ===
+
* Only '''one''' MF
+
* The Master File (MF)
+
* Root of the SIM Card file system
+
* Equivalent to the root directory or "/" in the Linux filesystem
+
 
+
=== DF ===
+
* Dedicated Files (DF)
+
* Equivalent to a folder in a Windows/Linux filesystem
+
* Usually three DF's
+
** DF_GSM / DF_DCS1800 / DF_TELECOM
+
 
+
==== DF_DCS1800 / DF_GSM ====
+
* Contains network related information
+
* Specifying data in DF_GSM writes only to DF_GSM on the SIM
+
* The SIM is expected to mirror GSM and DCS1800
+
 
+
==== DF_TELECOM ====
+
* Contains the service related information
+
 
+
=== EF ===
+
* Elementary Files (EF)
+
* Holds one to many records
+
* Represent the leaf node of the filesystem
+
* EF's sit below the DF's in the filesystem hierarchy
+
 
+
=== PLMN ===
+
* Public Land Mobile Network
+
** A PLMN is a network that is established and operated by an administration or by a recognized operating agency (ROA) for the specific purpose of providing land mobile telecommunications services to the public. [http://en.wikipedia.org/wiki/Public_land_mobile_network]
+
 
+
=== LAI ===
+
* Location Area Identity
+
** Each location area of a public land mobile network (PLMN) has its own unique identifier which is known as Location Area Identity (LAI). [http://en.wikipedia.org/wiki/Location_Area_Identity]
+
 
+
== Filesystem ==
+
 
+
=== EF_ICCID ===
+
 
+
This displays the ID or Card Identity of the SIM Card, this can also be found on the SIM card itself.
+
 
+
[[File:Ef_iccid.png|350px|thumb|left|EF_ICCID]]
+
 
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
----
+
 
+
=== DF_GSM ===
+
 
+
==== EF_IMSI ====
+
 
+
* International Mobile Subscriber Identity (IMSI)[http://en.wikipedia.org/wiki/IMSI]
+
* 310  -  260  -  653235860
+
* MCC  -  MNC  -  MSIN
+
** MCC[http://en.wikipedia.org/wiki/List_of_mobile_country_codes] (3 Digits)
+
*** Mobile Country Code
+
** MNC[http://en.wikipedia.org/wiki/Mobile_Network_Code] (2 Digits EU / 3 Digits NA)
+
*** Mobile Network Code
+
** MSIN[http://en.wikipedia.org/wiki/MSIN] (Remaining Digits)
+
*** Mobile Subscription Identification Number
+
*** Within the network's customer base
+
 
+
[[File:Ef_imsi.png|350px|thumb|left|EF_IMSI]]
+
 
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
----
+
 
+
==== EF_PLMNSEL ====
+
 
+
* List of all PLMN's (see [[Sim_Filesystem#PLMN]])
+
 
+
[[File:Plmnsel.png|350px|thumb|left|EF_PLMNSEL]]
+
 
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
----
+
 
+
==== EF_LOCI ====
+
* Location Information
+
** Contains Location Area Identity (see [[Sim_Filesystem#LAI]])
+
*** LAI Network Code (see [[Sim_Filesystem#PLMN]] / [[Sim_Filesystem#LAI]])
+
 
+
[[File:Ef_loci.png|350px|thumb|left|EF_LOCI]]
+
 
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
----
+
 
+
=== DF_TELECOM ===
+
 
+
==== EF_ADN ====
+
 
+
 
+
[[File:EF_adn.png|350px|thumb|left|EF_ADN]]
+
 
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
<br />
+
----
+

Latest revision as of 11:26, 12 April 2011

  1. REDIRECT SIM_Forensics
Retrieved from "http://www.forensicswiki.org/w/index.php?title=SIM_Forensics&oldid=10852"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox