Difference between pages "Sim Filesystem" and "Golden G. Richard III"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Getting Started)
 
m
 
Line 1: Line 1:
''Under Construction''
 
  
The [[SIM Card]] is the basic memory device inside of many mobile phones in use today. This small piece of hardware has been key to solving many cases in the world of [[SIM Card Forensics]]. However, without the proper knowledge of the SIM card's filesystem, the user will be missing out on all the valuable information the [[SIM Card]] holds.
+
Golden G. Richard III is Professor of Computer Science, University Research Professor, and Director of the Greater New Orleans Center for Information Assurance (GNOCIA) at the University of New Orleans, where he has taught and done research in cybersecurity, operating systems internals, reverse engineering, and malware analysis since 1994.  Golden earned a Ph.D. in Computer Science from The Ohio State University in 1995.  He is also the Founder and Owner of Arcane Alloy, LLC, a private digital forensics and cybersecurity firm, the original author of the [[Scalpel]] file [[Carving|carving]] tool, a pioneer in applying high performance computing principles to digital forensics, and a professional music photographer.
  
 +
He maintains a [[Blogs|blog]] called "Outlook Purple" and can be found on Twitter at @nolaforensix.
  
== Getting Started ==
+
== See Also ==
  
[[File:What_you_need.jpg|250px|thumb|Items you'll need]]
+
[[Forensics on GPUs]]
  
This is a list of items to get you started on reading SIM Cards and their information:
+
== External Links ==
  
# [[Windows]] operating system
+
* [http://www.cs.uno.edu/~golden Official website]
# [[SIMCon]]
+
* [http://www.arcanealloy.com Arcane Alloy, LLC]
#* Program used to read SIM Cards
+
* [http://outlookpurple.blogspot.com Outlook Purple]
# [[SIM Cards]]
+
* [http://www.highisomusic.com High ISO Music]
# SIM Card Reader
+
  
== Quick Guide for SIMCon ==
+
[[Category:People]]
 
+
# Make sure the SIM Card Reader with SIM Card is connected
+
# Open [[SIMCon]]
+
# Click File > Read SIM or Click [[File:Simcon.png]] in the upper left corner of [[SIMCon]]
+
# Click OK when the next dialog box pops up
+
#* '''Note''', some SIM cards are locked. This is where the PIN needs to be entered if known.
+
#* If the PIN is unknown, the SIM cannot be read.
+
# Click OK again when the next dialog box pops up
+
 
+
== Definitions ==
+
 
+
=== MF ===
+
* Only '''one''' MF
+
* The Master File (MF)
+
* Root of the SIM Card file system
+
* Equivalent to the root directory or "/" in the Linux filesystem
+
 
+
=== DF ===
+
* Dedicated Files (DF)
+
* Equivalent to a folder in a Windows/Linux filesystem
+
* Usually three DF's
+
** DF_GSM / DF_DCS1800 / DF_TELECOM
+
 
+
==== DF_DCS1800 / DF_GSM ====
+
* Contains network related information
+
* Specifying data in DF_GSM writes only to DF_GSM on the SIM
+
* The SIM is expected to mirror GSM and DCS1800
+
 
+
==== DF_TELECOM ====
+
* Contains the service related information
+
 
+
=== EF ===
+
* Elementary Files (EF)
+
* Holds one to many records
+
* Represent the leaf node of the filesystem
+
* EF's sit below the DF's in the filesystem hierarchy
+
 
+
=== PLMN ===
+
* Public Land Mobile Network
+
** A PLMN is a network that is established and operated by an administration or by a recognized operating agency (ROA) for the specific purpose of providing land mobile telecommunications services to the public. [http://en.wikipedia.org/wiki/Public_land_mobile_network]
+
 
+
== Information ==
+
 
+
=== EF_ICCID ===
+
 
+
This displays the ID or Card Identity of the SIM Card, this can also be found on the SIM card itself.
+
 
+
[[File:Ef_iccid.png|350px|thumb|EF_ICCID]]
+
 
+
=== DF_GSM ===
+
 
+
==== EF_IMSI ====
+
 
+
[[File:Ef_imsi.png|350px|thumb|EF_IMSI]]
+
 
+
* International Mobile Subscriber Identity (IMSI)[http://en.wikipedia.org/wiki/IMSI]
+
* 310  -  260  -  653235860
+
* MCC  -  MNC  -  MSIN
+
** MCC[http://en.wikipedia.org/wiki/List_of_mobile_country_codes] (3 Digits)
+
*** Mobile Country Code
+
** MNC[http://en.wikipedia.org/wiki/Mobile_Network_Code] (2 Digits EU / 3 Digits NA)
+
*** Mobile Network Code
+
** MSIN[http://en.wikipedia.org/wiki/MSIN] (Remaining Digits)
+
*** Mobile Subscription Identification Number
+
*** Within the network's customer base
+

Latest revision as of 16:33, 28 January 2014

Golden G. Richard III is Professor of Computer Science, University Research Professor, and Director of the Greater New Orleans Center for Information Assurance (GNOCIA) at the University of New Orleans, where he has taught and done research in cybersecurity, operating systems internals, reverse engineering, and malware analysis since 1994. Golden earned a Ph.D. in Computer Science from The Ohio State University in 1995. He is also the Founder and Owner of Arcane Alloy, LLC, a private digital forensics and cybersecurity firm, the original author of the Scalpel file carving tool, a pioneer in applying high performance computing principles to digital forensics, and a professional music photographer.

He maintains a blog called "Outlook Purple" and can be found on Twitter at @nolaforensix.

See Also

Forensics on GPUs

External Links