Difference between pages "Webloc" and "Sim Filesystem"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m (.webloc moved to Webloc: my bad, wasn't paying attention to the apparent convention)
 
(EF_ICCID)
 
Line 1: Line 1:
This is Mac OS X's internet shortcut file, similar to the Microsoft Windows [[.URL]] file.  However, due to the heavy usage of [[AppleDouble_header_file|AppleDouble]] resources, the expected data is actually stored as metadata and not in the the expected data file location.
+
''Under Construction''
  
On the file system itself, the shortcut file named <code>News.webloc</code> pointing to <code>http://news.google.com</code> is actually a zero byte file.  The URL is instead stored in the <code>._News.webloc</code> file in a field with resource type '<code>url </code>'.
+
The [[SIM Card]] is the basic memory device inside of many mobile phones in use today. This small piece of hardware has been key to solving many cases in the world of [[SIM Card Forensics]]. However, without the proper knowledge of the SIM card's filesystem, the user will be missing out on all the valuable information the [[SIM Card]] holds.
  
The contents of this resource file are visible with the Apple Developer Tool [http://developer.apple.com/documentation/Darwin/Reference/ManPages/man1/DeRez.1.html DeRez]
 
  
[[Category:File Formats]]
+
== Getting Started ==
 +
 
 +
[[File:What_you_need.jpg|250px|thumb|Items you need]]
 +
 
 +
This is a list of items to get you started on reading SIM Cards and their information:
 +
 
 +
# [[SIMCon]]
 +
#* Program used to read SIM Cards
 +
# [[SIM Cards]]
 +
# SIM Card Reader
 +
 
 +
 
 +
== Quick Guide for SIMCon ==
 +
 
 +
# Make sure SIM Read with SIM Card is plugged in
 +
# Open [[SIMCon]]
 +
# Click File > Read SIM or Click [[File:Simcon.png]] in the upper left corner of [[SIMCon]]
 +
# Click OK when the next dialog box pops up
 +
#* '''Note''', some SIM cards are locked. This is where the PIN needs to be entered if known.
 +
#* If the PIN is unknown, the SIM cannot be read.
 +
# Click OK again when the next dialog box pops up
 +
 
 +
== Definitions ==
 +
 
 +
=== MF ===
 +
* Only '''one''' MF
 +
* The Master File (MF)
 +
* Root of the SIM Card file system
 +
* Equivalent to the root directory or "/" in the Linux filesystem
 +
 
 +
=== DF ===
 +
* Dedicated Files (DF)
 +
* Equivalent to a folder in a Windows/Linux filesystem
 +
* Usually three DF's
 +
** DF_GSM / DF_DCS1800 / DF_TELECOM
 +
 
 +
==== DF_DCS1800 / DF_GSM ====
 +
* Contains network related information
 +
* Specifying data in DF_GSM writes only to DF_GSM on the SIM
 +
* The SIM is expected to mirror GSM and DCS1800
 +
 
 +
==== DF_TELECOM ====
 +
* Contains the service related information
 +
 
 +
=== EF ===
 +
* Elementary Files (EF)
 +
* Holds one to many records
 +
* Represent the leaf node of the filesystem
 +
* EF's sit below the DF's in the filesystem hierarchy
 +
 
 +
== Information ==
 +
 
 +
=== EF_ICCID ===
 +
 
 +
This displays the ID or Card Identity of the SIM Card, this can also be found on the SIM card itself.
 +
 
 +
[[File:Ef_iccid.png|400px|thumb|left]]

Revision as of 11:08, 5 April 2011

Under Construction

The SIM Card is the basic memory device inside of many mobile phones in use today. This small piece of hardware has been key to solving many cases in the world of SIM Card Forensics. However, without the proper knowledge of the SIM card's filesystem, the user will be missing out on all the valuable information the SIM Card holds.


Contents

Getting Started

Items you need

This is a list of items to get you started on reading SIM Cards and their information:

  1. SIMCon
    • Program used to read SIM Cards
  2. SIM Cards
  3. SIM Card Reader


Quick Guide for SIMCon

  1. Make sure SIM Read with SIM Card is plugged in
  2. Open SIMCon
  3. Click File > Read SIM or Click Simcon.png in the upper left corner of SIMCon
  4. Click OK when the next dialog box pops up
    • Note, some SIM cards are locked. This is where the PIN needs to be entered if known.
    • If the PIN is unknown, the SIM cannot be read.
  5. Click OK again when the next dialog box pops up

Definitions

MF

  • Only one MF
  • The Master File (MF)
  • Root of the SIM Card file system
  • Equivalent to the root directory or "/" in the Linux filesystem

DF

  • Dedicated Files (DF)
  • Equivalent to a folder in a Windows/Linux filesystem
  • Usually three DF's
    • DF_GSM / DF_DCS1800 / DF_TELECOM

DF_DCS1800 / DF_GSM

  • Contains network related information
  • Specifying data in DF_GSM writes only to DF_GSM on the SIM
  • The SIM is expected to mirror GSM and DCS1800

DF_TELECOM

  • Contains the service related information

EF

  • Elementary Files (EF)
  • Holds one to many records
  • Represent the leaf node of the filesystem
  • EF's sit below the DF's in the filesystem hierarchy

Information

EF_ICCID

This displays the ID or Card Identity of the SIM Card, this can also be found on the SIM card itself.

Ef iccid.png