Difference between pages "Sim Filesystem" and "Blogs"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Quick Guide for SIMCon)
 
(Challenges (and test images))
 
Line 1: Line 1:
''Under Construction''
+
[[Computer forensics]] related resources like: blogs, fora, tweets, tools and challenges (and test images).
  
The [[SIM Card]] is the basic memory device inside of many mobile phones in use today. This small piece of hardware has been key to solving many cases in the world of [[SIM Card Forensics]]. However, without the proper knowledge of the SIM card's filesystem, the user will be missing out on all the valuable information the [[SIM Card]] holds.
+
= Blogs =
  
 +
== English ==
  
== Getting Started ==
+
* [http://www.appleexaminer.com/ The Apple Examiner]
 +
* [http://computer.forensikblog.de/en/ Computer Forensics Blog], by [[Andreas Schuster]]
 +
* [http://www.niiconsulting.com/checkmate/ Checkmate - e-zine on Digital Forensics and Incident Response]
 +
* [http://www.infosecinstitute.com/blog/ethical_hacking_computer_forensics.html Jack Koziol - Ethical Hacking and Computer Forensics]
 +
* [http://windowsir.blogspot.com/ Windows Incident Response Blog], by [[Harlan Carvey]]
 +
* [http://geschonneck.com/ Computer Forensics Blog], by [[Alexander Geschonneck]]
 +
* [http://forensicblog.org/ Computer Forensics Blog], by [[Michael Murr]]
 +
* [http://forenshick.blogspot.com/ Forensic news, Technology, TV, and more], by [[Jordan Farr]]
 +
* [http://unixsadm.blogspot.com/ UNIX, OpenVMS and Windows System Administration, Digital Forensics, High Performance Computing, Clustering and Distributed Systems], by [[Criveti Mihai]]
 +
* [http://intrusions.blogspot.com/ Various Authors - Intrusions and Malware Analysis]
 +
* [http://chicago-ediscovery.com/education/computer-forensics-glossary/ Computer Forensic Glossary Blog, HOWTOs and other resources], by [[Andrew Hoog]]
 +
* [http://secureartisan.wordpress.com/ Digital Forensics with a Focus on EnCase], by [[Paul Bobby]]
 +
* [http://www.crimemuseum.org/blog/ National Museum of Crime and Punishment-CSI/Forensics Blog]
 +
* [http://forensicsfromthesausagefactory.blogspot.com/ Forensics from the sausage factory]
 +
* [http://integriography.wordpress.com Computer Forensics Blog], by [[David Kovar]]
 +
* [http://jessekornblum.livejournal.com/ A Geek Raised by Wolves], by [[Jesse Kornblum]]
 +
* [http://computer-forensics.sans.org/blog SANS Computer Forensics and Incident Response Blog by SANS Institute]
 +
* [http://www.digitalforensicsource.com Digital Forensic Source]
 +
* [http://dfsforensics.blogspot.com/ Digital Forensics Solutions]
 +
* [http://forensicaliente.blogspot.com/ Forensicaliente]
 +
* [http://www.ericjhuber.com/ A Fistful of Dongles]
 +
* [http://gleeda.blogspot.com/ JL's stuff]
 +
* [http://4n6k.blogspot.com/ 4n6k]
 +
* [http://justaskweg.com/ JustAskWeg], by [[Jimmy Weg]]
 +
* [http://blog.kiddaland.net/ IR and forensic talk], by [[Kristinn Gudjonsson]]
 +
* [http://c-skills.blogspot.ch/ c-skills], by [[Sebastian Krahmer]]
 +
* [http://sketchymoose.blogspot.ch/ Sketchymoose's Blog]
 +
* [http://www.swiftforensics.com/ All things forensic and security related], by [[Yogesh Khatri]]
  
[[File:What_you_need.jpg|250px|thumb|Items you need]]
+
=== Windows ===
 +
* [http://blogs.msdn.com/b/ntdebugging/ ntdebugging - Advanced Windows Debugging and Troubleshooting]
  
This is a list of items to get you started on reading SIM Cards and their information:
+
== Dutch ==
  
# [[SIMCon]]
+
* [http://stam.blogs.com/8bits/ 8 bits], by [[Mark Stam]] (also contain English articles otherwise use [http://translate.google.com/translate?u=http%3A%2F%2Fstam.blogs.com%2F8bits%2Fforensisch%2Findex.html&langpair=nl%7Cen&hl=en&ie=UTF-8 Google translation])
#* Program used to read SIM Cards
+
# [[SIM Cards]]
+
# SIM Card Reader
+
  
 +
== French ==
  
== Quick Guide for SIMCon ==
+
* [http://forensics-dev.blogspot.com Forensics-dev] ([http://translate.google.com/translate?u=http%3A%2F%2Fforensics-dev.blogspot.com%2F&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
  
# Make sure the SIM Card Reader with SIM Card is connected
+
== German ==
# Open [[SIMCon]]
+
# Click File > Read SIM or Click [[File:Simcon.png]] in the upper left corner of [[SIMCon]]
+
# Click OK when the next dialog box pops up
+
#* '''Note''', some SIM cards are locked. This is where the PIN needs to be entered if known.
+
#* If the PIN is unknown, the SIM cannot be read.
+
# Click OK again when the next dialog box pops up
+
  
== Definitions ==
+
* [http://computer.forensikblog.de/ Computer Forensik Blog Gesamtausgabe], by [[Andreas Schuster]] ([http://computer.forensikblog.de/en/ English version])
 +
* [http://computer-forensik.org computer-forensik.org], by [[Alexander Geschonneck]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.computer-forensik.org&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
 +
* [http://henrikbecker.blogspot.com Digitale Beweisführung], by [[Henrik Becker]] ([http://translate.google.com/translate?u=http%3A%2F%2Fhenrikbecker.blogspot.com&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
  
=== MF ===
+
== Spanish ==
* Only '''one''' MF
+
* The Master File (MF)
+
* Root of the SIM Card file system
+
* Equivalent to the root directory or "/" in the Linux filesystem
+
  
=== DF ===
+
* [http://www.forensic-es.org/blog forensic-es.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.forensic-es.org%2Fblog&langpair=es%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
* Dedicated Files (DF)
+
* [http://www.inforenses.com InForenseS], by [[Javier Pages]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.inforenses.com&langpair=es%7Cen&hl=es&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
* Equivalent to a folder in a Windows/Linux filesystem
+
* [http://windowstips.wordpress.com El diario de Juanito]
* Usually three DF's
+
* [http://conexioninversa.blogspot.com Conexión inversa]
** DF_GSM / DF_DCS1800 / DF_TELECOM
+
  
==== DF_DCS1800 / DF_GSM ====
+
== Russian ==
* Contains network related information
+
* Specifying data in DF_GSM writes only to DF_GSM on the SIM
+
* The SIM is expected to mirror GSM and DCS1800
+
  
==== DF_TELECOM ====
+
* Group-IB: [http://notheft.ru/blogs/group-ib blog at notheft.ru], [http://www.securitylab.ru/blog/company/group-ib/ blog at securitylab.ru]
* Contains the service related information
+
  
=== EF ===
+
= Related blogs =
* Elementary Files (EF)
+
* Holds one to many records
+
* Represent the leaf node of the filesystem
+
* EF's sit below the DF's in the filesystem hierarchy
+
  
== Information ==
+
* [http://www.c64allstars.de C64Allstars Blog]
 +
* [http://www.emergentchaos.com/ Emergent Chaos], by [[Adam Shostack]]
 +
* [http://jeffjonas.typepad.com/ Inventor of NORA discusses privacy and all things digital], by [[Jeff Jonas]]
 +
* [http://www.cs.uno.edu/~golden/weblog Digital Forensics, Coffee, Benevolent Hacking], by [[Golden G. Richard III]]
  
=== EF_ICCID ===
+
= Circles/Fora/Groups =
 +
* [http://forensicfocus.com/ Forensic Focus]
 +
* [http://tech.groups.yahoo.com/group/win4n6 Yahoo! groups: win4n6 · Windows Forensic Analysis]
  
This displays the ID or Card Identity of the SIM Card, this can also be found on the SIM card itself.
+
= Tweets =
 +
* [http://twitter.com/#!/search/%23DFIR?q=%23DFIR #DFIR]
 +
* [http://twitter.com/#!/search/%23forensics #forensics]
  
[[File:Ef_iccid.png|350px|thumb]]
+
= Tools =
 +
* [http://www2.opensourceforensics.org/ Open Source Digital Forensics]
 +
* [http://forensiccontrol.com/resources/free-software/ Free computer forensic tools]
 +
* [http://code.google.com/p/libyal/ Yet another library library (and tools)]
  
=== DF_GSM ===
+
= Challenges (and test images) =
 +
* [http://www.dc3.mil/challenge/ DC3 Challenges]
 +
* [http://testimages.wordpress.com/ Digital Forensics Test Images]
 +
* [http://www.forensicfocus.com/images-and-challenges Forensic Focus - Test Images and Forensic Challenges]
 +
* [https://www.honeynet.org/challenges/ Honeynet Project Challenges]
 +
* [http://testimages.wordpress.com/ Digital Forensic Test Images]
 +
* [http://secondlookforensics.com/linux-memory-images/ Second Look - Linux Memory Images]
 +
* [http://sourceforge.net/projects/nullconctf2014/ NullconCTF2014]
  
==== EF_IMSI ====
+
= Conferences =
 +
See: [[:Category:Conferences|Conferences]]
  
[[File:Ef_imsi.png|350px|thumb]]
+
[[Category:Further information]]
 
+
* International Mobile Subscriber Identity (IMSI)
+
* 310-260-653235860
+
* MCC-MNC-MSIN
+
** MCC[http://en.wikipedia.org/wiki/List_of_mobile_country_codes] (3 Digits)
+
*** Mobile Country Code
+
** MNC[http://en.wikipedia.org/wiki/Mobile_Network_Code] (2 Digits EU / 3 Digits NA)
+
*** Mobile Network Code
+
** MSIN[http://en.wikipedia.org/wiki/MSIN] (Remaining Digits)
+
*** Mobile Subscription Identification Number
+

Revision as of 01:52, 29 January 2014

Computer forensics related resources like: blogs, fora, tweets, tools and challenges (and test images).

Contents

Blogs

English

Windows

Dutch

French

German

Spanish

Russian

Related blogs

Circles/Fora/Groups

Tweets

Tools

Challenges (and test images)

Conferences

See: Conferences