Difference between pages "Sim Filesystem" and "Aimage"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Definitions)
 
m
 
Line 1: Line 1:
''Under Construction''
+
{{Infobox_Software |
 +
  name = aimage |
 +
  maintainer = [[Simson Garfinkel]], [[Basis Technology]] |
 +
  os = {{Linux}} |
 +
  genre = {{Disk imaging}} |
 +
  license = {{Original BSD license}} |
 +
}}
  
The [[SIM Card]] is the basic memory device inside of many mobile phones in use today. This small piece of hardware has been key to solving many cases in the world of [[SIM Card Forensics]]. However, without the proper knowledge of the SIM card's filesystem, the user will be missing out on all the valuable information the [[SIM Card]] holds.
+
'''aimage''' (the '''advanced imager''') was an [[imaging]] tool that was part of [[AFF]].
  
 +
'''aimage''' can create files in raw, AFF, AFD, or AFM formats. AFF and AFD formats can be compressed or uncompressed. [[aimage]]  can optionally compress and calculate [[MD5]] or [[SHA-1]] hash residues while the data is being copied. It had intelligent error recovery, similar to what is in [[ddrescue]].
  
== Getting Started ==
 
  
[[File:What_you_need.jpg|250px|thumb|Items you'll need]]
+
'''aimage'' was withdrawn from support (December 25, 2010)
  
This is a list of items to get you started on reading SIM Cards and their information:
+
Linux distributions that packaged '''image''' are encouraged to drop it and package guymager instead.
  
# [[Windows]] operating system
+
===See Also===
# [[SIMCon]]
+
* [[How_to_image_an_IDE_disk_with_aimage_and_FreeBSD]]
#* Program used to read SIM Cards
+
# [[SIM Cards]]
+
# SIM Card Reader
+
 
+
== Quick Guide for SIMCon ==
+
 
+
# Make sure the SIM Card Reader with SIM Card is connected
+
# Open [[SIMCon]]
+
# Click File > Read SIM or Click [[File:Simcon.png]] in the upper left corner of [[SIMCon]]
+
# Click OK when the next dialog box pops up
+
#* '''Note''', some SIM cards are locked. This is where the PIN needs to be entered if known.
+
#* If the PIN is unknown, the SIM cannot be read.
+
# Click OK again when the next dialog box pops up
+
 
+
== Definitions ==
+
 
+
=== MF ===
+
* Only '''one''' MF
+
* The Master File (MF)
+
* Root of the SIM Card file system
+
* Equivalent to the root directory or "/" in the Linux filesystem
+
 
+
=== DF ===
+
* Dedicated Files (DF)
+
* Equivalent to a folder in a Windows/Linux filesystem
+
* Usually three DF's
+
** DF_GSM / DF_DCS1800 / DF_TELECOM
+
 
+
==== DF_DCS1800 / DF_GSM ====
+
* Contains network related information
+
* Specifying data in DF_GSM writes only to DF_GSM on the SIM
+
* The SIM is expected to mirror GSM and DCS1800
+
 
+
==== DF_TELECOM ====
+
* Contains the service related information
+
 
+
=== EF ===
+
* Elementary Files (EF)
+
* Holds one to many records
+
* Represent the leaf node of the filesystem
+
* EF's sit below the DF's in the filesystem hierarchy
+
 
+
=== PLMN ===
+
* Public Land Mobile Network
+
** A PLMN is a network that is established and operated by an administration or by a recognized operating agency (ROA) for the specific purpose of providing land mobile telecommunications services to the public. [http://en.wikipedia.org/wiki/Public_land_mobile_network]
+
 
+
=== LAI ===
+
* Location Area Identity
+
** Each location area of a public land mobile network (PLMN) has its own unique identifier which is known as Location Area Identity (LAI). [http://en.wikipedia.org/wiki/Location_Area_Identity]
+
 
+
== Information ==
+
 
+
=== EF_ICCID ===
+
 
+
This displays the ID or Card Identity of the SIM Card, this can also be found on the SIM card itself.
+
 
+
[[File:Ef_iccid.png|350px|thumb|EF_ICCID]]
+
 
+
=== DF_GSM ===
+
 
+
==== EF_IMSI ====
+
 
+
[[File:Ef_imsi.png|350px|thumb|EF_IMSI]]
+
 
+
* International Mobile Subscriber Identity (IMSI)[http://en.wikipedia.org/wiki/IMSI]
+
* 310  -  260  -  653235860
+
* MCC  -  MNC  -  MSIN
+
** MCC[http://en.wikipedia.org/wiki/List_of_mobile_country_codes] (3 Digits)
+
*** Mobile Country Code
+
** MNC[http://en.wikipedia.org/wiki/Mobile_Network_Code] (2 Digits EU / 3 Digits NA)
+
*** Mobile Network Code
+
** MSIN[http://en.wikipedia.org/wiki/MSIN] (Remaining Digits)
+
*** Mobile Subscription Identification Number
+
*** Within the network's customer base
+
 
+
==== EF_PLMNSEL ====
+
[[File:Plmnsel.png|350px|thumb|EF_PLMNSEL]]
+
* List of all PLMN's (see [[Sim_Filesystem#PLMN]])
+

Latest revision as of 21:26, 21 October 2013

aimage
Maintainer: Simson Garfinkel, Basis Technology
OS: Linux
Genre: Disk imaging
License: Original BSD license
Website: {{{website}}}

aimage (the advanced imager) was an imaging tool that was part of AFF.

aimage can create files in raw, AFF, AFD, or AFM formats. AFF and AFD formats can be compressed or uncompressed. aimage can optionally compress and calculate MD5 or SHA-1 hash residues while the data is being copied. It had intelligent error recovery, similar to what is in ddrescue.


'aimage was withdrawn from support (December 25, 2010)

Linux distributions that packaged image are encouraged to drop it and package guymager instead.

See Also