Difference between pages "SIMIS" and "Timeline Analysis Bibliography"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
m (Papers)
 
Line 1: Line 1:
== SIMIS 2G ==
+
==Papers==
 +
* S. Willassen, [http://www.igi-global.com/articles/details.asp?ID=33298 "A Model Based Approach to Timestamp Evidence Interpretation"], International Journal of Digital Crime and Forensics, 1:2, 2009
  
Feature Overview
+
* Olsson, Jens [http://www.bth.se/fou/cuppsats.nsf/bbb56322b274389dc1256608004f052b/2e5256fe7d0e57d5c12574bd0072d894!OpenDocument Digital Evidence with an Emphasis on Time],  Master's Thesis, Blekinge Institute of Technology, September 2008.
* Forensically safe - no facility for the modification of system or user data held on the SIM
+
* R. Koen, M. Olivier, [http://icsa.cs.up.ac.za/issa/2008/Proceedings/Full/43.pdf "The Use of File Timestamps in Digital Forensics"], ISSA 2008, Johannesburg, South Africa, July 2008
* Correctly handles PIN and PUK entry under controlled conditions.
+
* S. Willassen, [http://www.diva-portal.org/ntnu/abstract.xsql?dbid=2145 "Methods for Enhancement of Timestamp Evidence in Digital Investigations"], PhD Dissertation, Norwegian University of Science and Technology, 2008
* Builds a database with unique file references for each SIM Card.
+
* S. Willassen, [http://www.willassen.no/svein/pub/ares08.pdf "Finding Evidence of Antedating in Digital Investigations"], ARES 2008, Barcelona, Spain, March 2008
* Searchable database with appropriate index categories.
+
* S. Willassen, [http://www.willassen.no/svein/pub/ifip08.pdf "Hypothesis Based Investigation of Digital Timestamp"], 4th IFIP WG 11.9 Workskop on Digital Evidence, Kyoto, Japan, January 2008
* Facility to read data from the SIMIS Mobile card interrogation unit.
+
* S. Willassen, [http://www.willassen.no/svein/pub/efor08.pdf "Timestamp Evidence Correlation by model based clock hypothesis testing"], E-Forensics 2008, Adelaide, Australia, January 2008
* Presents data in a printable format for reports.
+
* F. Buchholz, [http://www.infosec.jmu.edu/reports/jmu-infosec-tr-2007-001.pdf "An Improved Clock Model for Translating Timestamps"], JMU-INFOSEC-TR-2007-001, James Madison University
* Provides commented RAW data in a standard format for use in third party applications.
+
* F. Buchholz, B. Tjaden, [http://www.dfrws.org/2007/proceedings/p31-buchholz.pdf "A brief study of time"], Digital Investigation 2007:4S
 +
* K. Chow, F. Law, M. Kwan, P. Lai, [http://i.cs.hku.hk/~cisc/forensics/papers/RuleOfTime.pdf "The Rules of Time on NTFS File System"], 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering, Seattle, Washington, April 2007
 +
* B. Schatz, G. Mohay, A. Clark, [http://www.dfrws.org/2006/proceedings/13-%20Schatz.pdf "A correlation method for establishing provenance of timestamps in digital evidence"], Digital Investigation 2006:3S
 +
* P. Gladyshev, A. Patel, [http://www.utica.edu/academic/institutes/ecii/publications/articles/B4A90270-B5A9-6380-68863F61C2F7603D.pdf "Formalizing Event Time Bouding in Digital Investigation"], International Journal of Digital Evidence, vol 4:2, 2005
 +
* C. Boyd, P. Forster, "Time and Date issues in forensic computing - a case study", Digital Investigation 2004:1
 +
* M.W. Stevens, "Unification of relative time frames for digital forensics", Digital Investigation 2004:1
 +
* M.C. Weil, [http://www.utica.edu/academic/institutes/ecii/publications/articles/A048B1E4-B921-1DA3-EB227EE7F61F2053.pdf "Dynamic Time & Date Stamp Analysis"], International Journal of Digital Evidence, vol 1:2, 2002
  
 +
* [http://infoviz.pnl.gov/pdf/themeriver99.pdf ThemeRiver: In Search of Trends, Patterns, and Relationships], Susan Havre, Beth Hetzler, and Lucy Nowell, Battelle Pacific Northwest Division, Richland, Washington, 1999
 +
* [http://www.conceptsymbols.com/web/publications/2003_timelines.pdf Timeline Visualization of Research Fronts], Steven A. Morris2, G. Yen, Zheng Wu, Benyam Asnake , School of Electrical and Computer Engineering, Oklahoma State University, Stillwater, Oklahoma. 2003
 +
* [http://well-formed-data.net/archives/26/visualizing-gaps-in-time-based-lists Visualizing gaps in time-based lists], Moritz Stefaner
  
The SIMIS package is flexible, with a range of options available to suit your needs. Typically a SIMIS package consists of:
+
==Programs==
* PC based software application
+
; [[Zeitline]] — Forensic timeline editor
* PC/SC Smart Card Reader (USB or Serial)
+
: http://projects.cerias.purdue.edu/forensics/timeline.php
* Mini-Sim Adapter
+
: http://sourceforge.net/projects/zeitline/
* USB License Key
+
  
There is also the option to use a PC Card (PCMCIA) Reader for laptops and notebooks.
+
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
  
== SIMIS 3G ==
+
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
SIMIS 3G provides the examiner with broadly similar features and facilities to SIMIS 2, however the 3G 'SIM' holds a vast amount of user and network information. SIMIS 3G is a most comprehensive tool for the recovery and clear precise presentation of the data.
+
  
SIMIS 3G presents the recovered data in its original language (Unicode fully supported), in an easily browsable format, complete with comprehensive print facilities and selectable scan depth. SIMIS 3G allows the examiner to view recovered data (including phone book contacts and numbers, SMS text messages, deleted text messages, time and date information and more )
+
==See Also==
 +
* http://www.timeforensics.com/
  
SIMIS3G provides access to all areas of the USIM, however SIMIS3G was designed to be intuitive and easy to use, requiring no detailed knowledge of the USIM operating system. SIMIS3G will generate human readable clear consice reports for each USIM interrogation, with optional additional user entered information such as, operator name, case ID, exhibit number, Handset type etc.
 
  
Recovered data is secured against tampering using both MD5 and SHA-1 hashing techniques. Recovered data, reports and hashing codes are stored locally in unique folders to ensure integrity of data and ease of access.
 
  
Dual SIMIS 2 and SIMIS3G licensing with Auto Detect of card format allows the user to harvest data in a clean simple environment with robust powerful tools, configured for everyday use.
 
  
SIMIS 3G has been evaluated tested and used by leading mobile intelligence examiners and forensic experts. Meeting or exceeding their every needs.
 
  
 
+
[[Category:Tools]]
SIMIS3G comprises of:
+
[[Category:Bibliographies]]
* USB card readers (PCSC Industry standard)
+
[[Category:Timeline Analysis]]
* PC software on CDROM
+
* mini sim adapter and USIM storage card
+
* license
+

Revision as of 17:43, 31 July 2009

Papers

Programs

Zeitline — Forensic timeline editor
http://projects.cerias.purdue.edu/forensics/timeline.php
http://sourceforge.net/projects/zeitline/
sorterSleuthkit's MAC times sorting program.
Simile Timeline and Timeplot

See Also