Difference between pages "SIMIS" and "Linux Repositories"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(SIMIS 2G)
 
(Imaging Tools)
 
Line 1: Line 1:
== SIMIS 2G ==
 
  
'''Feature Overview'''
+
There are a number of linux distributions.
* Forensically safe - no facility for the modification of system or user data held on the SIM
+
* Correctly handles PIN and PUK entry under controlled conditions.
+
* Builds a database with unique file references for each SIM Card.
+
* Searchable database with appropriate index categories.
+
* Facility to read data from the SIMIS Mobile card interrogation unit.
+
* Presents data in a printable format for reports.
+
* Provides commented RAW data in a standard format for use in third party applications.
+
  
 +
In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.
  
Typically a SIMIS package consists of:
+
=Repository Setup=
* PC based software application
+
==openSUSE==
* PC/SC Smart Card Reader (USB or Serial)
+
For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:
* Mini-Sim Adapter
+
* USB License Key
+
  
There is also the option to use a PC Card (PCMCIA) Reader for laptops and notebooks.
+
*security
 +
*devel:languages:perl
 +
*devel:languages:python
  
 +
This is most easily done from the command line via (assumes openSUSE 12.1):
  
'''The Search Engine'''
+
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/security/openSUSE_12.1</nowiki> security
 +
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/perl</nowiki>/openSUSE_12.1 perl
 +
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1</nowiki> python
 +
 +
zypper lr  <nowiki>          </nowiki>  # used to verify you have the repos installed
  
The SIMIS database search engine, allows comprehensive searches to be made across all SIM cards data that have been interrogated. Searches can be carried out across the entire database, or can be narrowed down to things like a specific case reference, or a specific mobile number.
+
==fedora==
 +
==debian==
 +
==ubuntu==
  
A typical search would allow you to enter a mobile phone number and identify if that number was held in the ADN of any card previously interrogated - potentially opening up new lines of inquiry in investigations, or linking suspected criminals and networks together.
+
=Computer Forensic Tools=
 +
Below is a list of computer forensic tools.  For each tool the repository it can be found in and the version in the repository is shown.
  
== SIMIS 3G ==
+
As an example, aimage is in the openSUSE security repository and it is version 3.2.5
SIMIS 3G provides the examiner with broadly similar features and facilities to SIMIS 2, however the 3G 'SIM' holds a vast amount of user and network information. SIMIS 3G is a most comprehensive tool for the recovery and clear precise presentation of the data.
+
  
SIMIS 3G presents the recovered data in its original language (Unicode fully supported), in an easily browsable format, complete with comprehensive print facilities and selectable scan depth. SIMIS 3G allows the examiner to view recovered data (including phone book contacts and numbers, SMS text messages, deleted text messages, time and date information and more )
+
==Imaging Tools==
  
SIMIS3G provides access to all areas of the USIM, however SIMIS3G was designed to be intuitive and easy to use, requiring no detailed knowledge of the USIM operating system. SIMIS3G will generate human readable clear consice reports for each USIM interrogation, with optional additional user entered information such as, operator name, case ID, exhibit number, Handset type etc.
+
{|border="1" cellpadding="2" cellspacing="0" {{repository table}}
 +
|-
 +
|rowspan=1| '''Tool'''
 +
|'''openSUSE'''
 +
|'''fedora'''
 +
|'''debian'''
 +
|'''ubuntu'''
 +
|'''comment'''
 +
|'''General Remarks'''
  
Recovered data is secured against tampering using both MD5 and SHA-1 hashing techniques. Recovered data, reports and hashing codes are stored locally in unique folders to ensure integrity of data and ease of access.
+
|-
 +
|rowspan=1| [http://www.e-fense.com/helix/ adepto]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|  <!-- comment -->
 +
|adepto is included in the helix boot cd<!-- General Remarks -->
  
Dual SIMIS 2 and SIMIS3G licensing with Auto Detect of card format allows the user to harvest data in a clean simple environment with robust powerful tools, configured for everyday use.
+
|-
 +
|rowspan=1| [[aimage]]
 +
|security/3.2.5 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a imaging tool to create aff format images  <!-- comment -->
 +
|aimage has been EOL'ed.  guymager or ftkimager (windows/mac) are recommended for creating aff images. <!-- General Remarks -->
  
SIMIS 3G has been evaluated tested and used by leading mobile intelligence examiners and forensic experts. Meeting or exceeding their every needs.
+
|-
 +
|rowspan=1| [[AIR]]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|Automated Image and Restore  <!-- comment -->
 +
|a GUI front-end to dd and dc3dd designed for easily creating forensic bit images <!-- General Remarks -->
  
 +
|-
 +
|rowspan=1| [[dc3dd]]
 +
|security*/7.1.614 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|DoD Cyber Crime Center DD  <!-- comment -->
 +
|This tool was formerly known as dcfldd.  When released as dc3dd it was totally rewritten. <!-- General Remarks -->
  
SIMIS3G comprises of:
+
|-
* USB card readers (PCSC Industry standard)
+
|rowspan=1| [[ddrescue]]
* PC software on CDROM
+
|Base/1.14 <!-- opensuse -->
* mini sim adapter and USIM storage card
+
|?              <!-- fedora-->
* license
+
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|Also known as GNU ddrescue<!-- comment -->
 +
|This tool is different than dd_rescue.
 +
 
 +
|-
 +
|rowspan=1| [[dd_rescue]]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|<!-- comment -->
 +
|This tool is different than GNU ddrescue.
 +
 
 +
|-
 +
|rowspan=1| [[IXimager]]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|A law enforcement only imager<!-- comment -->
 +
|used in conjunction with ILook Investigator
 +
 
 +
|-
 +
|rowspan=1| [[libewf|ewfacquire]]
 +
|security*/20100226 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a imaging tool to create ewf format images  <!-- comment -->
 +
|ewfacquire is part of ewftools in some distributions.<!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [[LinEn]]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a proprietary imaging tool to create ewf format images  <!-- comment -->
 +
|included on the Helix boot CD<!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [[guymager]]
 +
|N/A<!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a imaging tool to create aff format images  <!-- comment -->
 +
|Guymager is an open source forensic imager. It focuses on user friendliness and high speed.  <!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [http://sourceforge.net/projects/rdd rdd]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a dd-like tool, with forensic imaging features  <!-- comment -->
 +
|Rdd is robust with respect to read errors<!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [ftp://ftp.berlios.de/pub/sdd/ sdd]
 +
|Archiving:Backup/1.52 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a dd-like tool<!-- comment -->
 +
|Designed to work well when IBS != OBS.  Working with tape is an example.<!-- General Remarks -->
 +
 
 +
|}
 +
 
 +
*package will appear in the base release with the next full distribution release.

Revision as of 19:28, 24 February 2012

There are a number of linux distributions.

In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.

Repository Setup

openSUSE

For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:

  • security
  • devel:languages:perl
  • devel:languages:python

This is most easily done from the command line via (assumes openSUSE 12.1):

sudo zypper ar -f http://download.opensuse.org/repositories/security/openSUSE_12.1 security
sudo zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/perl/openSUSE_12.1 perl
sudo zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1 python

zypper lr               # used to verify you have the repos installed

fedora

debian

ubuntu

Computer Forensic Tools

Below is a list of computer forensic tools. For each tool the repository it can be found in and the version in the repository is shown.

As an example, aimage is in the openSUSE security repository and it is version 3.2.5

Imaging Tools

Tool openSUSE fedora debian ubuntu comment General Remarks
adepto N/A ? ? ? adepto is included in the helix boot cd
aimage security/3.2.5 ? ? ? a imaging tool to create aff format images aimage has been EOL'ed. guymager or ftkimager (windows/mac) are recommended for creating aff images.
AIR N/A ? ? ? Automated Image and Restore a GUI front-end to dd and dc3dd designed for easily creating forensic bit images
dc3dd security*/7.1.614 ? ? ? DoD Cyber Crime Center DD This tool was formerly known as dcfldd. When released as dc3dd it was totally rewritten.
ddrescue Base/1.14 ? ? ? Also known as GNU ddrescue This tool is different than dd_rescue.
dd_rescue N/A ? ? ? This tool is different than GNU ddrescue.
IXimager N/A ? ? ? A law enforcement only imager used in conjunction with ILook Investigator
ewfacquire security*/20100226 ? ? ? a imaging tool to create ewf format images ewfacquire is part of ewftools in some distributions.
LinEn N/A ? ? ? a proprietary imaging tool to create ewf format images included on the Helix boot CD
guymager N/A ? ? ? a imaging tool to create aff format images Guymager is an open source forensic imager. It focuses on user friendliness and high speed.
rdd N/A ? ? ? a dd-like tool, with forensic imaging features Rdd is robust with respect to read errors
sdd Archiving:Backup/1.52 ? ? ? a dd-like tool Designed to work well when IBS != OBS. Working with tape is an example.
  • package will appear in the base release with the next full distribution release.