Difference between pages "Palm" and "SIM Cards"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Moved versions to section section, fixed bulleted points)
 
m (Reverted edit of Porker, changed back to last version by Uwe Hermann)
 
Line 1: Line 1:
__TOC__
+
[[Image:Simpic.jpg|thumb|A typical SIM card.]]
  
=Overview=
+
== SIM-Subscriber Identity Module ==
  
A "Palm" is a commonly referred to as a small-scale (hand-held) computer that runs Palm's PalmOS software.
+
The terms '''SIM''', '''smart card''', and '''UICC''' have an unfortunate tendency to be used interchangeably. The UICC is hardware. A SIM is a software application.  Generally speaking, a smart card is a UICC running a SIM as well as possibly other applications.
  
The Palm OS platform is an open architecture that provides a basis for third-party developers and original equipment manufacturers (OEMs) to create mobile computing solutions. The platform consists of five components:<br><br>
+
SIM is actually just an application running on a smartcard. A given card could contain multiple SIMs, allowing, for instance, a given phone to be used on multiple networks.
* The reference hardware design<br>
+
* The device operating system called the Palm OS software<br>
+
* The HotSync conduit data synchronization technology<br>
+
* The platform component tools including an applications programming interface (API) that enables developers to write applications<br>
+
* The software interface capabilities to support hardware add-ons<br>
+
  
(http://www.palm.com/us/company/pr/2000/092000.html, 2000)
+
A typical SIM contains several categories of information. One is the actual identity of the card itself. The SIM needs to have a unique identity to the network. This allows the network to identify what sources the subscriber is entitled to, billing information, etc. A second category relates to the actual operation of the device. Information such as the last number called, or the length of the phone call can be stored. A third category of information is personalized information. Phonebooks or calendars fall into this category. 
  
 +
A SIM has three major purposes:
 +
* Uniquely identify the subscriber
 +
* Determines phone number
 +
* Contains algorithms for network authentification
  
== History ==
+
A SIM contains:
 +
* 16 to 64 KB of memory
 +
* Processor
 +
* [[Operating system]]
  
Palm Computing was founded by Jeff Hawkins, Donna Dubinsky and Ed Colligan.  The original purpose of the company was to create handwriting recognition software for other devices (Graffiti).  The initial idea for the devices came from Hawkins' habit of carrying a block of wood in his pocket.
+
It should be noted that the 16 to 64KB memory limit can be thought of a rule of thumb.  The recent trend has been to produce SIM cards with larger storage capacities, ranging from 512MB up to [http://www.m-systems.com/site/en-US/ M-Systems'] 1GB SIM Card slated for release in late 2006.
  
The initial Palm device released in 1996 was called the Pilot.  Because Pilot Pen Corporation brought forth a trademark infrigement case, the second generation device released in 1997 was named the PalmPilot. 
+
== Uses of SIMs ==
  
The Palm was not the original PDA device released, but benefited from the failure of Apple's Newton.
+
SIM cards can be used in any kind of device or situation where there is a need to authenticate the identity of a user. They are particularly useful when there is a need or desire to provide different types or levels of service to many users who have different configurations.
  
The Palm OS initially featured personal information management (PIM) tools such as Calendar, Contacts, Memo Pad, Expense and TasksAs later versions were released, more features were addedHere is a list of various Palm OS releases:
+
The primary use of SIM cards in the United States is in [[cell phones]]. There are other uses as well. The US military issues smart cards as identification to its personnelThese cards are used to allow users to log into computers.   
  
*  Version 3.1, 3.3, 3.5
+
Europe has seen a wider use of these cards. The credit and debit card industry has integrated this technology in their cards for years. Similarly, a number of European phone companies have used these as phone cards to use in public telephones. The card companies in the United States have evidently not seen enough fraud to have a business justification to switch to this technology. There is some speculation that American credit cards will use a future generation of the technology when the added robustness and security of the system will make more economic sense.
Added support for color, multiple expansion ports, new processors, etc.
+
  
*  Version 4.0
+
The SIM uses a hierarchically organized [[file system]] that stores names, phone numbers, received and sent text messages. It also contains the network configuration information. The SIM also allows for easy transporting of all information from one phone to another. 
Added a standard interface for external FS access
+
  
*  Version 5.0
+
One downside to the use of SIM cards is the amount of thefts that occur. A person could steal a SIM card and use it for their own personal calls, which would be still on the original owner's information log. This is becoming a problem in European countries with the theft of SIM cards.
First version to support Acorn Risc Machine (ARM) devices. Later versions which included OS 5.2, featured Graffiti 2. It began the separation of Palm OS and Palm One.  
+
  
Presently, version 6.1 of the Palm OS is under development (Cobalt).  Cobalt features a Linux-based kernel.  There are presently no devices released using Palm OS 6.
+
== SIM Security ==
  
=Features=
+
There are two things that help secure the information located on your SIM. The [[PIN]] (Personal Identification Number) and the [[PUK]] (Personal Unlocking Code).
<table>
+
<tr>
+
<td>'''Address Book''': Allows the user to keep track of their contacts. Synchronized via HotSync manager</td>
+
</tr>
+
<tr>
+
<td>'''Calculator''': Basic 4 function calculator</td>
+
</tr>
+
<tr>
+
<td>'''Datebook''': Track appointments, birthdates and other important times during the year.  Synchronized via HotSync manager</td>
+
</tr>
+
<tr>
+
<td>'''Expenses''': Keep track of your spending habits.</td>
+
</tr>
+
<tr>
+
<td>'''HotSync''': Application that ran on your desktop or portable PC or Mac to allow for calendars and contacts to easily be synchronized with Palm device.</td>
+
</tr>
+
<tr>
+
<td>'''Memo Pad''': Write short notes.</td>
+
</tr>
+
<tr>
+
<td>'''Note Pad''': Scribble notes in your natural writing language.</td>
+
</tr>
+
<tr>
+
<td>'''To Do List''': Create a check list of items to accomplish.  Synchronized via HotSync manager.</td>
+
</tr>
+
<tr>
+
<td>'''Palm Photos''': Photo manager that allows sharing of photos between multiple palm devices.</td>
+
</tr>
+
</table>
+
  
==Palm Pilot==
+
When '''PIN protection''' is enabled, every time the phone is turned on - the PIN must be entered. The information on the SIM is locked until the correct code is entered.  The PIN by default is at a standard default number and can be changed on the handset. 
  
==3Com Audrey==
+
If the PIN is incorrectly entered 3 times in a row, the phone is locked making the phone unable to make or receive any calls or [[SMS]] messages. The PUK, which is an 8 digit code, is needed from the network provider to unlock the phone. If the PIN is entered 10 times incorrectly, the SIM is permanently disabled and the SIM must be exchanged.
  
The 3Com Audrey was created to be a kitchen computer in 2000-2001.  It was a mainly a used to access the Internet.  Cisco then bought out 3Com and the Audrey was no more.  One noticeable aspect of the Audrey is how people can hack it.  They have turned it into anything from a web server to a chatting client.  It runs QNX with PalmOS extensions.  This allows it to be hacked extremely easily.
+
== SIM Forensics ==
  
It runs on the Intel-compatible Cyrix-MediaGX processor. It uses Palm's HotSync technology to update the address book and date book with up to two Palms simultaneously. It uses a USB Ethernet controller to connect to the Internet.  It also has built-in stereo speakers to play digital and streaming music.  You can either use the clear pen to input data, or pull out the wireless keyboard.  No graffiti is used.
+
The data that a SIM card can provide the forensics examiner can be invaluable to an investigation. Acquiring a SIM card allows a large amount of information that the suspect has dealt with over the phone to be investigated.
  
It was discontinued on March 21, 2001.  However, there is still an Audrey frenzy going on today.
+
In general, some of this data can help an investigator determine:
 +
* Phone numbers of calls made/received
 +
* Contacts
 +
* [[SMS]] details (time/date, recipient, etc.)
 +
* SMS text (the message itself)
  
==Fossil==
+
There are many software solutions that can help the examiner to acquire the information from the SIM card. One example of such a title is Paraben Forensics' [http://www.paraben-forensics.com/catalog/product_info.php?products_id=289 SIM Card Seizure].  Another example is [http://http://simcon.no/ SIMCon], or SIM Content Controller.  Although it is sold commercialy, the software is offered free of charge to law enforcement agencies.
  
==Garmin==
+
These software titles can extract such technical data from the SIM card as:
 +
* '''Integrated Circuit Card ID (ICCID)''': The serial number of the SIM card
 +
* '''International Mobile Subscriber Identity (IMSI)''': A unique identifying number that identifies the phone/subscription to the [[GSM]] network
 +
* '''Mobile Country Code (MCC)''': A three-digit code that represents the SIM card's country of origin
 +
* '''Mobile Network Code (MNC)''': A two-digit code that represents the SIM card's home network
 +
* '''Mobile Subscriber Identification Number (MSIN)''': A unique ten-digit identifying number that identifies the specific subscriber to the GSM network
 +
* '''Mobile Subscriber International ISDN Number (MSISDN)''': A number that identifies the phone number used by the headset
  
==Kyocera==
+
This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.
  
Kyocera acquired QUALCOMM Incorporated's Code Division Multiple Access (CDMA) wireless phone business in February 2000 and incorporates QUALCOMM's CDMA technology in the development and manufacture of wireless phones. An agreement with Palm Inc. to license the Palm OS platform was reached by Kyocera and Palm after QUALCOMM's acquisition. It is the foundation for a suite of smartphones.
+
== Service Provider Data ==
  
==QualComm==
+
Some additional information the service provider might store:
  
In September 1998, QUALCOMM introduced the pdQ smartphone which was the first CDMA digital wireless phone to integrate the Palm OS software. QUALCOMM’s CDMA handset business was later bought by Kyocera in February 2000.
+
* A customer database
 +
* [[Call Detail Record]]s (CDR)
 +
* [[Home Location Register]] (HLR)
 +
* ...
  
==Samsung==
+
== References ==
  
==Sony Cli&Egrave;==
+
* [http://www.sectorforensics.co.uk/sim-examination.shtml Sector Forensics]
 
+
* [http://www.utica.edu/academic/institutes/ecii/ijde/articles.cfm?action=issue&id=5 IJDE Spring 2003 Volume 2, Issue 1 ]: [http://www.utica.edu/academic/institutes/ecii/publications/articles/A0658858-BFF6-C537-7CF86A78D6DE746D.pdf Forensics and the GSM Mobile Telephone System] (PDF)
==Symbol==
+
 
+
==TapWave==
+
 
+
==TRG==
+
 
+
==Handspring Visor==
+
 
+
The original creators of the PalmPilot, Jeff Hawkins, Donna Dubinsky, and Ed Colligan, left Palm Computing after desputes with the parent company 3com. As a result, the trio founded Handspring in 1998. The first product released in 1999 was called the Handspring Visor, a clone of the original PalmPilot with minor additions, that used the newly created Palm OS. One of it's most prominent features was USB support and an expansion slot for memory cards, both of which were not yet popular at the time.
+
 
+
The Visor line includes:
+
<ul>
+
<li>Visor and Visor Deluxe</li>
+
<li>Visor Prism</li>
+
<li>Visor Platinum</li>
+
<li>Visor Edge</li>
+
<li>Visor Neo</li>
+
<li>Visor Pro</li>
+
</ul>
+
 
+
==Treo==
+
Treo manufacturers a variety of devices, including the LifeDrive, Treo 650 and 700w, Palm Z22 and Tx, and the Tungsten E2. Each of these devices is marketed at a different segment of the market.  For example, the LifeDrive contains a 4GB integrated hard drive and is advertised as a portable multimedia device that plays videos and MP3s.  The LifeDrive Also includes integrated WiFi and Bluetooth capabilities.  The Treo 650 and 700w are the company's Smartphones.  The Treo 650 runs Palm OS, while the 700w runs on Windows Mobile.  The Z22, Tx, and Tungsten E2 are primarily designed to be personal organizers.
+
 
+
=Forensics=
+
Forensics for Palm devices is a nascent field. There are several tools available for the image acquisition and analysis of Palm devices.
+
 
+
==EnCase==
+
EnCase, published by Guidance Software, is a complete cyber forensics software package that handles all steps of the investigative process, from the acquisition to the report creation.  The software includes built-in capabilities for performing MD5 hashing, data carving, deleted file recovery, and many other functions.
+
 
+
Although traditionally relegated to the realm of desktop computer forensics investigations, EnCase does support the acquisition and analysis of a limited number of Palm devices.
+
 
+
=References=
+
http://www.answers.com/topic/palm-os
+
 
+
http://www.palm.com/us/
+
 
+
http://www.encase.com
+

Revision as of 11:57, 16 April 2006

A typical SIM card.

Contents

SIM-Subscriber Identity Module

The terms SIM, smart card, and UICC have an unfortunate tendency to be used interchangeably. The UICC is hardware. A SIM is a software application. Generally speaking, a smart card is a UICC running a SIM as well as possibly other applications.

SIM is actually just an application running on a smartcard. A given card could contain multiple SIMs, allowing, for instance, a given phone to be used on multiple networks.

A typical SIM contains several categories of information. One is the actual identity of the card itself. The SIM needs to have a unique identity to the network. This allows the network to identify what sources the subscriber is entitled to, billing information, etc. A second category relates to the actual operation of the device. Information such as the last number called, or the length of the phone call can be stored. A third category of information is personalized information. Phonebooks or calendars fall into this category.

A SIM has three major purposes:

  • Uniquely identify the subscriber
  • Determines phone number
  • Contains algorithms for network authentification

A SIM contains:

It should be noted that the 16 to 64KB memory limit can be thought of a rule of thumb. The recent trend has been to produce SIM cards with larger storage capacities, ranging from 512MB up to M-Systems' 1GB SIM Card slated for release in late 2006.

Uses of SIMs

SIM cards can be used in any kind of device or situation where there is a need to authenticate the identity of a user. They are particularly useful when there is a need or desire to provide different types or levels of service to many users who have different configurations.

The primary use of SIM cards in the United States is in cell phones. There are other uses as well. The US military issues smart cards as identification to its personnel. These cards are used to allow users to log into computers.

Europe has seen a wider use of these cards. The credit and debit card industry has integrated this technology in their cards for years. Similarly, a number of European phone companies have used these as phone cards to use in public telephones. The card companies in the United States have evidently not seen enough fraud to have a business justification to switch to this technology. There is some speculation that American credit cards will use a future generation of the technology when the added robustness and security of the system will make more economic sense.

The SIM uses a hierarchically organized file system that stores names, phone numbers, received and sent text messages. It also contains the network configuration information. The SIM also allows for easy transporting of all information from one phone to another.

One downside to the use of SIM cards is the amount of thefts that occur. A person could steal a SIM card and use it for their own personal calls, which would be still on the original owner's information log. This is becoming a problem in European countries with the theft of SIM cards.

SIM Security

There are two things that help secure the information located on your SIM. The PIN (Personal Identification Number) and the PUK (Personal Unlocking Code).

When PIN protection is enabled, every time the phone is turned on - the PIN must be entered. The information on the SIM is locked until the correct code is entered. The PIN by default is at a standard default number and can be changed on the handset.

If the PIN is incorrectly entered 3 times in a row, the phone is locked making the phone unable to make or receive any calls or SMS messages. The PUK, which is an 8 digit code, is needed from the network provider to unlock the phone. If the PIN is entered 10 times incorrectly, the SIM is permanently disabled and the SIM must be exchanged.

SIM Forensics

The data that a SIM card can provide the forensics examiner can be invaluable to an investigation. Acquiring a SIM card allows a large amount of information that the suspect has dealt with over the phone to be investigated.

In general, some of this data can help an investigator determine:

  • Phone numbers of calls made/received
  • Contacts
  • SMS details (time/date, recipient, etc.)
  • SMS text (the message itself)

There are many software solutions that can help the examiner to acquire the information from the SIM card. One example of such a title is Paraben Forensics' SIM Card Seizure. Another example is SIMCon, or SIM Content Controller. Although it is sold commercialy, the software is offered free of charge to law enforcement agencies.

These software titles can extract such technical data from the SIM card as:

  • Integrated Circuit Card ID (ICCID): The serial number of the SIM card
  • International Mobile Subscriber Identity (IMSI): A unique identifying number that identifies the phone/subscription to the GSM network
  • Mobile Country Code (MCC): A three-digit code that represents the SIM card's country of origin
  • Mobile Network Code (MNC): A two-digit code that represents the SIM card's home network
  • Mobile Subscriber Identification Number (MSIN): A unique ten-digit identifying number that identifies the specific subscriber to the GSM network
  • Mobile Subscriber International ISDN Number (MSISDN): A number that identifies the phone number used by the headset

This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.

Service Provider Data

Some additional information the service provider might store:

References