Difference between pages "SIM Card Forensics" and "Talk:Main Page"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Software)
 
 
Line 1: Line 1:
== Procedures ==
+
I am setting up a global directory of computer forensics analysts, and am looking for feedback to the idea. Although the directory is in the UK, I want it to be global. Any thoughts, please put them on Computer Forensics [http://www.computer-forensics.co.uk] in the forums section. Thanks and regards, Simon
 +
: Given the lack of response I'm not sure this is a viable idea. [[User:Jessek|Jessek]] 21:13, 26 February 2007 (PST)
 +
: Doesn't seem like a good idea to me. [[User:Simsong|Simsong]] 18:50, 15 March 2007 (PDT)
  
Acquire [[SIM Card]] and analyze the following:
+
== Hachoir framework ==
  
* ICCID - Integrated Circuit Card Identification
+
Hi, I'm the author of [http://hachoir.org/ Hachoir], a generic framework for binary file manipulation. I don't know if I can add it in your wiki. I prefer to have your review first :-)
* MSISDN - Subscriber phone number
+
* IMSI - International Mobile Subscriber Identity
+
* LND - Last Dialed numbers
+
* [[LOCI]] - Location Information
+
* LAI - Location Area Identifier
+
* ADN - Abbreviated Dialing Numbers (Contacts)  
+
* FDN - Fixed Dialing Numbers (Provider entered Numbers)
+
* SMS - (Short Messages)
+
* SMSP - Text Message parameters
+
* SMSS - Text message status
+
* Phase - Phase ID
+
* SST - SIM Service table
+
* LP - Preferred languages variable
+
* SPN - Service Provider name
+
* EXT1 - Dialing Extension
+
* EXT2 - Dialing Extension
+
* GID1 - Groups
+
* GID2 - Groups
+
* CBMI - Preferred network messages
+
* PUCT - Calls per unit
+
* ACM - Accumulated Call Meter
+
* ACMmax - Call Limit
+
* HPLMNSP - HPLMN search period
+
* PLMNsel - PLMN selector
+
* FPLMN - Forbidden PLMNs
+
* CCP - Capability configuration parameter
+
* ACC - Access control class
+
* BCCH - Broadcast control channels
+
* Kc - Ciphering Key
+
  
 +
Hachoir supports many file formats (more than 60 formats) and have many features:
 +
* Fault tolerant parser (truncated/buggy file or buggy parser)
 +
* Smart syntax: you don't have to care about endian or charset, and you can mix byte and bit fields
 +
* Few functions to modify files
 +
* File recognition using header/footer in a disk image (in any file) with few false positive (each file is checked using the parser)
 +
* Written in Python: OS independant and easy to script/extend
 +
* curses, wxWidgets and Gtk interfaces
 +
* Many programs based on hachoir-core and hachoir-parser:
 +
  * hachoir-strip: remove metadata and other "useless" informations
 +
  * hachoir-grep: find substring in a binary file (using hachoir parsers: so search is Unicode aware)
 +
  * hachoir-subfile: find all subfiles in a file
 +
  * etc.
  
== Hardware ==
+
: Please add it. [[User:Simsong|Simsong]] 09:50, 15 March 2007 (PDT)
 
+
:: Done: [[Hachoir]] --[[User:Haypo|Haypo]] 18:44, 18 March 2007 (PDT)
=== Serial ===
+
 
+
* [[MicroDrive 120]] with SmartCard Adapter
+
 
+
=== USB ===
+
 
+
* [[ACR 38T]]
+
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr3311.html SCR3311]
+
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr335.html SCR335]
+
* [http://www.dekart.com/products/hardware/sim_card_reader/ Dekart SIM Card reader]
+
 
+
== Software ==
+
 
+
Wiki Links
+
* [[ForensicSIM]]
+
* [[Paraben SIM Card Seizure]]
+
* [[SIMiFOR]]
+
* [[SIMIS]]
+
* [[SIM Explorer]]
+
 
+
External Links
+
* [http://www.forensicts.co.uk SIMiFOR]
+
* [http://www.simcon.no/ SIMcon]
+
* [http://www.quantaq.com/usimdetective.htm USIM Detective]
+
* [http://www.dekart.com/products/card_management/sim_explorer/ SIM Explorer], [http://www.youtube.com/watch?v=P5dJS7g1o_c video demo of SIM Explorer]
+
* [http://www.data-recovery-mobile-phone.com/ Pro Data Doctor]
+
* [http://www.becker-partner.de/index.php?id=17 Forensic Card Reader (FCR) - German]
+
* [http://www.txsystems.com/sim-manager.html SIM Manager]
+
* [http://vidstrom.net/otools/simquery/ SIMQuery]
+
* [http://users.net.yu/~dejan/ SimScan]
+
* [http://www.nobbi.com/download.htm SIMSpy]
+
* [http://vidstrom.net/stools/undeletesms/ UnDeleteSMS]
+
* [http://www.bkforensics.com/FCR.html Forensic SIM Card Reader]
+
* [http://www.dekart.com/products/card_management/sim_manager/ Dekart SIM Manager], [http://www.youtube.com/watch?v=VaBaqZiNW4U video tutorial on how to recover a deleted SMS]
+
* [http://www.brickhousesecurity.com/cellphone-spy-simcardreader.html Cell Phone SIM Card Spy]
+
* [http://www.mobile-t-mobile.com/mobile-network/SIM-card-reader.html SIM Card Reader]
+
* [http://www.download3000.com/download_46892.html Sim Card Reader Software]
+
* [http://www.freedownloadscenter.com/Utilities/Backup_and_Copy_Utilities/Sim_Card_Recovery.html Sim Card Recovery]
+
* [http://www.spytechs.com/phone-recorders/sims-card-reader.htm Sim Recovery Pro]
+
 
+
== Recovering SIM Card Data ==
+
 
+
* [[Damaged SIM Card Data Recovery]]
+
 
+
== Security ==
+
 
+
SIM cards can have their data protected by a PIN, or Personal Identification Number.  If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered.  Some phones provide the option of using a second PIN, or PIN2, to further protect data.  If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key.  The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone.  Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered.  The PUK must be obtained from the SIM's network provider.  If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone.  In some cases the phone will request a PUK2 before it permanently locks the SIM card.
+
 
+
== See also ==
+
 
+
* [[SIM Cards]]
+
* [http://www.youtube.com/watch?v=w_tcwmzUH6o Troubleshooting the installation of a PC/SC smart card reader (video tutorial)]
+
 
+
== References ==
+
 
+
E-evidence Info - http://www.e-evidence.info/cellular.html
+
Purdue Phone Phorensics Knowledge Base - http://mobileforensicsworld.com/p3/
+

Revision as of 21:44, 18 March 2007

I am setting up a global directory of computer forensics analysts, and am looking for feedback to the idea. Although the directory is in the UK, I want it to be global. Any thoughts, please put them on Computer Forensics [1] in the forums section. Thanks and regards, Simon

Given the lack of response I'm not sure this is a viable idea. Jessek 21:13, 26 February 2007 (PST)
Doesn't seem like a good idea to me. Simsong 18:50, 15 March 2007 (PDT)

Hachoir framework

Hi, I'm the author of Hachoir, a generic framework for binary file manipulation. I don't know if I can add it in your wiki. I prefer to have your review first :-)

Hachoir supports many file formats (more than 60 formats) and have many features:

* Fault tolerant parser (truncated/buggy file or buggy parser)
* Smart syntax: you don't have to care about endian or charset, and you can mix byte and bit fields
* Few functions to modify files
* File recognition using header/footer in a disk image (in any file) with few false positive (each file is checked using the parser)
* Written in Python: OS independant and easy to script/extend
* curses, wxWidgets and Gtk interfaces
* Many programs based on hachoir-core and hachoir-parser:
  * hachoir-strip: remove metadata and other "useless" informations
  * hachoir-grep: find substring in a binary file (using hachoir parsers: so search is Unicode aware)
  * hachoir-subfile: find all subfiles in a file
  * etc.
Please add it. Simsong 09:50, 15 March 2007 (PDT)
Done: Hachoir --Haypo 18:44, 18 March 2007 (PDT)