Difference between pages "Blogs" and "SIM Card Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(English)
 
(References)
 
Line 1: Line 1:
[[Computer forensics]] related resources like: blogs, fora, tweets, tools and challenges (and test images).
+
== Procedures ==
  
= Blogs =
+
Acquire [[SIM Card]] and analyze the following:
  
== English ==
+
* ICCID - Integrated Circuit Card Identification
 +
* MSISDN - Subscriber phone number
 +
* IMSI - International Mobile Subscriber Identity
 +
* LND - Last Dialed numbers
 +
* [[LOCI]] - Location Information
 +
* LAI - Location Area Identifier
 +
* ADN - Abbreviated Dialing Numbers (Contacts)
 +
* FDN - Fixed Dialing Numbers (Provider entered Numbers)
 +
* SMS - (Short Messages)
 +
* SMSP - Text Message parameters
 +
* SMSS - Text message status
 +
* Phase - Phase ID
 +
* SST - SIM Service table
 +
* LP - Preferred languages variable
 +
* SPN - Service Provider name
 +
* EXT1 - Dialing Extension
 +
* EXT2 - Dialing Extension
 +
* GID1 - Groups
 +
* GID2 - Groups
 +
* CBMI - Preferred network messages
 +
* PUCT - Calls per unit
 +
* ACM - Accumulated Call Meter
 +
* ACMmax - Call Limit
 +
* HPLMNSP - HPLMN search period
 +
* PLMNsel - PLMN selector
 +
* FPLMN - Forbidden PLMNs
 +
* CCP - Capability configuration parameter
 +
* ACC - Access control class
 +
* BCCH - Broadcast control channels
 +
* Kc - Ciphering Key
  
* [http://www.appleexaminer.com/ The Apple Examiner]
 
* [http://computer.forensikblog.de/en/ Computer Forensics Blog], by [[Andreas Schuster]]
 
* [http://www.niiconsulting.com/checkmate/ Checkmate - e-zine on Digital Forensics and Incident Response]
 
* [http://www.infosecinstitute.com/blog/ethical_hacking_computer_forensics.html Jack Koziol - Ethical Hacking and Computer Forensics]
 
* [http://windowsir.blogspot.com/ Windows Incident Response Blog], by [[Harlan Carvey]]
 
* [http://geschonneck.com/ Computer Forensics Blog], by [[Alexander Geschonneck]]
 
* [http://forensicblog.org/ Computer Forensics Blog], by [[Michael Murr]]
 
* [http://forenshick.blogspot.com/ Forensic news, Technology, TV, and more], by [[Jordan Farr]]
 
* [http://unixsadm.blogspot.com/ UNIX, OpenVMS and Windows System Administration, Digital Forensics, High Performance Computing, Clustering and Distributed Systems], by [[Criveti Mihai]]
 
* [http://intrusions.blogspot.com/ Various Authors - Intrusions and Malware Analysis]
 
* [http://chicago-ediscovery.com/education/computer-forensics-glossary/ Computer Forensic Glossary Blog, HOWTOs and other resources], by [[Andrew Hoog]]
 
* [http://secureartisan.wordpress.com/ Digital Forensics with a Focus on EnCase], by [[Paul Bobby]]
 
* [http://www.crimemuseum.org/blog/ National Museum of Crime and Punishment-CSI/Forensics Blog]
 
* [http://forensicsfromthesausagefactory.blogspot.com/ Forensics from the sausage factory]
 
* [http://integriography.wordpress.com Computer Forensics Blog], by [[David Kovar]]
 
* [http://jessekornblum.livejournal.com/ A Geek Raised by Wolves], by [[Jesse Kornblum]]
 
* [http://computer-forensics.sans.org/blog SANS Computer Forensics and Incident Response Blog by SANS Institute]
 
* [http://www.digitalforensicsource.com Digital Forensic Source]
 
* [http://dfsforensics.blogspot.com/ Digital Forensics Solutions]
 
* [http://forensicaliente.blogspot.com/ Forensicaliente]
 
* [http://www.ericjhuber.com/ A Fistful of Dongles]
 
* [http://gleeda.blogspot.com/ JL's stuff]
 
* [http://4n6k.blogspot.com/ 4n6k]
 
* [http://justaskweg.com/ JustAskWeg], by [[Jimmy Weg]]
 
* [http://blog.kiddaland.net/ IR and forensic talk], by [[Kristinn Gudjonsson]]
 
* [http://c-skills.blogspot.ch/ c-skills], by [[Sebastian Krahmer]]
 
* [http://sketchymoose.blogspot.ch/ Sketchymoose's Blog]
 
* [http://www.swiftforensics.com/ All things forensic and security related], by [[Yogesh Khatri]]
 
* [http://dan3lmi.blogspot.pt/ Dlog], by [[Daniela Elmi]]
 
  
=== Windows ===
+
== Hardware ==
* [http://blogs.msdn.com/b/ntdebugging/ ntdebugging - Advanced Windows Debugging and Troubleshooting]
+
  
== Dutch ==
+
=== Serial ===
  
* [http://stam.blogs.com/8bits/ 8 bits], by [[Mark Stam]] (also contain English articles otherwise use [http://translate.google.com/translate?u=http%3A%2F%2Fstam.blogs.com%2F8bits%2Fforensisch%2Findex.html&langpair=nl%7Cen&hl=en&ie=UTF-8 Google translation])
+
* [[MicroDrive 120]] with SmartCard Adapter
  
== French ==
+
=== USB ===
  
* [http://forensics-dev.blogspot.com Forensics-dev] ([http://translate.google.com/translate?u=http%3A%2F%2Fforensics-dev.blogspot.com%2F&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [[ACR 38T]]
 +
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr3311.html SCR3311]
 +
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr335.html SCR335]
 +
* [http://www.dekart.com/products/hardware/sim_card_reader/ Dekart SIM Card reader]
  
== German ==
+
== Software ==
  
* [http://computer.forensikblog.de/ Computer Forensik Blog Gesamtausgabe], by [[Andreas Schuster]] ([http://computer.forensikblog.de/en/ English version])
+
Wiki Links
* [http://computer-forensik.org computer-forensik.org], by [[Alexander Geschonneck]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.computer-forensik.org&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [[ForensicSIM]]
* [http://henrikbecker.blogspot.com Digitale Beweisführung], by [[Henrik Becker]] ([http://translate.google.com/translate?u=http%3A%2F%2Fhenrikbecker.blogspot.com&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [[Paraben SIM Card Seizure]]
 +
* [[SIMiFOR]]
 +
* [[SIMIS]]
 +
* [[SIM Explorer]]
  
== Spanish ==
+
External Links
 +
* [http://www.forensicts.co.uk SIMiFOR]
 +
* [http://www.simcon.no/ SIMcon]
 +
* [http://www.quantaq.com/usimdetective.htm USIM Detective]
 +
* [http://www.dekart.com/products/card_management/sim_explorer/ SIM Explorer], [http://www.youtube.com/watch?v=P5dJS7g1o_c video demo of SIM Explorer]
 +
* [http://www.data-recovery-mobile-phone.com/ Pro Data Doctor]
 +
* [http://www.becker-partner.de/index.php?id=17 Forensic Card Reader (FCR) - German]
 +
* [http://www.txsystems.com/sim-manager.html SIM Manager]
 +
* [http://vidstrom.net/otools/simquery/ SIMQuery]
 +
* [http://users.net.yu/~dejan/ SimScan]
 +
* [http://www.nobbi.com/download.htm SIMSpy]
 +
* [http://vidstrom.net/stools/undeletesms/ UnDeleteSMS]
 +
* [http://www.bkforensics.com/FCR.html Forensic SIM Card Reader]
 +
* [http://www.dekart.com/products/card_management/sim_manager/ Dekart SIM Manager], [http://www.youtube.com/watch?v=VaBaqZiNW4U video tutorial on how to recover a deleted SMS]
 +
* [http://www.brickhousesecurity.com/cellphone-spy-simcardreader.html Cell Phone SIM Card Spy]
 +
* [http://www.mobile-t-mobile.com/mobile-network/SIM-card-reader.html SIM Card Reader]
 +
* [http://www.download3000.com/download_46892.html Sim Card Reader Software]
 +
* [http://www.freedownloadscenter.com/Utilities/Backup_and_Copy_Utilities/Sim_Card_Recovery.html Sim Card Recovery]
 +
* [http://www.spytechs.com/phone-recorders/sims-card-reader.htm Sim Recovery Pro]
  
* [http://www.forensic-es.org/blog forensic-es.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.forensic-es.org%2Fblog&langpair=es%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
== Recovering SIM Card Data ==
* [http://www.inforenses.com InForenseS], by [[Javier Pages]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.inforenses.com&langpair=es%7Cen&hl=es&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [http://windowstips.wordpress.com El diario de Juanito]
+
* [http://conexioninversa.blogspot.com Conexión inversa]
+
  
== Russian ==
+
* [[Damaged SIM Card Data Recovery]]
  
* Group-IB: [http://notheft.ru/blogs/group-ib blog at notheft.ru], [http://www.securitylab.ru/blog/company/group-ib/ blog at securitylab.ru]
+
== Security ==
  
= Related blogs =
+
SIM cards can have their data protected by a PIN, or Personal Identification Number.  If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered.  Some phones provide the option of using a second PIN, or PIN2, to further protect data.  If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key.  The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone.  Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered.  The PUK must be obtained from the SIM's network provider.  If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone.  In some cases the phone will request a PUK2 before it permanently locks the SIM card.
  
* [http://www.c64allstars.de C64Allstars Blog]
+
== See also ==
* [http://www.emergentchaos.com/ Emergent Chaos], by [[Adam Shostack]]
+
* [http://jeffjonas.typepad.com/ Inventor of NORA discusses privacy and all things digital], by [[Jeff Jonas]]
+
* [http://www.cs.uno.edu/~golden/weblog Digital Forensics, Coffee, Benevolent Hacking], by [[Golden G. Richard III]]
+
  
= Circles/Fora/Groups =
+
* [[SIM Cards]]
* [http://forensicfocus.com/ Forensic Focus]
+
* [http://www.youtube.com/watch?v=w_tcwmzUH6o Troubleshooting the installation of a PC/SC smart card reader (video tutorial)]
* [http://tech.groups.yahoo.com/group/win4n6 Yahoo! groups: win4n6 · Windows Forensic Analysis]
+
  
= Tweets =
+
== External Links ==
* [http://twitter.com/#!/search/%23DFIR?q=%23DFIR #DFIR]
+
* E-evidence Info - http://www.e-evidence.info/cellular.html
* [http://twitter.com/#!/search/%23forensics #forensics]
+
* Purdue Phone Phorensics Knowledge Base - http://mobileforensicsworld.com/p3/
 
+
* [http://www.forensicmag.com/articles/2011/04/sim-forensics-part-1 SIM Forensics: Part 1], by John J. Barbara, April 25, 2011
= Tools =
+
* [http://www.forensicmag.com/articles/2011/06/sim-forensics-part-2 SIM Forensics: Part 2], by John J. Barbara, June 15, 2011
* [http://www2.opensourceforensics.org/ Open Source Digital Forensics]
+
* [http://www.forensicmag.com/articles/2011/08/sim-forensics-part-3 SIM Forensics: Part 3], by John J. Barbara, August 5, 2011
* [http://forensiccontrol.com/resources/free-software/ Free computer forensic tools]
+
* [http://code.google.com/p/libyal/ Yet another library library (and tools)]
+
 
+
= Challenges (and test images) =
+
* [http://www.dc3.mil/challenge/ DC3 Challenges]
+
* [http://testimages.wordpress.com/ Digital Forensics Test Images]
+
* [http://www.forensicfocus.com/images-and-challenges Forensic Focus - Test Images and Forensic Challenges]
+
* [https://www.honeynet.org/challenges/ Honeynet Project Challenges]
+
* [http://testimages.wordpress.com/ Digital Forensic Test Images]
+
* [http://secondlookforensics.com/linux-memory-images/ Second Look - Linux Memory Images]
+
* [http://sourceforge.net/projects/nullconctf2014/ NullconCTF2014]
+
 
+
= Conferences =
+
See: [[:Category:Conferences|Conferences]]
+
 
+
[[Category:Further information]]
+

Latest revision as of 02:51, 22 April 2014

Procedures

Acquire SIM Card and analyze the following:

  • ICCID - Integrated Circuit Card Identification
  • MSISDN - Subscriber phone number
  • IMSI - International Mobile Subscriber Identity
  • LND - Last Dialed numbers
  • LOCI - Location Information
  • LAI - Location Area Identifier
  • ADN - Abbreviated Dialing Numbers (Contacts)
  • FDN - Fixed Dialing Numbers (Provider entered Numbers)
  • SMS - (Short Messages)
  • SMSP - Text Message parameters
  • SMSS - Text message status
  • Phase - Phase ID
  • SST - SIM Service table
  • LP - Preferred languages variable
  • SPN - Service Provider name
  • EXT1 - Dialing Extension
  • EXT2 - Dialing Extension
  • GID1 - Groups
  • GID2 - Groups
  • CBMI - Preferred network messages
  • PUCT - Calls per unit
  • ACM - Accumulated Call Meter
  • ACMmax - Call Limit
  • HPLMNSP - HPLMN search period
  • PLMNsel - PLMN selector
  • FPLMN - Forbidden PLMNs
  • CCP - Capability configuration parameter
  • ACC - Access control class
  • BCCH - Broadcast control channels
  • Kc - Ciphering Key


Hardware

Serial

USB

Software

Wiki Links

External Links

Recovering SIM Card Data

Security

SIM cards can have their data protected by a PIN, or Personal Identification Number. If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered. Some phones provide the option of using a second PIN, or PIN2, to further protect data. If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key. The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone. Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered. The PUK must be obtained from the SIM's network provider. If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone. In some cases the phone will request a PUK2 before it permanently locks the SIM card.

See also

External Links