ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Blogs" and "SIM Card Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(English)
 
(References)
 
Line 1: Line 1:
[[Computer forensics]] related resources like: blogs, fora, tweets, tools and challenges (and test images).
+
== Procedures ==
  
= Blogs =
+
Acquire [[SIM Card]] and analyze the following:
  
== English ==
+
* ICCID - Integrated Circuit Card Identification
 +
* MSISDN - Subscriber phone number
 +
* IMSI - International Mobile Subscriber Identity
 +
* LND - Last Dialed numbers
 +
* [[LOCI]] - Location Information
 +
* LAI - Location Area Identifier
 +
* ADN - Abbreviated Dialing Numbers (Contacts)
 +
* FDN - Fixed Dialing Numbers (Provider entered Numbers)
 +
* SMS - (Short Messages)
 +
* SMSP - Text Message parameters
 +
* SMSS - Text message status
 +
* Phase - Phase ID
 +
* SST - SIM Service table
 +
* LP - Preferred languages variable
 +
* SPN - Service Provider name
 +
* EXT1 - Dialing Extension
 +
* EXT2 - Dialing Extension
 +
* GID1 - Groups
 +
* GID2 - Groups
 +
* CBMI - Preferred network messages
 +
* PUCT - Calls per unit
 +
* ACM - Accumulated Call Meter
 +
* ACMmax - Call Limit
 +
* HPLMNSP - HPLMN search period
 +
* PLMNsel - PLMN selector
 +
* FPLMN - Forbidden PLMNs
 +
* CCP - Capability configuration parameter
 +
* ACC - Access control class
 +
* BCCH - Broadcast control channels
 +
* Kc - Ciphering Key
  
* [http://www.appleexaminer.com/ The Apple Examiner]
 
* [http://computer.forensikblog.de/en/ Computer Forensics Blog], by [[Andreas Schuster]]
 
* [http://www.niiconsulting.com/checkmate/ Checkmate - e-zine on Digital Forensics and Incident Response]
 
* [http://www.infosecinstitute.com/blog/ethical_hacking_computer_forensics.html Jack Koziol - Ethical Hacking and Computer Forensics]
 
* [http://windowsir.blogspot.com/ Windows Incident Response Blog], by [[Harlan Carvey]]
 
* [http://geschonneck.com/ Computer Forensics Blog], by [[Alexander Geschonneck]]
 
* [http://forensicblog.org/ Computer Forensics Blog], by [[Michael Murr]]
 
* [http://forenshick.blogspot.com/ Forensic news, Technology, TV, and more], by [[Jordan Farr]]
 
* [http://unixsadm.blogspot.com/ UNIX, OpenVMS and Windows System Administration, Digital Forensics, High Performance Computing, Clustering and Distributed Systems], by [[Criveti Mihai]]
 
* [http://intrusions.blogspot.com/ Various Authors - Intrusions and Malware Analysis]
 
* [http://chicago-ediscovery.com/education/computer-forensics-glossary/ Computer Forensic Glossary Blog, HOWTOs and other resources], by [[Andrew Hoog]]
 
* [http://secureartisan.wordpress.com/ Digital Forensics with a Focus on EnCase], by [[Paul Bobby]]
 
* [http://www.crimemuseum.org/blog/ National Museum of Crime and Punishment-CSI/Forensics Blog]
 
* [http://forensicsfromthesausagefactory.blogspot.com/ Forensics from the sausage factory]
 
* [http://integriography.wordpress.com Computer Forensics Blog], by [[David Kovar]]
 
* [http://jessekornblum.livejournal.com/ A Geek Raised by Wolves], by [[Jesse Kornblum]]
 
* [http://computer-forensics.sans.org/blog SANS Computer Forensics and Incident Response Blog by SANS Institute]
 
* [http://www.digitalforensicsource.com Digital Forensic Source]
 
* [http://dfsforensics.blogspot.com/ Digital Forensics Solutions]
 
* [http://forensicaliente.blogspot.com/ Forensicaliente]
 
* [http://www.ericjhuber.com/ A Fistful of Dongles]
 
* [http://gleeda.blogspot.com/ JL's stuff]
 
* [http://4n6k.blogspot.com/ 4n6k]
 
* [http://justaskweg.com/ JustAskWeg], by [[Jimmy Weg]]
 
* [http://blog.kiddaland.net/ IR and forensic talk], by [[Kristinn Gudjonsson]]
 
* [http://c-skills.blogspot.ch/ c-skills], by [[Sebastian Krahmer]]
 
* [http://sketchymoose.blogspot.ch/ Sketchymoose's Blog]
 
* [http://www.swiftforensics.com/ All things forensic and security related], by [[Yogesh Khatri]]
 
* [http://dan3lmi.blogspot.pt/ Dlog], by [[Daniela Elmi]]
 
  
=== Windows ===
+
== Hardware ==
* [http://blogs.msdn.com/b/ntdebugging/ ntdebugging - Advanced Windows Debugging and Troubleshooting]
+
  
== Dutch ==
+
=== Serial ===
  
* [http://stam.blogs.com/8bits/ 8 bits], by [[Mark Stam]] (also contain English articles otherwise use [http://translate.google.com/translate?u=http%3A%2F%2Fstam.blogs.com%2F8bits%2Fforensisch%2Findex.html&langpair=nl%7Cen&hl=en&ie=UTF-8 Google translation])
+
* [[MicroDrive 120]] with SmartCard Adapter
  
== French ==
+
=== USB ===
  
* [http://forensics-dev.blogspot.com Forensics-dev] ([http://translate.google.com/translate?u=http%3A%2F%2Fforensics-dev.blogspot.com%2F&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [[ACR 38T]]
 +
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr3311.html SCR3311]
 +
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr335.html SCR335]
 +
* [http://www.dekart.com/products/hardware/sim_card_reader/ Dekart SIM Card reader]
  
== German ==
+
== Software ==
  
* [http://computer.forensikblog.de/ Computer Forensik Blog Gesamtausgabe], by [[Andreas Schuster]] ([http://computer.forensikblog.de/en/ English version])
+
Wiki Links
* [http://computer-forensik.org computer-forensik.org], by [[Alexander Geschonneck]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.computer-forensik.org&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [[ForensicSIM]]
* [http://henrikbecker.blogspot.com Digitale Beweisführung], by [[Henrik Becker]] ([http://translate.google.com/translate?u=http%3A%2F%2Fhenrikbecker.blogspot.com&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [[Paraben SIM Card Seizure]]
 +
* [[SIMiFOR]]
 +
* [[SIMIS]]
 +
* [[SIM Explorer]]
  
== Spanish ==
+
External Links
 +
* [http://www.forensicts.co.uk SIMiFOR]
 +
* [http://www.simcon.no/ SIMcon]
 +
* [http://www.quantaq.com/usimdetective.htm USIM Detective]
 +
* [http://www.dekart.com/products/card_management/sim_explorer/ SIM Explorer], [http://www.youtube.com/watch?v=P5dJS7g1o_c video demo of SIM Explorer]
 +
* [http://www.data-recovery-mobile-phone.com/ Pro Data Doctor]
 +
* [http://www.becker-partner.de/index.php?id=17 Forensic Card Reader (FCR) - German]
 +
* [http://www.txsystems.com/sim-manager.html SIM Manager]
 +
* [http://vidstrom.net/otools/simquery/ SIMQuery]
 +
* [http://users.net.yu/~dejan/ SimScan]
 +
* [http://www.nobbi.com/download.htm SIMSpy]
 +
* [http://vidstrom.net/stools/undeletesms/ UnDeleteSMS]
 +
* [http://www.bkforensics.com/FCR.html Forensic SIM Card Reader]
 +
* [http://www.dekart.com/products/card_management/sim_manager/ Dekart SIM Manager], [http://www.youtube.com/watch?v=VaBaqZiNW4U video tutorial on how to recover a deleted SMS]
 +
* [http://www.brickhousesecurity.com/cellphone-spy-simcardreader.html Cell Phone SIM Card Spy]
 +
* [http://www.mobile-t-mobile.com/mobile-network/SIM-card-reader.html SIM Card Reader]
 +
* [http://www.download3000.com/download_46892.html Sim Card Reader Software]
 +
* [http://www.freedownloadscenter.com/Utilities/Backup_and_Copy_Utilities/Sim_Card_Recovery.html Sim Card Recovery]
 +
* [http://www.spytechs.com/phone-recorders/sims-card-reader.htm Sim Recovery Pro]
  
* [http://www.forensic-es.org/blog forensic-es.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.forensic-es.org%2Fblog&langpair=es%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
== Recovering SIM Card Data ==
* [http://www.inforenses.com InForenseS], by [[Javier Pages]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.inforenses.com&langpair=es%7Cen&hl=es&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [http://windowstips.wordpress.com El diario de Juanito]
+
* [http://conexioninversa.blogspot.com Conexión inversa]
+
  
== Russian ==
+
* [[Damaged SIM Card Data Recovery]]
  
* Group-IB: [http://notheft.ru/blogs/group-ib blog at notheft.ru], [http://www.securitylab.ru/blog/company/group-ib/ blog at securitylab.ru]
+
== Security ==
  
= Related blogs =
+
SIM cards can have their data protected by a PIN, or Personal Identification Number.  If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered.  Some phones provide the option of using a second PIN, or PIN2, to further protect data.  If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key.  The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone.  Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered.  The PUK must be obtained from the SIM's network provider.  If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone.  In some cases the phone will request a PUK2 before it permanently locks the SIM card.
  
* [http://www.c64allstars.de C64Allstars Blog]
+
== See also ==
* [http://www.emergentchaos.com/ Emergent Chaos], by [[Adam Shostack]]
+
* [http://jeffjonas.typepad.com/ Inventor of NORA discusses privacy and all things digital], by [[Jeff Jonas]]
+
* [http://www.cs.uno.edu/~golden/weblog Digital Forensics, Coffee, Benevolent Hacking], by [[Golden G. Richard III]]
+
  
= Circles/Fora/Groups =
+
* [[SIM Cards]]
* [http://forensicfocus.com/ Forensic Focus]
+
* [http://www.youtube.com/watch?v=w_tcwmzUH6o Troubleshooting the installation of a PC/SC smart card reader (video tutorial)]
* [http://tech.groups.yahoo.com/group/win4n6 Yahoo! groups: win4n6 · Windows Forensic Analysis]
+
  
= Tweets =
+
== External Links ==
* [http://twitter.com/#!/search/%23DFIR?q=%23DFIR #DFIR]
+
* E-evidence Info - http://www.e-evidence.info/cellular.html
* [http://twitter.com/#!/search/%23forensics #forensics]
+
* Purdue Phone Phorensics Knowledge Base - http://mobileforensicsworld.com/p3/
 
+
* [http://www.forensicmag.com/articles/2011/04/sim-forensics-part-1 SIM Forensics: Part 1], by John J. Barbara, April 25, 2011
= Tools =
+
* [http://www.forensicmag.com/articles/2011/06/sim-forensics-part-2 SIM Forensics: Part 2], by John J. Barbara, June 15, 2011
* [http://www2.opensourceforensics.org/ Open Source Digital Forensics]
+
* [http://www.forensicmag.com/articles/2011/08/sim-forensics-part-3 SIM Forensics: Part 3], by John J. Barbara, August 5, 2011
* [http://forensiccontrol.com/resources/free-software/ Free computer forensic tools]
+
* [http://code.google.com/p/libyal/ Yet another library library (and tools)]
+
 
+
= Challenges (and test images) =
+
* [http://www.dc3.mil/challenge/ DC3 Challenges]
+
* [http://testimages.wordpress.com/ Digital Forensics Test Images]
+
* [http://www.forensicfocus.com/images-and-challenges Forensic Focus - Test Images and Forensic Challenges]
+
* [https://www.honeynet.org/challenges/ Honeynet Project Challenges]
+
* [http://testimages.wordpress.com/ Digital Forensic Test Images]
+
* [http://secondlookforensics.com/linux-memory-images/ Second Look - Linux Memory Images]
+
* [http://sourceforge.net/projects/nullconctf2014/ NullconCTF2014]
+
 
+
= Conferences =
+
See: [[:Category:Conferences|Conferences]]
+
 
+
[[Category:Further information]]
+

Latest revision as of 07:51, 22 April 2014

Procedures

Acquire SIM Card and analyze the following:

  • ICCID - Integrated Circuit Card Identification
  • MSISDN - Subscriber phone number
  • IMSI - International Mobile Subscriber Identity
  • LND - Last Dialed numbers
  • LOCI - Location Information
  • LAI - Location Area Identifier
  • ADN - Abbreviated Dialing Numbers (Contacts)
  • FDN - Fixed Dialing Numbers (Provider entered Numbers)
  • SMS - (Short Messages)
  • SMSP - Text Message parameters
  • SMSS - Text message status
  • Phase - Phase ID
  • SST - SIM Service table
  • LP - Preferred languages variable
  • SPN - Service Provider name
  • EXT1 - Dialing Extension
  • EXT2 - Dialing Extension
  • GID1 - Groups
  • GID2 - Groups
  • CBMI - Preferred network messages
  • PUCT - Calls per unit
  • ACM - Accumulated Call Meter
  • ACMmax - Call Limit
  • HPLMNSP - HPLMN search period
  • PLMNsel - PLMN selector
  • FPLMN - Forbidden PLMNs
  • CCP - Capability configuration parameter
  • ACC - Access control class
  • BCCH - Broadcast control channels
  • Kc - Ciphering Key


Hardware

Serial

USB

Software

Wiki Links

External Links

Recovering SIM Card Data

Security

SIM cards can have their data protected by a PIN, or Personal Identification Number. If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered. Some phones provide the option of using a second PIN, or PIN2, to further protect data. If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key. The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone. Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered. The PUK must be obtained from the SIM's network provider. If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone. In some cases the phone will request a PUK2 before it permanently locks the SIM card.

See also

External Links