Difference between pages "Volatility Framework" and "SIM Card Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Update website links.)
 
(References)
 
Line 1: Line 1:
{{Infobox_Software |
+
== Procedures ==
  name = Volatility |
+
  maintainer = [[AAron Walters]] |
+
  os = {{Cross-platform}} |
+
  genre = {{Memory analysis}} |
+
  license = {{GPL}} |
+
  website = [https://code.google.com/p/volatility/ https://code.google.com/p/volatility/] |
+
}}
+
  
The '''Volatility Framework''' is a completely open collection of tools, implemented in Python under the GNU General Public License (GPL v2), for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.
+
Acquire [[SIM Card]] and analyze the following:
  
The project was originally developed by and is now headed up by [[AAron Walters]] of [[Volatile Systems]].
+
* ICCID - Integrated Circuit Card Identification
 +
* MSISDN - Subscriber phone number
 +
* IMSI - International Mobile Subscriber Identity
 +
* LND - Last Dialed numbers
 +
* [[LOCI]] - Location Information
 +
* LAI - Location Area Identifier
 +
* ADN - Abbreviated Dialing Numbers (Contacts)
 +
* FDN - Fixed Dialing Numbers (Provider entered Numbers)
 +
* SMS - (Short Messages)
 +
* SMSP - Text Message parameters
 +
* SMSS - Text message status
 +
* Phase - Phase ID
 +
* SST - SIM Service table
 +
* LP - Preferred languages variable
 +
* SPN - Service Provider name
 +
* EXT1 - Dialing Extension
 +
* EXT2 - Dialing Extension
 +
* GID1 - Groups
 +
* GID2 - Groups
 +
* CBMI - Preferred network messages
 +
* PUCT - Calls per unit
 +
* ACM - Accumulated Call Meter
 +
* ACMmax - Call Limit
 +
* HPLMNSP - HPLMN search period
 +
* PLMNsel - PLMN selector
 +
* FPLMN - Forbidden PLMNs
 +
* CCP - Capability configuration parameter
 +
* ACC - Access control class
 +
* BCCH - Broadcast control channels
 +
* Kc - Ciphering Key
  
== Plugins ==
 
See: [[List of Volatility Plugins]]
 
  
== Memory acquisition drivers ==
+
== Hardware ==
  
In 2012 [[Michael Cohen]] contributed both a Linux and a Windows Open Source memory (acquisition) driver to the Volatility project as part of the Technology Preview (TP) version, aka scudette branch.
+
=== Serial ===
Since the scudette branch of Volatility has moved on as a separate project, the drivers can now be found as part of the [[rekall]] project.
+
  
== See Also ==
+
* [[MicroDrive 120]] with SmartCard Adapter
* [[List of Volatility Plugins]]
+
 
 +
=== USB ===
 +
 
 +
* [[ACR 38T]]
 +
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr3311.html SCR3311]
 +
* [http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr335.html SCR335]
 +
* [http://www.dekart.com/products/hardware/sim_card_reader/ Dekart SIM Card reader]
 +
 
 +
== Software ==
 +
 
 +
Wiki Links
 +
* [[ForensicSIM]]
 +
* [[Paraben SIM Card Seizure]]
 +
* [[SIMiFOR]]
 +
* [[SIMIS]]
 +
* [[SIM Explorer]]
 +
 
 +
External Links
 +
* [http://www.forensicts.co.uk SIMiFOR]
 +
* [http://www.simcon.no/ SIMcon]
 +
* [http://www.quantaq.com/usimdetective.htm USIM Detective]
 +
* [http://www.dekart.com/products/card_management/sim_explorer/ SIM Explorer], [http://www.youtube.com/watch?v=P5dJS7g1o_c video demo of SIM Explorer]
 +
* [http://www.data-recovery-mobile-phone.com/ Pro Data Doctor]
 +
* [http://www.becker-partner.de/index.php?id=17 Forensic Card Reader (FCR) - German]
 +
* [http://www.txsystems.com/sim-manager.html SIM Manager]
 +
* [http://vidstrom.net/otools/simquery/ SIMQuery]
 +
* [http://users.net.yu/~dejan/ SimScan]
 +
* [http://www.nobbi.com/download.htm SIMSpy]
 +
* [http://vidstrom.net/stools/undeletesms/ UnDeleteSMS]
 +
* [http://www.bkforensics.com/FCR.html Forensic SIM Card Reader]
 +
* [http://www.dekart.com/products/card_management/sim_manager/ Dekart SIM Manager], [http://www.youtube.com/watch?v=VaBaqZiNW4U video tutorial on how to recover a deleted SMS]
 +
* [http://www.brickhousesecurity.com/cellphone-spy-simcardreader.html Cell Phone SIM Card Spy]
 +
* [http://www.mobile-t-mobile.com/mobile-network/SIM-card-reader.html SIM Card Reader]
 +
* [http://www.download3000.com/download_46892.html Sim Card Reader Software]
 +
* [http://www.freedownloadscenter.com/Utilities/Backup_and_Copy_Utilities/Sim_Card_Recovery.html Sim Card Recovery]
 +
* [http://www.spytechs.com/phone-recorders/sims-card-reader.htm Sim Recovery Pro]
 +
 
 +
== Recovering SIM Card Data ==
 +
 
 +
* [[Damaged SIM Card Data Recovery]]
 +
 
 +
== Security ==
 +
 
 +
SIM cards can have their data protected by a PIN, or Personal Identification Number.  If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered.  Some phones provide the option of using a second PIN, or PIN2, to further protect data.  If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key.  The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone.  Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered.  The PUK must be obtained from the SIM's network provider.  If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone.  In some cases the phone will request a PUK2 before it permanently locks the SIM card.
 +
 
 +
== See also ==
 +
 
 +
* [[SIM Cards]]
 +
* [http://www.youtube.com/watch?v=w_tcwmzUH6o Troubleshooting the installation of a PC/SC smart card reader (video tutorial)]
  
 
== External Links ==
 
== External Links ==
* [https://code.google.com/p/volatility/ Official web site]
+
* E-evidence Info - http://www.e-evidence.info/cellular.html
* [http://code.google.com/p/volatility/source/checkout Code repository], direct link to [http://code.google.com/p/volatility/source/browse/ source]
+
* Purdue Phone Phorensics Knowledge Base - http://mobileforensicsworld.com/p3/
* [http://code.google.com/p/volatility/w/list Volatility Documentation]
+
* [http://www.forensicmag.com/articles/2011/04/sim-forensics-part-1 SIM Forensics: Part 1], by John J. Barbara, April 25, 2011
 +
* [http://www.forensicmag.com/articles/2011/06/sim-forensics-part-2 SIM Forensics: Part 2], by John J. Barbara, June 15, 2011
 +
* [http://www.forensicmag.com/articles/2011/08/sim-forensics-part-3 SIM Forensics: Part 3], by John J. Barbara, August 5, 2011

Latest revision as of 03:51, 22 April 2014

Procedures

Acquire SIM Card and analyze the following:

  • ICCID - Integrated Circuit Card Identification
  • MSISDN - Subscriber phone number
  • IMSI - International Mobile Subscriber Identity
  • LND - Last Dialed numbers
  • LOCI - Location Information
  • LAI - Location Area Identifier
  • ADN - Abbreviated Dialing Numbers (Contacts)
  • FDN - Fixed Dialing Numbers (Provider entered Numbers)
  • SMS - (Short Messages)
  • SMSP - Text Message parameters
  • SMSS - Text message status
  • Phase - Phase ID
  • SST - SIM Service table
  • LP - Preferred languages variable
  • SPN - Service Provider name
  • EXT1 - Dialing Extension
  • EXT2 - Dialing Extension
  • GID1 - Groups
  • GID2 - Groups
  • CBMI - Preferred network messages
  • PUCT - Calls per unit
  • ACM - Accumulated Call Meter
  • ACMmax - Call Limit
  • HPLMNSP - HPLMN search period
  • PLMNsel - PLMN selector
  • FPLMN - Forbidden PLMNs
  • CCP - Capability configuration parameter
  • ACC - Access control class
  • BCCH - Broadcast control channels
  • Kc - Ciphering Key


Hardware

Serial

USB

Software

Wiki Links

External Links

Recovering SIM Card Data

Security

SIM cards can have their data protected by a PIN, or Personal Identification Number. If a user has enabled the PIN on their SIM card, the SIM will remain locked until the PIN is properly entered. Some phones provide the option of using a second PIN, or PIN2, to further protect data. If a user incorrectly enters their PIN number multiple times, the phone may request a PUK, or Personal Unblocking Key. The number of times a PIN must be incorrectly entered before the phone requests the PUK will vary from phone to phone. Once a phone requests a PUK, the SIM will remain locked until the PUK is correctly entered. The PUK must be obtained from the SIM's network provider. If a PUK is incorrectly entered 10 times the SIM will become permanently locked and the user must purchase a new SIM card in order to use the phone. In some cases the phone will request a PUK2 before it permanently locks the SIM card.

See also

External Links