DOCSLIB.ORG

SIM Card Forensics: Digital Evidence

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
SIM Card Forensics: Digital Evidence 2016 Annual ADFSL Conference on Digital Forensics, Security and Law Proceedings May 26th, 9:00 AM SIM Card Forensics: Digital Evidence Nada Ibrahim Zayed University, College of Technological Innovation Nuha Al Naqbi Zayed University, College of Technological Innovation Farkhund Iqbal Zayed University, College of Technological Innovation, [email protected] Omar AlFandi Zayed University, College of Technological Innovation, [email protected] Follow this and additional works at: https://commons.erau.edu/adfsl Part of the Aviation Safety and Security Commons, Computer Law Commons, Defense and Security Studies Commons, Forensic Science and Technology Commons, Information Security Commons, National Security Law Commons, OS and Networks Commons, Other Computer Sciences Commons, and the Social Control, Law, Crime, and Deviance Commons Scholarly Commons Citation Ibrahim, Nada; Al Naqbi, Nuha; Iqbal, Farkhund; and AlFandi, Omar, "SIM Card Forensics: Digital Evidence" (2016). Annual ADFSL Conference on Digital Forensics, Security and Law. 3. https://commons.erau.edu/adfsl/2016/thursday/3 This Peer Reviewed Paper is brought to you for free and open access by the Conferences at Scholarly Commons. It has been accepted for inclusion in Annual ADFSL Conference on Digital Forensics, Security and Law by an (c)ADFSL authorized administrator of Scholarly Commons. For more information, please contact [email protected]. Forensic Investigation of SIM Card CDFSL Proceedings 2016 FORENSIC INVESTIGATION OF SIM CARD Nada Ibrahim, Nuha Al Naqbi, Farkhund Iqbal and Omar AlFandi Zayed University College of Technological Innovation Abu Dhabi, P.O. Box 144534 {M80006330, M80004910, Farkhund.Iqbal, Omar.AlFandi}@zu.ac.ae ABSTRACT With the rapid evolution of the smartphone industry, mobile device forensics has become essential in cybercrime investigation. Currently, evidence forensically-retrieved from a mobile device is in the form of call logs, contacts, and SMSs; a mobile forensic investigator should also be aware of the vast amount of user data and network information that are stored in the mobile SIM card such as ICCID, IMSI, and ADN. The aim of this study is to test various forensic tools to effectively gather critical evidence stored on the SIM card. In the first set of experiments, we compare the selected forensic tools in terms of retrieving specific data; in the second set, genuine user data from eight different SIM cards is extracted and analyzed. The experimental results on a real-life dataset support the effectiveness of the SIM card forensics approach presented in this paper. Keywords: SIM card, Digital Forensics, Forensic tools, ICCID, IMSI INTRODUCTION Pictures/video clips on the phone or memory card. Regardless of its role in crime (direct or indirect), data within a mobile phone remains The SIM (Subscriber Identity Module) is a crucial. A wealth of information is stored on smart card that is used in mobile phones to cell phones that includes, but is not limited to, store user data and network information that call history, text messages, email messages, is required to activate the handset for use. SIM web pages, and photos. Mobile phone forensics, card demand has been growing worldwide on a the most challenging digital forensics field, yearly basis (ABIResearch, 2015) and is should be enriched with SIM card forensics. expected to break the record of 5.4 billion shipments for the year 2015 alone. Given this Most of the existing research is focused on widespread usage, a massive amount of searching for the following key evidence in a information is available for forensic mobile telephone: investigators. Calls made, including numbers Since the introduction of UMTS, better dialed, dates, and times. known as 3G technologies, USIM cards are Calls received, including numbers favored. While SIM cards provide network received, dates, and times. access, the tiny computer within a USIM enables it to handle several mini-applications Data stored within address and video calls if it is supported by the book/phone book. network and the handset. Integrated algorithm SMS details. users are protected from unauthorized access © 2016 ADFSL Page 219 ADFSL Conference Proceedings 2016 Forensic Investigation of SIM Card to their phone lines. Furthermore, data Exploring the amount of exchanges are encrypted with stronger keys information extracted from SIM than those provided by SIMs. Additionally, a cards; USIM’s phonebook is much bigger, with the Investigating whether the ability to store thousands of richer contacts extractable SIM card evidence is that might contain email addresses, photos, tool dependent; and several additional phone numbers. Evaluating the contribution of SIM card forensics provide valuable obtained evidence to SIM card information about contacts, SMSs, call logs, forensics; and much more. There are commercial and open-source tools that can assist an Investigating whether SIM cards investigator in extracting relevant evidence from different GSM Service from SIM cards. Providers offer different evidentiary The CDR, or ‘call detailed records’ in a data; SIM card, led to the arrest of the suspect A smartphone might be the key to an Sameer Vishnu Gaikwak in the murder of entire investigation; thus, an investigator’s Govind Pansare in Kolhapur earlier this year. task in uncovering evidence will be much The records proved that the phone was active harder if it is not supported with the necessary at the time of the murder and led the police to knowledge. Our motivation emerged from the discover another 23 mobile phones used by the fact that SIM card forensics is a new field with suspect due to his frequent SIM card change. minor literature as far as we know. We intend 1 (Indian Express September 2015). the analysis of our results to contribute to the In another case, the fraudsters used cell mobile forensic field with the essential phone information to illegally transfer bank knowledge needed to make informed decisions funds. The scammer managed to transfer funds based on the tools’ actual capabilities. We also from an online bank account of the original believe that the analysis of the retrieved data post-paid subscriber through a “SIM-swap” will play a crucial role in proving suspects promotion where an existing SIM card was guilty or not. replaced with a new one. This replacement The remainder of the paper is organized as allowed the fraudster to take over the victim’s follows: Background information and mobile number and use it for fraudulent fundamental concepts needed to understand 2 activities (Manila Times, July 2015) SIM forensics are discussed in Section 2; In our research we aim to contribute to the literature review is presented in Section 3. field of SIM card forensics through: Experimental tools and setup are explained in Section 4; experimental results are discussed in Section 5, followed by the conclusion and future work in Section 6. BACKGROUND 1 http://indianexpress.com/article/india/india- others/suspects-sim-card-was-active-at-spot-of- INFORMATION pansare-murder-police/ The introduction of the Global System for 2 http://www.manilatimes.net/nbi-probes-sim- Mobile Communications (GSM) standard for card-swap-scam/199564/ transmitting text, voice, and data services Page 220 © 2016 ADFSL Forensic Investigation of SIM Card CDFSL Proceedings 2016 through cellular networks marked a such as the DF (DCS1800) and DF (GSM), telecommunication revolution that affected all which contain network-related information, aspects of our lives. Ever since the European and DF (Telecom), which holds service/carrier- Telecommunications Standards Institute related information. Furthermore, elementary (ETSI) released their GSM 11.11 Specifications files contain the actual data in various types, of the SIM-ME interface in the 1990s, the structured as either a sequence of data bytes, a industry has experienced a radical growth. It sequence of fixed-size records, or a fixed set of was initiated by the recommendation to split fixed-size records used cyclically. It is the Mobile Station (i.e., Cellular Phone) into important to note that all the files have two components: a removable Subscriber headers, but only EFs contain data (Savoldi Identity Module (SIM), which contains all and Gubian, 2007). network related subscriber information, and a Mobile Equipment (ME) that is the remaining part of the Mobile Station, i.e., the mobile handset (ETSI, 1994). As the name implies, a SIM card holds the identity of the subscriber, which enables users to be registered in the telecommunication network. In addition to identification and authentication, the SIM card can also store the subscriber’s contacts, messages, calls, location information, and other subscriber-specific data. The components of a SIM card, as explored thoroughly by Savoldi and Gubian (2007), include a central processor unit (CPU) and an operating system (OS) with electronically Figure 1. SIM Card File System Hierarchy erasable programmable read-only memory (EEPROM). It also contains a Random Access Memory (RAM) that controls the program SIM cards have certain physical dimensions execution flow. Moreover, it includes a Read- that follow the ISO/IEC 7816 standard, Only Memory (ROM) which controls the managed jointly by the International operating system workflow, user Organization for Standardization (ISO) and authentication, data encryption algorithm, and the International Electrotechnical Commission other applications. The SIM card file system is (IEC). This standard is structured in 15 parts, organized in a hierarchal tree structure and in which parts 1 and 2 specify in detail the resides in the EEPROM for storing data such physical characteristics of the identification as names and phone number entries, text Integrated Circuit Cards (ICC, SIM Cards is a messages, and network service settings. particular type of ICC) along with contacts, location, and dimensions. Manufacturers The anatomy of the file system—as adopted the ISO/IEC 7816 standard and demonstrated in Figure 1—includes three types created SIM cards in the following sizes (Singh, of files: Master File (MF), Dedicated Files 2015): Full Size, Mini, Micro, and Nano SIMs.
Load more

Recommended publications
  • TS 123 041 V9.5.0 (2010-10) Technical Specification
    ETSI TS 123 041 V9.5.0 (2010-10) Technical Specification Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Technical realization of Cell Broadcast Service (CBS) (3GPP TS 23.041 version 9.5.0 Release 9) R GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS 3GPP TS 23.041 version 9.5.0 Release 9 1 ETSI TS 123 041 V9.5.0 (2010-10) Reference RTS/TSGC-0123041v950 Keywords GSM, UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
    [Show full text]
  • Chapter Xviii
    CHAPTER XVIII MOBILE TRAIN RADIO COMMUNICATIONS - GSM-R 18.0 GSM-R : 18.1 Introduction: Mobile Train Radio communication is a digital wireless network based on GSM-R (Global System for Mobile Communication-Railway) designed on EIRENE (European Integrated Railway Radio Enhanced Network) Functional requirement specification (FRS) and System Requirement specification ( SRS) The Basic features of GSM-R are Point to Point call Allows user to make a distinct call. Voice Broadcast call Allows groups of user to receive common information. Voice Group call Allows groups of user to make calls within /among the groups. Emergency call Allows user to call controller by short code or button during emergency. Functional addressing Allows a user or an application to be reached by means of a number, which identifies the relevant function and not the physical terminal. Location dependent addressing Provides the routing of mobile originated calls to the correct controller e.g. relative to the geographic area. eMLPP (enhanced Multi-Level Allows resource preemption for priority calls Precedence and Preemption) Fig.1 illustrates the system architecture. In this architecture a mobile station (MS) communicate with a base station subsystem (BSS) through the radio interface. The BSS is connected to the network switching subsystem (NSS) using the A interface. Fig.-1 Interface Interfaces Description Um Radio link between MS and BTS- Air interface Abis Between BTS and BSC, PCM 2 Mb ps Ater Between BSC and TCU, PCM 2 Mb ps A Between TCU and MSC, PCM 2 Mb ps B Between MSC and VLR, C Between MSC and HLR D Between HLR and VLR E Between two MSCs 18.1.1 The system consists of following sub systems : a) Mobile Station (MS) b) Base Station Sub system (BSS) c) Network and switching sub system (NSS) d) Operating sub system (OSS) e) Dispatcher f) Cab Radio g) Power Supply Arrangement 18.2 Radio interface and frequency used in GSM-R : The Radio link uses both FDMA (Frequency Division Multiple Access) and TDMA (Time Division multiple Access) .
    [Show full text]
  • 16 Aug 2007 Open Mobile Alliance OMA-RD IM-V1 0-20070816-C
    Instant Messaging Requirements Candidate Version 1.0 – 16 Aug 2007 Open Mobile Alliance OMA-RD_IM-V1_0-20070816-C 2007 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document. [OMA-Template-ReqDoc-20050506-I] OMA-RD_IM-V1_0-20070816-C Page 2 (57) Use of this document is subject to all of the terms and conditions of the Use Agreement located at http://www.openmobilealliance.org/UseAgreement.html. Unless this document is clearly designated as an approved specification, this document is a work in process, is not an approved Open Mobile Alliance™ specification, and is subject to revision or removal without notice. You may use this document or any part of the document for internal or educational purposes only, provided you do not modify, edit or take out of context the information in this document in any manner. Information contained in this document may be used, at your sole risk, for any purposes. You may not use this document in any other manner without the prior written permission of the Open Mobile Alliance. The Open Mobile Alliance authorizes you to copy this document, provided that you retain all copyright and other proprietary notices contained in the original materials on any copies of the materials and that you comply strictly with these terms. This copyright permission does not constitute an endorsement of the products or services. The Open Mobile Alliance assumes no responsibility for errors or omissions in this document. Each Open Mobile Alliance member has agreed to use reasonable endeavors to inform the Open Mobile Alliance in a timely manner of Essential IPR as it becomes aware that the Essential IPR is related to the prepared or published specification.
    [Show full text]
  • Cat® B15 Smartphone User Manual Please Read Before Proceeding Safety Precautions
    Cat® B15 Smartphone User manual Please Read Before Proceeding Safety Precautions Please read the safety precautions carefully to ensure the correct use of your mobile phone. Despite the nature of this rugged device, avoid hitting, throwing, dropping, crushing, bending and puncturing, your mobile phone. Avoid using your mobile phone in a damp environment, such as the bathroom. Prevent your mobile phone from being intentionally soaked or washed in liquid. Do not switch on your mobile phone when it is prohibited to use phones or when the phone may cause interference or danger. Do not use your mobile phone while driving. Follow any rules or regulations in hospitals and health care facilities. Switch off your mobile phone near medical equipment. Switch off your mobile phone in aircraft. The phone may cause interference to control equipment of the aircraft. Switch off your mobile phone near high-precision electronic devices. The phone may affect the performance of these devices. Do not attempt to disassemble your mobile phone or its accessories. Only qualified personnel are allowed to service or repair the phone. Do not place your mobile phone or its accessories in containers with a strong electromagnetic field. Do not place magnetic storage media near your mobile phone. Radiation from the phone may erase the information stored on them. Do not put your mobile phone in a high-temperature place or use it in a place with flammable gas such as a gas station. Keep your mobile phone and its accessories away from young children. Do not allow children to use your mobile phone without guidance.
    [Show full text]
  • Delivering Targeted Alerts - Advancing the Wireless Emergency Alerts (WEA) 3.0 System
    Delivering Targeted Alerts - Advancing the Wireless Emergency Alerts (WEA) 3.0 System Steve Barclay (Moderator) Sr. Director, Global Standards Development ATIS June 26, 2019 Advancing ICT Industry Transformation Speakers Brian Daly Assistant Vice President, Standards & Industry Alliances Terri Brooks Principal Engineer, Systems Architecture Advancing ICT Industry Transformation Agenda • Webinar Background and Purpose; ATIS Overview • Steve Barclay, ATIS • WEA Regulatory Overview • Brian Daly, AT&T • WEA 3.0 Capabilities • Terri Brooks, T-Mobile USA • Closing Remarks • Brian Daly, AT&T • Questions & Answers • Steve Barclay, ATIS 3 Background and Purpose • In May 2019, ATIS published the initial four (4) critical Wireless Emergency Alerts (WEA) 3.0 standards in support of the FCC’s 2nd Report and Order on WEA. • The standards address key capabilities, including 24-hour message retention in the device and device-based geo-fencing (DBGF) for enhanced geo-targeting of WEA Alert Messages. • This webinar provides an overview of the WEA enhancements. 4 About ATIS • Broad ecosystem of members addressing the information and communications technology (ICT) industry’s top challenges. • Strategic initiatives and solutions/standards work progresses new business opportunities, solves common industry challenges, and creates a platform for collaboration with other industries. • Accredited by the American National Standards Institute (ANSI). • North American Organizational Partner (OP) for the 3rd Generation Partnership Project (3GPP). – Provides coordination among 3GPP members to represent regional needs. 5 ATIS Technology Focus Areas Work includes Land Mobile Radio/LTE (LMR/LTE) interconnection, location accuracy and test methodologies, Next Generation 911 (NG911), NEAD requirements, and more. 6 ATIS and WEA • For well over a decade, ATIS has been engaged in developing the requirements and standards needed to implement a standards-based interoperable WEA service (previously referred to as the Commercial Mobile Alert System).
    [Show full text]
  • 5G INDOOR ROUTER Fx2000e USER GUIDE 2
    USER GUIDE Inseego WavemakerTM PRO 5G Indoor Router FX2000e INSEEGO COPYRIGHT STATEMENT © 2021 Inseego Corp. All rights reserved. Complying with all copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording or otherwise), or for any purpose without the expressed written permission of Inseego Corp. SOFTWARE LICENSE Proprietary Rights Provisions: Any software drivers provided with this product are copyrighted by Inseego Corp. and/or Inseego Corp.’s suppliers. Although copyrighted, the software drivers are unpublished and embody valuable trade secrets proprietary to Inseego Corp. and/or Inseego Corp. suppliers. The disassembly, decompilation, and/or Reverse Engineering of the software drivers for any purpose is strictly prohibited by international law. The copying of the software drivers, except for a reasonable number of back-up copies is strictly prohibited by international law. It is forbidden by international law to provide access to the software drivers to any person for any purpose other than processing the internal data for the intended use of the software drivers. U.S. Government Restricted Rights Clause: The software drivers are classified as “Commercial Computing device Software” and the U.S. Government is acquiring only “Restricted Rights” in the software drivers and their Documentation. U.S. Government Export Administration Act Compliance Clause: It is forbidden by US law to export, license or otherwise transfer the software drivers or Derivative Works to any country where such transfer is prohibited by the United States Export Administration Act, or any successor legislation, or in violation of the laws of any other country.
    [Show full text]
  • LTE-M Deployment Guide to Basic Feature Set Requirements
    LTE-M DEPLOYMENT GUIDE TO BASIC FEATURE SET REQUIREMENTS JUNE 2019 LTE-M DEPLOYMENT GUIDE TO BASIC FEATURE SET REQUIREMENTS Table of Contents 1 EXECUTIVE SUMMARY 4 2 INTRODUCTION 5 2.1 Overview 5 2.2 Scope 5 2.3 Definitions 6 2.4 Abbreviations 6 2.5 References 9 3 GSMA MINIMUM BAseLINE FOR LTE-M INTEROPERABILITY - PROBLEM STATEMENT 10 3.1 Problem Statement 10 3.2 Minimum Baseline for LTE-M Interoperability: Risks and Benefits 10 4 LTE-M DATA ARCHITECTURE 11 5 LTE-M DePLOYMENT BANDS 13 6 LTE-M FeATURE DePLOYMENT GUIDE 14 7 LTE-M ReLEAse 13 FeATURes 15 7.1 PSM Standalone Timers 15 7.2 eDRX Standalone 18 7.3 PSM and eDRX Combined Implementation 19 7.4 High Latency Communication 19 7.5 GTP-IDLE Timer on IPX Firewall 20 7.6 Long Periodic TAU 20 7.7 Support of category M1 20 7.7.1 Support of Half Duplex Mode in LTE-M 21 7.7.2 Extension of coverage features (CE Mode A / B) 21 7.8 SCEF 22 7.9 VoLTE 22 7.10 Connected Mode Mobility 23 7.11 SMS Support 23 7.12 Non-IP Data Delivery (NIDD) 24 7.13 Connected-Mode (Extended) DRX Support 24 7.14 Control Plane CIoT Optimisations 25 7.15 User Plane CIoT Optimisations 25 7.16 UICC Deactivation During eDRX 25 7.17 Power Class 26 LTE-M DEPLOYMENT GUIDE TO BASIC FEATURE SET REQUIREMENTS 8 LTE-M ReLEAse 14 FeATURes 27 8.1 Positioning: E-CID and OTDOA 27 8.2 Higher data rate support 28 8.3 Improvements of VoLTE and other real-time services 29 8.4 Mobility enhancement in Connected Mode 29 8.5 Multicast transmission/Group messaging 29 8.6 Relaxed monitoring for cell reselection 30 8.7 Release Assistance Indication
    [Show full text]
  • Guidelines on Mobile Device Forensics
    NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Sam Brothers Wayne Jansen http://dx.doi.org/10.6028/NIST.SP.800-101r1 NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Software and Systems Division Information Technology Laboratory Sam Brothers U.S. Customs and Border Protection Department of Homeland Security Springfield, VA Wayne Jansen Booz-Allen-Hamilton McLean, VA http://dx.doi.org/10.6028/NIST.SP. 800-101r1 May 2014 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. § 3541 et seq., Public Law (P.L.) 107-347. NIST is responsible for developing information security standards and guidelines, including minimum requirements for Federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate Federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in Circular A- 130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in Circular A- 130, Appendix III, Security of Federal Automated Information Resources. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on Federal agencies by the Secretary of Commerce under statutory authority.
    [Show full text]
  • Wireless Emergency Alerts Mobile Penetration Strategy
    WIRELESS EMERGENCY ALERTS MOBILE PENETRATION STRATEGY August 2013 Task Lead Daniel Gonzales Task Staff Edward Balkovich Brian Jackson Jan Osburg Andrew Parker Evan Saltzman Ricardo Sanchez Shoshana Shelton Chuck Stelzner Dulani Woods Henry H. Willis Director, Homeland Security and Defense Center National Defense Research Institute Jack Riley Vice President and Director, National Security Research Division Director, National Defense Research Institute Acknowledgments The National Defense Research Institute, a division of the RAND Corporation, performed this analysis for the Department of Homeland Security Science and Technology Directorate. The NDRI team extends its deep appreciation to members of the emergency response and wireless communications communities for their cooperation, information, and feedback; their contributions are the foundation of this report. Further, the NDRI team offers its gratitude to the emergency responders whose dedication and commitment ensure the safety of our families, our communities, and our nation. This report is a tribute to their service. In addition, we would like to extend our appreciation for constructive peer reviews provided by Marvin Sirbu of Carnegie Mellon University and by David Senty. NDRI Publication Number: PR-594-OSD iii Preface The objective of this analysis, performed for the Department of Homeland Security (DHS), Science and Technology Directorate, was to independently assess the coverage and penetration of the Wireless Emergency Alert (WEA) system, and to offer recommendations to improve the availability, coverage, and penetration of WEA to the U.S. public. The intended audience of this report is U.S. government decision makers; commercial mobile service providers; mobile wireless device manufacturers; and federal, state, local, and tribal alert originators.
    [Show full text]
  • RELEASE NOTES UFED PHYSICAL ANALYZER, Version 5.4 | November 2016 UFED LOGICAL ANALYZER, UFED READER
    NOW SUPPORTING 20,854 DEVICE PROFILES +2,851 APP VERSIONS UFED TOUCH2, UFED TOUCH, UFED 4PC, RELEASE NOTES UFED PHYSICAL ANALYZER, Version 5.4 | November 2016 UFED LOGICAL ANALYZER, UFED READER HIGHLIGHTS WE’VE ADDED SUPPORT TO MORE MOTOROLA ANDROID DEVICES! DEVICE SUPPORT Physical extraction and decoding from 26 popular Motorola Android devices ◼ Bootloader-based physical extraction for 17 MTK Android (up to and including OS 5.0.1). devices running the following MediaTek chipsets: MT6735 and MT6753. ◼ Physical extraction and decoding from 26 popular A BRAND NEW USER INTERFACE Motorola Android devices. Due to popular demand, we ◼ Following the previous announcement in version 5.1, are excited to introduce the we have added physical extraction while bypassing new interface for UFED Physical user lock for 18 additional Huawei devices, running Analyzer, UFED Logical Analyzer and UFED Reader 5.4. HiSilicon chipsets. We have redesigned the user interface to deliver a more ◼ Logical extraction and decoding is enabled for the new intuitive user experience. Google Pixel Android devices (Apps data not included). APPS SUPPORT ◼ 26 new Applications supported for iOS and PINPOINT YOUR SUBJECTS’ Android devices. LOCATIONS WITH MORE ACCURACY! ◼ Facebook Messenger: Decoding supported for multiple users of a single device. ◼ 569 updated application versions. FUNCTIONALITY ◼ Pinpoint your subjects’ locations with more accuracy. ◼ Organize and review case evidence with enhanced To fully utilize the large volume of locations data available in a searching, filtering and grouping capabilities. mobile device, UFED Physical Analyzer 5.4 allows you to convert ◼ Analyze more data in Timeline view quicker. the BSSID values (wireless networks) and cell towers into location ◼ Identify critical case information up to 50% faster.
    [Show full text]
  • Guidelines on Mobile Device Forensics
    NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Sam Brothers Wayne Jansen http://dx.doi.org/10.6028/NIST.SP.800-101r1 NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Software and Systems Division Information Technology Laboratory Sam Brothers U.S. Customs and Border Protection Department of Homeland Security Springfield, VA Wayne Jansen Booz Allen Hamilton McLean, VA http://dx.doi.org/10.6028/NIST.SP. 800-101r1 May 2014 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. § 3541 et seq., Public Law (P.L.) 107-347. NIST is responsible for developing information security standards and guidelines, including minimum requirements for Federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate Federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in Circular A- 130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in Circular A- 130, Appendix III, Security of Federal Automated Information Resources. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on Federal agencies by the Secretary of Commerce under statutory authority.
    [Show full text]
  • Location Update Procedure
    Location Update Procedure In order to make a mobile terminated call, The GSM network should know the location of the MS (Mobile Station), despite of its movement. For this purpose the MS periodically reports its location to the network using the Location Update procedure. Location Area (LA) A GSM network is divided into cells. A group of cells is considered a location area. A mobile phone in motion keeps the network informed about changes in the location area. If the mobile moves from a cell in one location area to a cell in another location area, the mobile phone should perform a location area update to inform the network about the exact location of the mobile phone. The Location Update procedure is performed: When the MS has been switched off and wants to become active, or When it is active but not involved in a call, and it moves from one location area to another, or After a regular time interval. Location registration takes place when a mobile station is turned on. This is also known as IMSI Attach because as soon as the mobile station is switched on it informs the Visitor Location Register (VLR) that it is now back in service and is able to receive calls. As a result of a successful registration, the network sends the mobile station two numbers that are stored in the SIM (Subscriber Identity Module) card of the mobile station. These two numbers are:- 1. Location Area Identity (LAI) 2. Temporary Mobile Subscriber Identity (TMSI). The network, via the control channels of the air interface, sends the LAI.
    [Show full text]