Scribd
Upload
176 views17 pages

Mobile Forensics

The document discusses mobile forensics. It describes that mobile forensics involves SIM forensics and mobile device forensics. SIM forensics analyzes data stored on the SIM card like the ICCID and IMSI. Mobile device forensics has three stages - seizing the device, acquiring the data, and analyzing the data. Data can be acquired through over-the-air, logical backups, or physical acquisition methods.

Uploaded by

Qomindawo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
176 views17 pages

Mobile Forensics

The document discusses mobile forensics. It describes that mobile forensics involves SIM forensics and mobile device forensics. SIM forensics analyzes data stored on the SIM card like the ICCID and IMSI. Mobile device forensics has three stages - seizing the device, acquiring the data, and analyzing the data. Data can be acquired through over-the-air, logical backups, or physical acquisition methods.

Uploaded by

Qomindawo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Mobile Forensics

D Musundire, Mr (@taona2)

Computer Science Department


National University of Science and Technology
Bulawayo, ZW

2019
Contents

1 Introduction

2 SIM Forensics

3 Stages of mobile forensics

4 Acquisition Methods

DM @taona2 Mobile Forensics


Contents

1 Introduction

2 SIM Forensics

3 Stages of mobile forensics

4 Acquisition Methods

DM @taona2 Mobile Forensics


Of what value are mobile devices?

Smart phones are used less for calling and more for
socializing; this has resulted in smart phones holding a lot
of sensitive data about their users.
What more can we find? photos,IM, browsing history,
browser logs and cached geo-location information;
pictures and videos taken with the phone’s camera;
passwords to cloud services, forums, social networks,
on-line portals, and shopping websites; stored payment
data

DM @taona2 Mobile Forensics


Mobile Forensics

MobileForensics = SIMForensics + MEForensics

DM @taona2 Mobile Forensics


Contents

1 Introduction

2 SIM Forensics

3 Stages of mobile forensics

4 Acquisition Methods

DM @taona2 Mobile Forensics


SIM Forensics

The SIM (Subscriber Identity Module) is a smart card


that is used in mobile phones to store user data and
network information that is required to activate the
handset for use.
USIM cards used for 3G technologies, enables it to handle
several mini-applications and video calls if it is supported
by the network and the handset.
USIM has stronger encryption; phonebook is much
bigger, with the ability to store thousands of richer
contacts that might contain email addresses, photos, and
several additional phone numbers.

DM @taona2 Mobile Forensics


SIM Forensics

The SIM (Subscriber Identity Module) is a smart card


that is used in mobile phones to store user data and
network information that is required to activate the
handset for use.
USIM cards used for 3G technologies, enables it to handle
several mini-applications and video calls if it is supported
by the network and the handset.
USIM has stronger encryption; phonebook is much
bigger, with the ability to store thousands of richer
contacts that might contain email addresses, photos, and
several additional phone numbers.

DM @taona2 Mobile Forensics


SIM Forensics

The SIM (Subscriber Identity Module) is a smart card


that is used in mobile phones to store user data and
network information that is required to activate the
handset for use.
USIM cards used for 3G technologies, enables it to handle
several mini-applications and video calls if it is supported
by the network and the handset.
USIM has stronger encryption; phonebook is much
bigger, with the ability to store thousands of richer
contacts that might contain email addresses, photos, and
several additional phone numbers.

DM @taona2 Mobile Forensics


SIM Card File System Hierarchy

DM @taona2 Mobile Forensics


Information we can gather...

ICCID: up to twenty digits long, this Integrated Circuit


Card Identifier uniquely identifies a SIM card and is
mainly divided into two parts: the Issuer Identification
Number (IIN) and the Account Identification Number
(AIN). The Issuer identification is interpreted as follows:
The first two digits are reserved for the Major Industry
Identifier (MII) (i.e., 89 for the SIM telecommunications
industry), followed by a two-digit Country Code, in
addition to a three-digit Issuer Identifier Number. The
Account Identification Number includes four digits for the
manufacturing month/year, two digits for the
Configuration Code, six-digits for the Individual SIM
Number, and finally a checksum digit for error-detection.

DM @taona2 Mobile Forensics


...cont

IMSI: A fifteen-digit long number, the International


Mobile Subscriber Identifier is primarily used for signaling
and messaging over a GSM network. Similar to the
ICCID,the IMSI is structured as follows: three-digits for
the Mobile County Code (MCC), plus two to three digits
for the Mobile Network Code (MNC), and the rest is an
allocated sequential serial number that pinpoints the
Mobile Subscriber Identity Number (MSIN).
Also MSISDN,SPN and SDN, TMSI, ADN and SMS

DM @taona2 Mobile Forensics


...cont

IMSI: A fifteen-digit long number, the International


Mobile Subscriber Identifier is primarily used for signaling
and messaging over a GSM network. Similar to the
ICCID,the IMSI is structured as follows: three-digits for
the Mobile County Code (MCC), plus two to three digits
for the Mobile Network Code (MNC), and the rest is an
allocated sequential serial number that pinpoints the
Mobile Subscriber Identity Number (MSIN).
Also MSISDN,SPN and SDN, TMSI, ADN and SMS

DM @taona2 Mobile Forensics


Contents

1 Introduction

2 SIM Forensics

3 Stages of mobile forensics

4 Acquisition Methods

DM @taona2 Mobile Forensics


Stages of mobile forensics

Stage 1 – device seizure


Stage 2 – data acquisition
Stage 3 – data analysis

DM @taona2 Mobile Forensics


Contents

1 Introduction

2 SIM Forensics

3 Stages of mobile forensics

4 Acquisition Methods

DM @taona2 Mobile Forensics


Acquisition Methods

Over-the-air acquisition
Logical acquisition - Acquiring evidence from mobile
backups
Physical acquisition – availability and applicability
JTAG,
In-System Programming
and chip-off

DM @taona2 Mobile Forensics

You might also like