The science of recovering digital evidence from mobile phones under forensically sound conditions using acceptable methods.

 

Introduction To Cellular Forensics

INTODUCTION TO CELLULAR FORENSICS

 

CELLUR FORENSICS

The science of recovering digital evidence from mobile phones under forensically sound conditions using acceptable methods.

Cellular Technology

Technology that enables mobile communication by use of a complex two way radio system between the mobile units through wireless network.

Types of Cellular Technology

There are following two types of cellular technology being used.

CDMA (Code Division Multiple Access)

In 1957, for the first time a military radio engineer Leonid Kupriyanovich used it in Moscow.

GSM(Global System for Mobile Communication) 2G Service

GSM is a trademark owned by GSM Association developed in Europe. First launched in Finland on July 01, 1991 being used in almost 219 countries.

Advancement/Additional Features

3GPP (3G): 3^rd Generation Partnership Project

4GPP (4G): 4^th Generation Partnership Project

5GPP (4G): 5^th Generation Partnership Project

LTE: Long Term Evolution

TERMS USED IN COMMUNICATION TECHNOLOGY

SIM: Subcriber Identity Module

MOBILE TE/ME:Terminal Equipment/Mobile Equiment

UM: Unified Messaging

BTS:Base Transceiver Station

BSS: Base Station Subsystem

BSC:Base Station Controller

MSC: Mobile Station Controller

NSS:Nation Switching Subsystem

PSTN:Public Switched Telephone Network

HLR:Home Location Register

VLR:Visitor Location Register

AUC:Authentication Center

EIR:Equipment Identity Register

GMS ARCHITECTURE

1-Mobile Station(MS)

Mobile Equipment(ME)

Subscriber Identity Module(SIM)

2- Base Station Subsystem(BSS)

 Base Transciever Station(BTS)

Base Station Controller(BSC)

3-Network Switch Subsystem(NNS)

Mobile Witching Center(MSC)

Home Location Register(HLR)

Visitor Location Register(VLR)

Authentication Center(AUC)

Equipment Identity Register(EIR)

IMEI(Internation Mobile Equipment Identity)

IMEI consit of 15/16 digits,cntains valuable information in group.

Type	AA	BB	BB		BB	CC	CC	CC	D or EE
OLD IMEI	(1-6) TAC (Type Allocation Code				(7-8) FAC FINAL ASSEMBLY CODE	(9-14) Serial Number			15th Luhn Checksum
NE IMEI	(1-8) TAC
OLD IMEISV	TAC			FAC					15th-16th Softwere Version Number
NEW IMEISV	TAC

 

1-    The first two digits of TAC represent the country origin.

2-    Then 06 digits identify the manufacturer, Model.

3-    The set of next six digits (SNR)is serial number of the device.

4-    The 15^th and last Check Digit, it is the authenticiy che of IMEI entries to the EIR.

5-    16 digit IMEI is known as IMEISV, in this case last digit are software version number which identitfy the revision of software installed.

Purpose & Calculation of Check Digit

The check 15^th Digit is actually a security authenticity check of an IMEI number. It is a function of othe 14 digits in the IMEI. It quards against the possibility of incorrect entries to the EIR/CEIR equipment. The last number of the IMEI is a check digit calculated by using the Luhn Algorithm, also known as Luhn Digit.

The Check Digit is Validated in the Steps

Starting from the right ,double a digit every two digit(e.g 5-10).

Sum the digits (e.g 10----1+0).

Check the sum is divisible by 10.

Conversely, one can calculate the IMEI by choosing the check digit that woul give a sum divisible by 10.

How To Calculate Check Digit

For Example

IMEI	4901520323751?
	4	9	0	1	5	4	2	0	3	2	3	7	5	1	?
Double every other	4	8	0	2	5	8	2	0	3	4	3	14	5	2	?
Sum Digit	4+(1+8)+0+2+5+8+2+0+3+4+3+(1+4)+5+2+?=52

 

                                                52+08=60

                                                60/10=06

To make the sum divisible by 10.we suppose?=8 so in this case 8 is check or Luhn Digit & the genuine IMEI=490154203237518.

HOW TO CHECK IMEI OF A CELPHONE

IMEI of a cell phone can be displayed on its screen by using a short code #06#

It can also  be found on the plate/sticker backside of phone beneath the battery.

It can also be found on warranty Card

It is also available on phone packageing or Box

IMEI NO REVEALS

Make, Model,date and country of Origion can be check by numberingplans.

IMEI can be reprogrammed through special equipment.

IDENTIFYING THE SUBSCRIBER (SIM)

A SIM card is a mini hard disk that automatically activated the cellular phone into which it is inserted.

The SIM card makes it easy to switch to a new phone by simply sliding the SIM.

The SIM holds personal identity information,cell phone number,phone book,text messages and other data.

SIM Card Carries Two Types of Numbers

IMEI: INTERNATIONAL MOBILE SUBSCRIBER IDENTITY

INTERNATIONAL IDENTIFICATION OF THE CHIP(SIM)

MSISDN:MOBILE SYSTEM INTERNATIONAL SUBSCRIBER DIRECTORY NUMBER

TYPES OF THE SUBSCRIBER

MEMORRY OF SIM CARD

32 KB, 64KB, 512KB

DATA SIM is also being used in Vehicle Tracking System.

SIZE OF SIM CARD

PLUG_IN 15*25

MICRO_SIM 15*12

NANO_SIM 8.8*12.3

IMSI (INTERNATIONAL MOBILE SUBSCRIBER IDENTITY)

International identification of SIM Card consists of 15 Digits.

IMSI:410011234567890

MCC:410      PAKISTAN

MNC:01       MOBILINK

MSIN:1234567890

MNCs of different networks in Pakistan

Mobilink=01       Ufone=02       Zong=04   Telenor=06     Warid=07

MSISDN: MOBILE SYSTEM INTENATIONAL SUBSCRIBER DIRECTORY NUMBER

CC+NDC+SD                                        92-300-1234567

CC= COUNTRY CODE                      92

NDC = NATIONAL DESTINATION CODE   300

SN  = SUBSCRIBER NUMBER    1234567

NETWORK AND NUMBER INFORMATION:

MSISDN (SIM) NETWORK CHECKING:

 

Type “NETWORK(SPACE) NUMBER” in message and send to (76367)

MSISDN(SIM) NUMBER CHECKING

MOBILINK    *99#

UFONE        *78*3#

TELENOR     Send Blank SMS to 7421

WARID        Type” Myno” and send it to 321

Zong                Type *100*1# and send it to some other number

WHAT CAN BE EXTRACT FROM A SIM?

A SIM is a smat card having

PROCESSOR:

Processor is used for providing access to the data and security. To access the data;

Standard smart card reader

SIM access Software

NON-VOLATILE MEMORY

Memory space is to store the data

Data stored in binary files

There is a fix number of files stored on a SIM

WHAT CANBE EXTRACTED FROM CELL PHONE

There is very much depend on the type and model, may included

1-     IMEI

2-     SHOR DIAL NUMBER

3-     TEXT/MULTI MEDIA MESSAGES

4-     SETTINGS(LANGUAGE,DATE/TIME,TONE/VOLUME ETC)

5-     STORED AUDIO RECORDINGS

6-     STORED IMAGES/MULTIMEDIA

7-     STORED COMPUTER FILES

8-     LOGGED RECIVED AND DIALED NUMBERS

9-     STORED EXECUTABLE PROGRAMS(E.G J2ME)

10- STORED CALENDAR EVENTS

11- GSM, GPRS, WAP AND INTERNET SETTINGS

 

WHAT CAN OBTAINED FROM NETWORKING OPERATOR

As we know the HLR is maintained at MSC and it is the access of the network operators. So Network Operations can provide detailed data on calls/SMS made or received, account details, data transferred and connection location/timing.

The HLR can provide

1-     CUSTOMER NAME AND ADDRESS

2-     BILLING AND USER NAME AND ADDRESS (IF OTHER THAN CUSTOMER)

3-     BILLING ACCOUNT DETAILS

4-     TELEPHONE NUMBER(MSISDN)

5-     SIM SERIAL NUMBER (AS PRINTED ON THE SIM CARD)

6-     PIN/PUK FOR THE SIM

7-     SUBSCRIBER SERVICES ALLOWED

8-     COMPLETE CDR I.E CONTACT, SIM, DEVICE, LOCATION DETAILS