![]() |
Introduction To Cellular Forensics |
INTODUCTION
TO CELLULAR FORENSICS
CELLUR FORENSICS
The science of recovering digital
evidence from mobile phones under forensically sound conditions using
acceptable methods.
Cellular Technology
Technology that enables mobile communication
by use of a complex two way radio system between the mobile units through
wireless network.
Types of Cellular Technology
There are
following two types of cellular technology being used.
CDMA (Code Division Multiple Access)
In 1957, for
the first time a military radio engineer Leonid Kupriyanovich used it in
Moscow.
GSM(Global System for Mobile Communication) 2G Service
GSM is a
trademark owned by GSM Association developed in Europe. First launched in
Finland on July 01, 1991 being used in almost 219 countries.
Advancement/Additional Features
3GPP (3G): 3rd
Generation Partnership Project
4GPP (4G): 4th
Generation Partnership Project
5GPP (4G): 5th
Generation Partnership Project
LTE: Long
Term Evolution
TERMS USED IN COMMUNICATION TECHNOLOGY
SIM: Subcriber Identity Module
MOBILE TE/ME:Terminal Equipment/Mobile Equiment
UM: Unified Messaging
BTS:Base Transceiver Station
BSS: Base Station Subsystem
BSC:Base Station Controller
MSC: Mobile Station Controller
NSS:Nation Switching Subsystem
PSTN:Public Switched Telephone Network
HLR:Home Location Register
VLR:Visitor Location Register
AUC:Authentication Center
EIR:Equipment Identity Register
GMS ARCHITECTURE
1-Mobile
Station(MS)
Mobile Equipment(ME)
Subscriber Identity
Module(SIM)
2- Base Station Subsystem(BSS)
Base Transciever Station(BTS)
Base Station
Controller(BSC)
3-Network Switch Subsystem(NNS)
Mobile Witching
Center(MSC)
Home Location
Register(HLR)
Visitor Location
Register(VLR)
Authentication
Center(AUC)
Equipment Identity
Register(EIR)
IMEI(Internation Mobile Equipment Identity)
IMEI consit
of 15/16 digits,cntains valuable information in group.
Type |
AA |
BB |
BB |
BB |
CC |
CC |
CC |
D or EE |
|
OLD IMEI |
(1-6)
TAC (Type Allocation Code |
(7-8) FAC FINAL
ASSEMBLY CODE |
(9-14) Serial
Number |
15th Luhn
Checksum |
|||||
NE IMEI |
(1-8)
TAC |
||||||||
OLD
IMEISV |
TAC |
FAC |
15th-16th Softwere
Version Number |
||||||
NEW
IMEISV |
TAC |
||||||||
1-
The first two digits of TAC represent the
country origin.
2-
Then 06 digits identify the manufacturer,
Model.
3-
The set of next six digits (SNR)is serial
number of the device.
4-
The 15th and last Check Digit, it is
the authenticiy che of IMEI entries to the EIR.
5-
16 digit IMEI is known as IMEISV, in this case
last digit are software version number which identitfy the revision of software
installed.
Purpose & Calculation
of Check Digit
The check 15th
Digit is actually a security authenticity check of an IMEI number. It is a
function of othe 14 digits in the IMEI. It quards against the possibility of
incorrect entries to the EIR/CEIR equipment. The last number of the IMEI is a
check digit calculated by using the Luhn Algorithm, also known as Luhn Digit.
The Check Digit is
Validated in the Steps
Starting
from the right ,double a digit every two digit(e.g 5-10).
Sum the
digits (e.g 10----1+0).
Check the
sum is divisible by 10.
Conversely,
one can calculate the IMEI by choosing the check digit that woul give a sum
divisible by 10.
How To Calculate Check
Digit
For Example
IMEI |
4901520323751? |
||||||||||||||
4 |
9 |
0 |
1 |
5 |
4 |
2 |
0 |
3 |
2 |
3 |
7 |
5 |
1 |
? |
|
Double every other |
4 |
8 |
0 |
2 |
5 |
8 |
2 |
0 |
3 |
4 |
3 |
14 |
5 |
2 |
? |
Sum Digit |
4+(1+8)+0+2+5+8+2+0+3+4+3+(1+4)+5+2+?=52 |
52+08=60
60/10=06
To make the
sum divisible by 10.we suppose?=8 so in this case 8 is check or Luhn Digit
& the genuine IMEI=490154203237518.
HOW TO CHECK IMEI OF A
CELPHONE
IMEI of a
cell phone can be displayed on its screen by using a short code #06#
It can
also be found on the plate/sticker
backside of phone beneath the battery.
It can also
be found on warranty Card
It is also
available on phone packageing or Box
IMEI NO REVEALS
Make,
Model,date and country of Origion can be check by numberingplans.
IMEI can be
reprogrammed through special equipment.
IDENTIFYING THE SUBSCRIBER
(SIM)
A SIM card
is a mini hard disk that automatically activated the cellular phone into which
it is inserted.
The SIM card
makes it easy to switch to a new phone by simply sliding the SIM.
The SIM
holds personal identity information,cell phone number,phone book,text messages
and other data.
SIM Card Carries Two Types
of Numbers
IMEI:
INTERNATIONAL MOBILE SUBSCRIBER IDENTITY
INTERNATIONAL IDENTIFICATION OF THE CHIP(SIM)
MSISDN:MOBILE
SYSTEM INTERNATIONAL SUBSCRIBER DIRECTORY NUMBER
TYPES OF THE SUBSCRIBER
MEMORRY OF
SIM CARD
32 KB, 64KB, 512KB
DATA SIM is also being used in Vehicle
Tracking System.
SIZE OF SIM CARD
PLUG_IN 15*25
MICRO_SIM 15*12
NANO_SIM 8.8*12.3
IMSI (INTERNATIONAL MOBILE
SUBSCRIBER IDENTITY)
International
identification of SIM Card consists of 15 Digits.
IMSI:410011234567890
MCC:410 PAKISTAN
MNC:01 MOBILINK
MSIN:1234567890
MNCs of
different networks in Pakistan
Mobilink=01 Ufone=02 Zong=04
Telenor=06 Warid=07
MSISDN: MOBILE SYSTEM
INTENATIONAL SUBSCRIBER DIRECTORY NUMBER
CC+NDC+SD 92-300-1234567
CC= COUNTRY CODE 92
NDC = NATIONAL DESTINATION CODE 300
SN
= SUBSCRIBER NUMBER 1234567
NETWORK AND NUMBER
INFORMATION:
MSISDN (SIM) NETWORK
CHECKING:
Type
“NETWORK(SPACE) NUMBER” in message and send to (76367)
MSISDN(SIM) NUMBER
CHECKING
MOBILINK *99#
UFONE *78*3#
TELENOR Send
Blank SMS to 7421
WARID
Type” Myno” and send it to 321
Zong Type *100*1# and send it to some
other number
WHAT CAN BE EXTRACT FROM A
SIM?
A SIM is a
smat card having
PROCESSOR:
Processor is
used for providing access to the data and security. To access the data;
Standard
smart card reader
SIM access
Software
NON-VOLATILE MEMORY
Memory space
is to store the data
Data stored
in binary files
There is a
fix number of files stored on a SIM
WHAT CANBE EXTRACTED FROM
CELL PHONE
There is
very much depend on the type and model, may included
1-
IMEI
2-
SHOR DIAL
NUMBER
3-
TEXT/MULTI
MEDIA MESSAGES
4-
SETTINGS(LANGUAGE,DATE/TIME,TONE/VOLUME
ETC)
5-
STORED
AUDIO RECORDINGS
6-
STORED
IMAGES/MULTIMEDIA
7-
STORED
COMPUTER FILES
8-
LOGGED
RECIVED AND DIALED NUMBERS
9-
STORED
EXECUTABLE PROGRAMS(E.G J2ME)
10- STORED CALENDAR EVENTS
11- GSM, GPRS, WAP AND INTERNET SETTINGS
WHAT CAN OBTAINED FROM
NETWORKING OPERATOR
As we know
the HLR is maintained at MSC and it is the access of the network operators. So
Network Operations can provide detailed data on calls/SMS made or received,
account details, data transferred and connection location/timing.
The HLR can
provide
1-
CUSTOMER
NAME AND ADDRESS
2-
BILLING
AND USER NAME AND ADDRESS (IF OTHER THAN CUSTOMER)
3-
BILLING
ACCOUNT DETAILS
4-
TELEPHONE
NUMBER(MSISDN)
5-
SIM
SERIAL NUMBER (AS PRINTED ON THE SIM CARD)
6-
PIN/PUK
FOR THE SIM
7-
SUBSCRIBER
SERVICES ALLOWED
8-
COMPLETE
CDR I.E CONTACT, SIM, DEVICE, LOCATION DETAILS
0 Comments