Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mobile Forensics Cookbook

You're reading from   Mobile Forensics Cookbook Data acquisition, extraction, recovery techniques, and investigations using modern forensic tools

Arrow left icon
Product type Paperback
Published in Dec 2017
Publisher
ISBN-13 9781785282058
Length 302 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Igor Mikhaylov Igor Mikhaylov
Author Profile Icon Igor Mikhaylov
Igor Mikhaylov
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. SIM Card Acquisition and Analysis FREE CHAPTER 2. Android Device Acquisition 3. Apple Device Acquisition 4. Windows Phone and BlackBerry Acquisition 5. Clouds are Alternative Data Sources 6. SQLite Forensics 7. Understanding Plist Forensics 8. Analyzing Physical Dumps and Backups of Android Devices 9. iOS Forensics 10. Windows Phone and BlackBerry Forensics 11. JTAG and Chip-off Techniques

Introduction

The main function of a SIM card is the identification of a user of a cellular phone on the network so that they can get access to its services.

The following types of data, which are valuable for an expert or investigator, can be found in the SIM card:

  • Information related to the services provided by the mobile operator
  • Phonebook and information about calls
  • Information about messages exchanged
  • Location information

Initially, SIM cards were almost the only source of data about the contacts of the mobile device owner, as the information about the phonebook, calls, and messages could be found only in their memory. Later, the storage of these data was relocated to the mobile devices memory and SIM cards began to be used only to identify subscribers in cellular networks. This is why some of the forensic tools developers, for the examination of mobile devices, decided not to include the SIM cards examination function in their products. However, today there are a lot of cheap phones (often, we call them "Chinese phones") with limited memory capacity. In these phones, part of the phone owners' data is stored in the SIM cards. This is why the forensic examination of SIM cards remains relevant.

SIM card is a regular smart card. It contains the following main components:

  • Processor
  • RAM
  • ROM
  • EEPROM
  • A file system
  • Controller I/O

In practice, we come across two kinds of SIM cards with six and eight contacts on the contact pads. This happens because the two contacts do not directly interact with the phone (smartphone) and their absence decreases the size of the area occupied by a SIM card when it is placed in the mobile device.

SIM cards can use three types of supply voltage (VCC): 5 V, 3.3 V, 1.8 V. Each card has a particular supply voltage.

There is an overvoltage protection in SIM cards. This is why when a 3.3 V supply voltage SIM card is placed in the card reader, that can operate only with 5 V supply voltage (old models), neither the information nor the SIM card can be damaged, and it will be impossible to work with this SIM card. As such, an expert may think that the SIM card is faulty. However, it is not so.

The forensic examination of a SIM card, before data extraction from the mobile device, where it is installed, is unreasonable. As the user's data stored in the memory of the mobile device, it can be reset or deleted during the process of removing the SIM card.

For analysis, a SIM card has to be removed from the mobile device and connected to the expert's computer via a specific device: a card reader.

Based on the previously mentioned information about SIM cards, we can figure out the main requirements to a card reader device with which it will be comfortable for an expert to examine SIM cards:

  • The card reader device has to support smart cards with supply voltage of 5 V, 3.3 V, and 1.8 V.
  • The card reader device has to support smart cards with six and eight contacts on the contact pads.
  • The card reader device has to support Microsoft PC/SC protocol. Drivers for this kind of devices are pre-installed on all versions of the Windows operating systems. This is why there is no need to install additional drivers in order to connect such devices to the expert's computer.

The following image shows an example of such a card reader:

SIM cards reader produced by «ASR» company, model «ACR38T».

Despite the fact that there are card reader devices designed for reading data from SIM cards, card reader devices designed for reading data from the standard size cards (having the size of a bank card) can be used. To work comfortably with these devices, a blank card, to which the SIM card is adjusted with some small pieces of tape, is used.


This is a SIM card adjusted with a bank card looks.
You have been reading a chapter from
Mobile Forensics Cookbook
Published in: Dec 2017
Publisher:
ISBN-13: 9781785282058
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at R$50/month. Cancel anytime