Text message data ...
 
Notifications
Clear all

Text message data analysis

9 Posts
4 Users
0 Likes
794 Views
(@heviarti)
Posts: 8
Active Member
Topic starter
 

This should be a pretty easy one to answer;

I have received an optical disc full of text messages from a victim of stalking and harrassment. The data was provided by Verizon and include what could be called a header. I am familiar with examining email headers and tcp/ip packets or dumps of them, but I can't seem to find a good reference on reading one of these. What is each of these fields?
I googled 'text message analysis' and got something which is supposed to 'decode vague messages from your boyfriend' and another article on retrieving deleted sms messages.

It does seem the 'originating MSID' differs from the reply to number, which says to me there may be some sort of cloaker being used. I don't know what other factors to look for to determine any more about the method of misdirection being applied. Unfortunately, I don't have a copy of the disc right here to paste a redacted example of a 'header'… but I'm reasonably sure that it's a standard enough format that someone will already know about it.

 
Posted : 13/04/2013 8:00 pm
EricZimmerman
(@ericzimmerman)
Posts: 222
Estimable Member
 

every provider, and every phone even, can be different in how it stores the data, so its time to reverse engineer those files unless verizon provided the layout.

 
Posted : 13/04/2013 9:28 pm
(@heviarti)
Posts: 8
Active Member
Topic starter
 

These are as supplied by the provider, from their logs. Again, the provider is verizon. They mailed an optical disc with a password protected PDF containing the messages with 'headers'. I'm merely using the word 'header' for lack of a more technically correct term.

All the fields are marked, I'm just not entirely sure what I'm looking at. I know tcp/ip, and emailed headers very well; I am totally unfamiliar with analyzing messages for anything other than linguistic abberance.

 
Posted : 13/04/2013 10:30 pm
(@trewmte)
Posts: 1877
Noble Member
 

These are as supplied by the provider, from their logs. Again, the provider is verizon. They mailed an optical disc with a password protected PDF containing the messages with 'headers'. I'm merely using the word 'header' for lack of a more technically correct term.

All the fields are marked, I'm just not entirely sure what I'm looking at. I know tcp/ip, and emailed headers very well; I am totally unfamiliar with analyzing messages for anything other than linguistic abberance.

heviarti are you able to post a sample or send an PM to me with a sample?

 
Posted : 14/04/2013 12:41 am
hcso1510
(@hcso1510)
Posts: 303
Reputable Member
 

I've not obtained anything on disk in a while, but frequently get records from their portal in pdf format. You may not get it during the weekend, but have you thought to call them Monday and ask them for a detailed sms key which lists what all the columns in the report actually indicate?

 
Posted : 14/04/2013 1:02 am
(@heviarti)
Posts: 8
Active Member
Topic starter
 

I have a redacted copy to put up, but I'm not sure which hieroglyphic is 'upload image'

 
Posted : 14/04/2013 6:06 am
hcso1510
(@hcso1510)
Posts: 303
Reputable Member
 

Is this similar to what you are talking about?

Search Target Duluth220_FDA
Log Written 11/16/2011 164344 Number of attempts 1
Message arrival 11/16/2011 164338 Last Cause Code 256
Final Disposition 11/16/2011 164344 Message Final Status Delivered
Message Source AlphaPg Input Label UNDEF
Source Protocol MO Output Protocol SS7
Input Port 0 Output Port 0d
Operation Type new_msg_arrival HLR Address full_digits
Orig. MSC PC 204.224.011 Message Dest. Address 204.224.11
Call Back number Message MSID 4237101357Originating DN 4235822468 Terminating DN 4237101234
Originating MSID Terminating MSID 4238265678
Originating COS 50 Terminating COS 50
Originating Num. Plan 2 Terminating Num. Plan 2
Originating Num. Type 7 Terminating Num. Type 2
Billing Id 0 Billable false
Delivery Init. Method Default Broadcast message false
Priority 0 Data Header Indicator false
Subscriber Rating 0 Message Rating 0
Message ID 15807012904400 Message TeleService 4098
Length of text message 32 Data Coding 0
Message Text
[ Message to 4235822468 Delivered. ]

 
Posted : 14/04/2013 6:41 pm
(@heviarti)
Posts: 8
Active Member
Topic starter
 

Similar, but not quite. I have an image ready to go, but the form to upload an attachment is not present or obvious. If I had some form of workable OCR, or a way to guarantee the formatting, i'd take the 20 minutes and just type it in. Does anyone know where the dialog for attaching a file to a post is hiding?

 
Posted : 14/04/2013 9:40 pm
(@heviarti)
Posts: 8
Active Member
Topic starter
 

I really didn't want to do it this way, but here it is.

After a while I'll delete the link.

 
Posted : 14/04/2013 11:41 pm
Share: