Network event anoma...
 
Notifications
Clear all

Network event anomaly

9 Posts
5 Users
0 Likes
938 Views
(@type2)
Posts: 4
New Member
Topic starter
 

I have a full network activity download for a mobile phone number. Some text (sms) messages that were allegedly sent are not appearing on the activity however they were sent / received.

Are there any plausible reasons as to why a text message would not show on network activity?. There may be a possibility that at least one side of the conversation was sent via in flight WiFi on a plane however the device is an iPhone and the message appears as green which would suggest that it went via the network.

Any assistance or advice would be greatly appreciated!

 
Posted : 04/05/2018 7:57 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Sending SMS via in-flight Wifi is only possible if the Mobile Network Operator is enabling LTE WLAN Interworking, see here

https://de.slideshare.net/allabout4g/wlan-3-gppieee

Check with the Mobile Nework Operator (can also be a Virtual Operator then MVNO instead of MNO) of the UICC (aka SIM-Card) if they enable this on the respective activated subscription the suspect had. MNO often make a difference based on the respective subscription and do not offer technical capabilities in general for 'all users'.

Check by warrant to get the logs of the SMS Service Center of the MNO for court evidence.

Your further questions are welcomed.

 
Posted : 04/05/2018 2:21 pm
(@type2)
Posts: 4
New Member
Topic starter
 

Thanks for your reply. The network data was obtained via warrant (or RIPA as in Uk) however the certain messages don’t appear. Could it be that it was sent via the in flight medium thus went via the internet connection?

 
Posted : 04/05/2018 2:33 pm
kastajamah
(@kastajamah)
Posts: 109
Estimable Member
 

A very basic thought, do you know any of the content of the text messages. For example, a phrase or a word that is not normally used. If you do, do a keyword search in your forensic tool and see where it finds it.

I have had success with this.

Also, is the victim sure it was a standard SMS message? Is it possible it was sent to a chat app that stores everything in the cloud? I have had several victims say they were text messaging, and it turns out they were using a third party chat app and not the standard messaging app provided on the phone.

Any chance a VPN or end-to-end encrypted app being used?

 
Posted : 04/05/2018 8:52 pm
(@type2)
Posts: 4
New Member
Topic starter
 

It’s a good idea but even down to spelling errors they appear legit. This has me stumped. Unless they have been sent via data yet for some reason the iPhone shows them as green as if sent by sms. I don’t know if this is a common phenomena.

 
Posted : 04/05/2018 8:59 pm
(@badgerau)
Posts: 96
Trusted Member
 

Can you confirm if you have either one of the mobile phone handsets, in addition to the MNO logs? You mention a message showing as green?

If you have the handset/s, have you attempted to retrieve any deleted text messages from the handsets?

Are you analysing the sender or recipient's phone?

Can you confirm that all the messages were indeed sent as SMS messages through the MNO SMSC infrastructure as opposed to iMessage or some other Chat message, which bypasses the MNO SMSC Infrastructure and uses the internet.

 
Posted : 04/05/2018 10:52 pm
(@type2)
Posts: 4
New Member
Topic starter
 

Thanks for your reply. I have screengrabs of the conversation which is how I’m seeing they show green which is why I thought they were sms messages. I have the suspect phone however it is locked with a key code so as much use as a brick!

Is there a possible scenario then where non sms messages show as green on the iPhone to your knowledge then?

 
Posted : 05/05/2018 7:59 am
(@danielb)
Posts: 30
Eminent Member
 

Screengrabs……………… I wouldn't trust those especially when you have no cdr to back them up.
Are you sure the screen grab is even from the chat mentioned and not some other app such as https://itunes.apple.com/us/app/textingstory-chat-story-maker/id1083676922?mt=8 or even good old Photoshop then screen grabbing the image when its open on the handset…. there are probably loads of other ways as well.

 
Posted : 10/05/2018 8:25 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Agree. Stop right now. Without the device no SMS forensics. Hard but fact.

 
Posted : 10/05/2018 10:51 am
Share: