±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35535
New Yesterday: 1 Visitors: 152

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Network event anomaly

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

Type2
Newbie
 

Network event anomaly

Post Posted: May 04, 18 07:57

I have a full network activity download for a mobile phone number. Some text (sms) messages that were allegedly sent are not appearing on the activity however they were sent / received.

Are there any plausible reasons as to why a text message would not show on network activity?. There may be a possibility that at least one side of the conversation was sent via in flight WiFi on a plane however the device is an iPhone and the message appears as green which would suggest that it went via the network.

Any assistance or advice would be greatly appreciated!  
 
  

RolfGutmann
Senior Member
 

Re: Network event anomaly

Post Posted: May 04, 18 14:21

Sending SMS via in-flight Wifi is only possible if the Mobile Network Operator is enabling LTE WLAN Interworking, see here

de.slideshare.net/alla...-3-gppieee

Check with the Mobile Nework Operator (can also be a Virtual Operator then MVNO instead of MNO) of the UICC (aka SIM-Card) if they enable this on the respective activated subscription the suspect had. MNO often make a difference based on the respective subscription and do not offer technical capabilities in general for 'all users'.

Check by warrant to get the logs of the SMS Service Center of the MNO for court evidence.

Your further questions are welcomed.  
 
  

Type2
Newbie
 

Re: Network event anomaly

Post Posted: May 04, 18 14:33

Thanks for your reply. The network data was obtained via warrant (or RIPA as in Uk) however the certain messages don’t appear. Could it be that it was sent via the in flight medium thus went via the internet connection?  
 
  

kastajamah
Senior Member
 

Re: Network event anomaly

Post Posted: May 04, 18 20:52

A very basic thought, do you know any of the content of the text messages. For example, a phrase or a word that is not normally used. If you do, do a keyword search in your forensic tool and see where it finds it.

I have had success with this.

Also, is the victim sure it was a standard SMS message? Is it possible it was sent to a chat app that stores everything in the cloud? I have had several victims say they were text messaging, and it turns out they were using a third party chat app and not the standard messaging app provided on the phone.

Any chance a VPN or end-to-end encrypted app being used?  
 
  

Type2
Newbie
 

Re: Network event anomaly

Post Posted: May 04, 18 20:59

It’s a good idea but even down to spelling errors they appear legit. This has me stumped. Unless they have been sent via data yet for some reason the iPhone shows them as green as if sent by sms. I don’t know if this is a common phenomena.  
 
  

badgerau
Senior Member
 

Re: Network event anomaly

Post Posted: May 04, 18 22:52

Can you confirm if you have either one of the mobile phone handsets, in addition to the MNO logs? You mention a message showing as green?

If you have the handset/s, have you attempted to retrieve any deleted text messages from the handsets?

Are you analysing the sender or recipient's phone?

Can you confirm that all the messages were indeed sent as SMS messages through the MNO SMSC infrastructure as opposed to iMessage or some other Chat message, which bypasses the MNO SMSC Infrastructure and uses the internet.  
 
  

Type2
Newbie
 

Re: Network event anomaly

Post Posted: May 05, 18 07:59

Thanks for your reply. I have screengrabs of the conversation which is how I’m seeing they show green which is why I thought they were sms messages. I have the suspect phone however it is locked with a key code so as much use as a brick!

Is there a possible scenario then where non sms messages show as green on the iPhone to your knowledge then?  
 

Page 1 of 2
Page 1, 2  Next