mobile phones & pda's

hmm intresting.. i've never pulled apart the inner workings of the phone myself, but wouldn't it log that it's trying to locate a signal? i know on many siemens phones you can totally de-select a provider but i guess either method could leave some sort of entry to the phones history. i will pm you

I don't think you have to go that far. They used a single layer of bronze screen and a cellphone to test it, no signal whatsoever.

if the phone is sim based, wouldn't it be easier to just clone the sim and work with it from there in?

cloning a SIM is not actually a cloning.
you can only create SIM with the same IMSI (it means with the same phone number), but cloning all text messages, address books etc should be performed by hands or by other software. and if you do not know PIN or PUK you will fail with any of these processes.

Hi there, yes I am very interested in mobile phone forensics. At present we do not handle them, and my constabulary uses an outside commercial agency (at some considerable cost) to examine seized phones for evidence. I would love to learn more on mobile phones forensics, as I feel it will be huge area in the future (and save my organisation money). Many challenging issues face forensics regarding mobile phones, including legal obstacles, such as the RIP (Regulation of Investigatory Powers) Act 2000 (UK) – which covers interception of communications data. One important factor is how do we conduct an examination without switching the phone on? Can it be done? As we do not wish to intercept any calls (as this would be against RIPA). I have heard of some companies using Faraday cages to handle this type of problem.

Here is an interesting link http//www.boltlightningprotection.com/Elemental_Faraday_Cage.htm

and here
http//www.mobileforensics.com/

I think a sub-board would come in handy, and I would contribute to the best of my ability.

Andy

Andy,

Try www.mobilephoneforensics.com it has some useful info on it that may help?

Simon

At this point in the game you almost have to "do the best you can" forensically speaking. If things are altered during your investigation you just have to be able to explin them in Court… I don't think in the near future we are going to be able to apply all of the appropriate forensic procedures to the cell phone world. (DOS BOOT SIM card anyone ? 😉 )

For the Blackberry's…Paraben Device Seizure works nicely! Also a combinatorial use of the BB Desktop Manager Backup to an .IPD file and your normal forensic tools examining the .IPD file…as well as connecting the .IPD file to the correct Blackberry Simulator helping to make nice screenshots…
Device Seizure is also helpful with the other SmartPhones (Win, Palm)…(all but the SideKick…Hello Danger….get a clue here!!!)

For everything else…it's the Swiss Army Knife approach. Depending on the mfg of the phone, the carrier technology and the model…pick a software tool…SIMCon, DataPilot Secure View, Cell/Device Seizure, TULP2G, BitPIM, Oxygen, MobilEdit, and the Moto and iDen tools…for the Hardware…the NIST doc (http//csrc.nist.gov/publications/nistir/nistir-7250.pdf) does a nice review of them all…including GSM .XRY, RadioTactics Mobile Toolkit, and even the LogiCube CellDek…

So many tools and I'm sure I've left off a few…

Rick
SmartPhoneForensics.com

Who knows PDA cables kit (except Paraben)?

if the phone is sim based, wouldn't it be easier to just clone the sim and work with it from there in?

cloning a SIM is not actually a cloning.
you can only create SIM with the same IMSI (it means with the same phone number), but cloning all text messages, address books etc should be performed by hands or by other software. and if you do not know PIN or PUK you will fail with any of these processes.

remember also that u need the Ki number but u will copy the phone line no the entire content if u want to copy the content of the sim u need the pin1 from the original and pin2 puk2 from the second one to be copied

I think that this discussion group is very important for Mobile Phone Analysis.
I have some question about Smart Card Reader and USIM.
Is it posssible that some device doesn't read USIM card ?
Is it an Hardware or Driver Porblem ?
Also Paraben reader device gives me this problem.
Can you help me ?

Thanks Anyway!

The Faraday cloth/bags are really impractical to work with and can lead to actually increasing the chance of a mobile receiving a signal if the investigator plugs in a charger to charge a spent battery. However this must all be weighed up in how important it is to ensure that any data on the mobile is not overwritten by a new message or call.

Althought this is an old post, I think its right to point out that there are some very good faraday bags that have actually been tested. My company does one for not very many dollars, is re-useable AND has a window in it which allows the examiner to 'Triage' it.

If you want to know more, please feel free to PM me.

Regards,