Good evening folks,
I was in a conference today on a case where a LE agent made reference to questionable mobile phone text messages and referred to 'all
The embedded lines between the lines we see in a text, that tell everything'
Unfortunately I was not able to speak in this conference but I was questioning what it was he was speaking of, does anyone here know or have done work on a case where mobile phone text messages were in question and what evidence can be pulled from these and how?
Thanks
I know speaking of SMS text messages that there are embedded time and date stamps (hfs plus format). Of course you've also got the second party's phone #. I'm sure there's more.
I know speaking of SMS text messages that there are embedded time and date stamps (hfs plus format). Of course you've also got the second party's phone #. I'm sure there's more.
Greg,
Thanks for the reply, through some research I have been able to create text messages to one of my phones from the carrier's web site (e.g. Bell) and send it to the phone looking as though it came from a different phone which it did not. What I would like to find out is where if at all there is an identifier like in an email message header of truly where this message came from. I am working both with a Nokia phone and an LG which would be the phones in question in this case I was present in the conference.
The following is the structure and content of a SMS message.
· Header identifies the type of message.
· Service Center Timestamp
· Originator Address the phone number of the sender
· Protocol Identifier
· Data Coding Scheme
· User Data Length tells how long the message is
· User Data the message itself (140 bytes 160 7-bit characters, or 140 8-bit characters)
When you send an SMS message to an email address I believe the recipient's email address is actually embedded in the User Data portion of the message, either transparently or visibly depending on the phone or service I think. I’m not sure what information, if any, is stored when that process is reversed or when an SMS is sent via a web application, but I would think it’s reasonable to assume that it might be in the same place. If the structure and content of an SMS message is finite then there may be information that just isn’t stored. I’m still doing research.
Hi,
Yes, fatrabbit is correct. An SMS message is produced in PDU format. The format of the message is different depending on the if the message is sent or received. You might find the following useful
http//
To my knowledge there is no verification mechanism to ensure that SMS messages are genuine. This means that people can perform SMS Spoofing. Many websites that allow users to send SMS messages also include a line within the message to state it has been sent through a web interface however, like all things, this can generally be hacked by someone who knows how to manipulate forms. Additionally there is nothing to stop someone writing their own SMS sending script and inserting the fields for the originator and service centre to be any numbers they wish.
Thanks Samr -)