SIM partitions

You know what, I just can't be bothered.

I am obliged to you for speedily providing your candid admission.

I had a big long post up here but just deleted it.

Pity. I am sure with your experience there are many students and practising examiner members on this forum who either look up to you or would have been interested in what you had to say and would have welcomed your professional opinion about useful/non-useful information from (U)SIM. I know I certainly would have liked to have read your replies because I am concious of the fact the more I know the more I need to know. It could be you may have given me knowledge that I hadn't known before.

You have more mobile/sim knowledge than me so you win.

And if all those who have more mobile/sim knowledge than you where not here tomorrow, what then will you do, metaphoricially speaking, when the technical Devil raises its head?

you take yourself far too seriously )

The opposite to that is that you don't take your forensic work seriously enough?

Maybe Trewmte can add what Private data is?

I am sorry, but I am not entirely sure I have understood your question.

'Private' and 'Personal' are terms used in context with command-based or response-based requirements/operations e.g. public and private keys or de-personalisation etc.

Assuming private data means 'user content', are you asking for a list of those EFs that would be specific to user data as opposed to network data or where the users choices/actions cause network/SIM data to be generated?

Apologies if I have misunderstood.

Beware - soon to be mobile forensic practitioners.

Obtaining a forensic image of a mobile device is never really an easy process, unless lady luck is shining on you everyday (you could be unlucky like me, in receiving all the unsupported phones)

It is only until recently (last couple of years) that the mobile forensic tools (XRY/Cellebrite, add your own here) has made a significant progress. Partially this is due to increase in their staff numbers in research and engineering.

In your role, you might be expected to obtain forensic images of mobile devices, create custody forms, perform the analysis on the obtained forensic image, build a nice little story and drafting up reports.

In some cases, you might need to sort assistance with flasher boxes and chip off depending on the tool you use and/or the physical condition of the mobile device.

Unless you have superior coding/scripting skills you might also need assistance with decoding the forensic image into meaningful data which might take considerable time.

Your analysis might need you to proof when a specific SIM/uSIM cards was first initialised on the mobile device, how many different SIM/uSIM cards has been initialised on the specific phone. You might also need to proof how a SIM/uSIM card might has been forged.

If you can get into the field, you will get to play with a number of tools, as not one tool supports all. You will get challenges, you get to read alot of research papers, you will get to read a lot of electrical engineering/telecommunications standards.

Enjoy.

I am trying to find the elucidation of "Beware" in your writing, groper128, but no such luck.

mrgreen

I am trying to find the elucidation of "Beware"…..

10 Contents of the Elementary Files 11
10.1 USIM information storage requirements 11
10.2 Phone Book 11
10.2.1 Support of two name fields per entry 12
10.2.2 Support of multiple phone numbers per entry 12
10.2.3 Support of email address 12
10.2.4 Support of user definable groupings 12
10.2.5 Support of hidden entries 12
10.2.6 Number of entries 12
10.2.7 Void 12
10.3 Storage of call details 12
10.4 Void 13

"10.2.5 Support of hidden entries
The specification shall support means of marking Phone Book entries as "hidden"."

Perhaps the OP may help us out and indicate if the warning "Beware" was referenced to matters such as the above and why it is not a good idea to suggest there is little relevant on (U)SIM just because 'PnP' tools don't have the capability to detect certain data.

You may agree it is important to dis-spell the notion that because a (U)SIM Card can be quickly loaded into a (U)SIM reader tool this should also mean considering only a limited number of elementary files relevant to particular user content. After 20 years of SIM/USIM Cards it is important to be aware that the (U)SIM Card under examination may slot into any part of the smart card evolutionary programme until it is verified. Therefore, using a quick procedure based on rule-of-thumb that only certain files will ever be relevant does not guarantee all important evidence has been considered.

(U)SIM Examination (Physical) Pt1 - http//trewmte.blogspot.co.uk/2013/03/usim-examination-physical-pt1.html

(U)SIM Examination (Physical) Pt1 - http//trewmte.blogspot.co.uk/2013/03/usim-examination-physical-pt1.html.

Be careful when you post links, the board parser has included the final full stop in the link, making it invalid, this one works
http//trewmte.blogspot.co.uk/2013/03/usim-examination-physical-pt1.html

jaclaz

(U)SIM Examination (Physical) Pt1 - http//trewmte.blogspot.co.uk/2013/03/usim-examination-physical-pt1.html.

Be careful when you post links, the board parser has included the final full stop in the link, making it invalid, this one works
http//trewmte.blogspot.co.uk/2013/03/usim-examination-physical-pt1.html

jaclaz

I hadn't noticed this was happening. Many thanks jaclaz.

Update

(U)SIM Examination (Physical) Pt2 - http//trewmte.blogspot.co.uk/2013/05/usim-examination-physical-pt2.html