Has anyone in here done computer investigations as it related to Telecommunication Bypass Fraud? This involves persons using illegal Gateways to bypass the international gateway and terminate international calls and let them appear as local calls.
In this case i went on an operation and seized a gateway box which was filled with local SIM cards. This gateway was also attached to the computer. I am trying to figure out what is the best way to approach the forensic analysis of the PC. Does anyone have any experience with this kind of situation? I tried looking at installed software etc…any ideas?
The computer (PC) will only be part of the investigation. The device you are referring to as a gateway suggests it is a SIMbox and analysis of this and the SIM cards you recovered will also be necessary to comprehend how the tools combined might have been used and then link them to an on-going investigation.
The computer (PC) will only be part of the investigation. The device you are referring to as a gateway suggests it is a SIMbox and analysis of this and the SIM cards you recovered will also be necessary to comprehend how the tools combined might have been used and then link them to an on-going investigation.
Thank you..I definitely have started my analysis of the SIM box and SIM cards. But what role does the PC's the device/s were connected to a plays in role at all in the investigation. If so, what are some things i can look for. I was thinking the SIM box creates some Logs of the sort on the computer it was connected with…Please advise..
I wont say too much in an open forum, not because i do not wish to share, simply i cannot be sure who is reading the content and therefore wont want to assist those who are less than honest.
It would also be useful Just.Encased if you inidcate who you are and your working role.
What is acceptable to mention; I assume you have taken a complete 'image' (inc compressed files, slack and free space) of the target PC hdd and created numerous copies for (a) analysis and (b) placing a clone HDD to run in a test bed PC.
Of the target SIMbox, do not switch it on and do not insert the SIM cards into the SIMbox in a switched ON state. (i) Just carrying out an analysis at this stage of what is on the SIM cards and thorough investigation into the SIM cards origins and working status etc? (ii) obtain a spec sheet of the SIMbox and its memory.
From a working copy of the hdd image (using the tools and associated search functions at your disposal) search for MCC, MNC, IMSI, MSISDN, ICCID etc
When the bandit kit was found were they in a fixed building location or truck/van/car?