Blog

SIM Card Forensics – Complete Forensic Analysis of SIM Cards Explained

Carl Wilson | June 25th, 2015 | News, Updates

The SIM (Subscriber Identity Module) is an integrated circuit card (ICC) that plays the key role in managing and execution of this century’s cellular world. The SIM cards work on the principle of UICC (Universal Integrated Circuit Card) and USIM (Universal Subscriber Identity Module) applications. The complete SIM card forensics investigation swirls around the physical and logical structure of the used integrated circuit card.

SIM Card Forensic Analysis

The most peculiar and advantageous feature possessed by SIM cards is that the device on which the SIM cards persist, the complete user authorization, services, etc. gets transferred to that simultaneous device. An important point that needs to be noted while proceeding with the SIM card forensics is that, the deployment of the 2G SIM card networks is associated with the protocols laid down by UICC where as the 3G networks are attuned with USIM.

SIM Card Forensics – Understanding The Physical and Logical Structure

The global usage of SIM cards extends from GSM (Global System for Mobile Communications) and iDEN (Integrated Digital Enhanced Network) to that of satellite phone networks. Sim card holds two types of sophisticated tags: –

  1. Identity (termed as IMSI – International Mobile Subscriber Identity)
  2. Symmetric Key (recognized as Ki)

The IMSI are the identities that are used by the mobile communication networks for interconnection. Every individual is identified as a uniquely registered user in reference with IMSI. IMSI, in a manner, is similar to the mobile’s IMEI (International Mobile Station Equipment Identity) numbers that are used to uniquely identify cellular equipments.

The SIM cards come in three different sizes: –

  1. Standard SIM Card
  2. microSIM
  3. nanoSIM

SIM Card Forensic Analysis

The attributes associated with SIM card hardware include: –

  • CPU: – As per current standards, 16-bit is in use.
  • RAM: – Two types of RAM persist. Size lies between 1 to 4 kb.
  • EEPROM/Flash: – Size lies between 4 to 64 kb.
  • Encryption: – DES, AES, RSA and DSA hashing encryptions are supported as per the latest standards.

Forensic Analysis and Understanding of SIM Card Applets

The SIM card forensic analysis can be started with the investigation of Applets. Applets are small programs that are used by the SIM cards (mainly GSM) on UICC.The applet is meant for carrying out of all the activities such as running internet, sending SMSes, receiving and sending calls and many more. As per stats collected from some law enforcement agencies, these applets are being used by hackers in mobile banking application to hack into user accounts.

The security parameters of SIM cards are moderated and governed by the MF (Master File), DF (Dedicated File) and EF (Elementary File) attributes.

The crucial data that can be extracted via forensic SIM card analysis and can be used in the later part of investigation involve: – International Mobile Subscriber Identity (IMSI), Mobile Country Code (MCC), Mobile Network Code (MNC) and Mobile Station International Subscriber Directory Number (MSISDN).

The IMSI number collected from SIM cards helps the forensic investigators to identify the nationality and preferred language of the suspect. In addition to this, the figures under the MSISDN assist in carving out the calls and simultaneous contact numbers that went from the suspect’s SIM card.

Peculiarities of SIM Card Forensics

  • The list of frequently traversed contacts remains stored in the data logs of SIM cards.
  • The SMSes sent over a network can also be traced via SIM cards. The level of accuracy can be understood by the fact that even the unread messages can be retrieved.
  • The SIM card always stores the location of the subscriber. As a SIM card keeps on attaching and detaching itself to various network towers, therefore, the location of each and every tower gets stored. This, location of latitude and longitudes provides info about where the location of the subscriber has been at a certain point of time.

A number of advanced forensic SIM readers and SIM card analysis software are available in the IT market. Controversy or no controversy, these tools often play a key role in achieving success over various criminal cases. One such SIM card forensic analysis tool can be obtained by visiting the following platform: –

http://lastsimdetails.blogspot.co.uk/

The specialization of this technology is that it efficiently provides details about the last SIM card that was used in the device.

Thus, we can say that most of the criminal activities can be tracked via SIM card forensics. SIM card were a revolution in the cellular world, but if used inappropriately, can prove to be an insignificant approach.