PDF1

Transcription

PDF1

Cell Phone Data Acquisition and
Examination
Overview
•
•
•
•
Cellular telephone network background
Cell Phone Analysis Tools
Case study: Acquiring data from a cell phone
References and Information Resources
© 2006, Gary C. Kessler
1
1
Cellular Telephone Network
Background
2
Cellular and Landline Networks
Source: http://www.privateline.com/Cellbasics/Cellbasics.html
3
2
Frequency Reuse and Cells
• A cell site is the tower (mast) with antenna
• A cell is the area covered by the radio
signals from the tower
• The available spectrum is divided into
seven subsets so that a set of seven cells are
using different frequencies
» Frequencies are then re-used without
interference
4
Arrangement of Cells
2
7
2
7
2
7
3
1
6
6
7
2
7
3
1
6
3
1
6
4
4
5
4
5
2
5
6
1
4
3
1
3
4
• Each hexagon represents a cell
(with a tower)
• Total available frequency is
divided into seven for maximum
radio frequency reuse and
minimum interference
• Each cell with the same number
is using the same set of
frequencies
5
5
5
3
The Antenna
• The cell site mast generally has
three "faces" -- each with
several frequency agile,
directional antennae
» Each face covers approximately
120° of the cell
» Each face uses a different subset
of that cell's assigned frequencies
• Antenna tower is at the center of
the cell
6
Types of Cell Phone Systems (1)
• Advanced Mobile Phone Service (AMPS)
» Analog using FDMA
» U.S./Canada-only, should be gone by 2008
• IS-136
» Digital cell network in U.S./Canada using TDMA
» Can also operate in AMPS mode
• IS-95
» Digital cell network in U.S./Canada using CDMA
» Can also operate in AMPS mode
7
4
Types of Cell Phone Systems (2)
• Global System for Mobile communication (GSM)
» Digital cell phone network using TDMA
» Used worldwide (originally Groupe Spécial Mobile)
» U.S./Canada GSM phones are not compatible with international
systems
• Cingular Wireless, T-Mobile USA, et al.
• Integrated Digital Enhanced Network (iDEN)
» Proprietary Motorola system, used internationally
• Sprint Nextel (U.S. and other countries), TELUS (Canada), et al.
» Employs TDMA for two-way voice and walkie-talkie modes
•
Note: Bolded abbreviations above represent the common (although sometimes
technically incorrect) usage!
8
Definitions...
• Frequency Division Multiple Access (FDMA)
» Each call is on a different frequency
• Time Division Multiple Access (TDMA)
» Multiple calls are each assigned time on a shared
frequency
• Code Division Multiple Access (CDMA)
» Calls are assigned a code and hop through the
given set of frequencies (spread spectrum)
9
5
Cell Phone Radio Frequencies
• U.S./Canada uses 800 MHz and 1900 MHz bands;
rest of world uses 900 MHz and 1800 MHz
Network Type
Uplink (Base
Station Rcv.)
Downlink (Base
Station Xmt.)
AMPS
824-849 MHz
869-894 MHz
TDMA (IS-136)
824-849 MHz
869-894 MHz
CDMA 800 (IS-95)
824-849 MHz
869-894 MHz
CDMA 1900 (IS-95)
1850-1910 MHz
1930-1990 MHz
iDEN
806-821 MHz
851-866 MHz
GSM 800
824-849 MHz
869-894 MHz
GSM 900
890-915 MHz
935-960 MHz
GSM 1800
1710-1785 MHz
1805-1880 MHz
GSM 1900
1850-1910 MHz
1930-1990 MHz
10
Cell Phone Channels
• Different channels for control (e.g., cell tower hand-off, or
signaling between tower and phone), messaging, and
forward and reverse communication paths
# Chan. per
Carrier
Total One-Way
Bandwidth
Carrier
Bandwidth
AMPS
25 MHz
30 kHz
1
832
TDMA (IS-136)
25 MHz
30 kHz
3
2496
CDMA (IS-95)
25 MHz
1250 kHz
85
1700
Network Type
Total #
Channels
iDEN
15 MHz
25 kHz
3
1800
GSM
25 MHz
200 kHz
8
1000
11
6
Numbers: ESN & MIN
• Electronic Serial Number (ESN)
»
»
»
»
»
Unique 32-bit code identifying the telephone
Burned in by manufacturer
Usually printed on label in hex and/or decimal
Sent by phone to carrier whenever call is made
Not used in GSM phones
• Mobile Identification Number (MIN)
» Cell phone number
» Non-GSM
12
Numbers: MEID
• Mobile Equipment Identification (MEID)
» 32-bit ESNs have been used since mid-1980s
and continued to be used for backwardcompatibility
» Exhaustion of ESN space expected by 2007
» MEID is 56-bit serial number, intended to
replace ESN (non-GSM)
• Somewhat problematic since no carrier yet supports
MEIDs....
13
7
Numbers: IMEI (1)
• International Mobile Equipment Identity
» Unique 15-digit number to identify GSM handset;
generally on label on back of phone
• Basis of an LE request for "handset history"
» Old format (phones manufactured before 1 April 2004):
aabbbbb-cc-dddddd-e
• Type Approval Code (TAC): aabbbb
– (aa = country code)
• Final Assembly Code (FAC): cc
– Device manufacturer (e.g., Nokia = 10 or 20; Motorola = 07 or 40)
• Device Serial Number (SNR): dddddd
• Check digit: e
– Usually set to 0
14
Numbers: IMEI (2)
• IMEI (cont.)
» New format (phones manufactured since 1 April 2004):
xxxxxxxx-dddddd-e
• Type Allocation Code (TAC): xxxxxxxx
• Device Serial Number (SNR): dddddd
• Check digit: e
– Set to 0 in GSM Phase 1 phones
• IMEI is stored in Equipment Identity Register
» Can usually be displayed by dialing *#06#
15
8
IMSI
• International Mobile Subscriber Identity
» Unique 15-digit code that identifies individual user of a
GSM network
• Mobile Country Code (MCC) - 3 digits
• Mobile Network Code (MNC) - 2 digits (3 in U.S./Canada)
• Mobile Subscriber Identity Number (MSIN) - 10 digits (9 in
U.S./Canada)
» Examples (MCC-MNC):
•
•
•
•
Australia, Telstra MobileNet: 505-01
Israel, Orange: 425-01
U.S., Cingular: 310-150
U.S., Nextel: 316-010
16
PINs and PUKs
• Personal Identity Number (PIN)
» 4-8 digit code to secure phone from
unauthorized use (PIN) or secure priority
memory (PIN2)
• If PIN/PIN2 is entered incorrectly three
times, the phone is locked
» Personal Unblocking Key (PUK) and PUK2 are
used to unlock the PIN/PIN2
17
9
Protocols
• Short Message Service (SMS) used for text messages
» Allows for short messages, up to 1120 bits
• 160 7-bit characters, 140 8-bit characters, or 70 16-bit international characters
• Some phones store some of the user's T9 word list
• Enhanced Message Service (EMS)
» Extension to SMS; allowed exchange of ringtones and simple graphics
» Limited size attachments; required no infrastructure change
• Multimedia Message Service (MMS)
» Supports true audio, image, and video attachments
» Designed for GSM and CDMA
• Binary Runtime Environment for Wireless (BREW)
» Qualcomm's application development platform for cell phones
» Apps include e-mail, games, Internet radio, geographical positioning
» Works with TDMA, CDMA, and GSM handsets
18
Types of Cellular Phones
• Cell phone models are specific to signaling
method and, in some cases, to carrier
» Can support just about any combination of
AMPS, TDMA, CDMA, and/or GSM
• Multiband: Ability to operate on different frequencies
• Multimode: Ability to employ different technologies
19
10
System Identification (SID)
• Phones typically have a SID code burned in
at service activation
» 5-digit number assigned by FCC to identify
carrier
» One way for service to identify in-net calls
from roamers
» An unlock code is needed to allow the phone to
be switched to a different carrier
20
Subscriber Identification Module
• SIM gives a phone a unique identity
» Has onboard microprocessor
» Contains phone number, PIN(s), IMSI, text messages,
handset identifier, and saved phone numbers
• Found in GSM and Nextel/iDEN phones
» Allows for portability between carriers and/or countries
» GSM and iDEN phones are incompatible but the SIMs
are interchangeable
• Requires specialized reader
• LE note: An individual might possess multiple SIMs
for the purpose of having multiple telephone identities
21
11
Expansion Cards
• Adds memory or features to a cell phone
» Can store videos, photos, music, or data
» Can store phone book, calendar, or memo
• May be interchangeable between cell phone, PDA,
MP3 player, digital camera, etc.
» No standard interface
ATP MMCmicro 512
MB memory card
SanDisk miniSD 1.0 GB
secure digital card
Sony Memory Stick
Duo 256 MB memory
card and adapter
22
Call Setup (Simplified!)
• When placing a call...
» Phone sends MIN/phone number, ESN/IMEI, and called
number
» MTSO verifies MIN/ESN, connects to called party or
forwards to PSTN, and assigns transmit/receive
frequencies
• When receiving a call
» MTSO examines database to find phone's tower, connects
to phone, and assigns frequency pair
» Phone sees calling number
23
12
Cell Phone Billing Records
• Call data from a cellular service provider for a given
customer will include:
»
»
»
»
»
Date/time of call origination and termination
Called and calling party
Duration of call
Type of call (inbound, outbound, VMS access)
Originating and terminating tower
• Usually in form of the name of the tower
• Note that it is also possible to track a person in real time,
tower to tower even if they are not on a call
» This is due to the phone's normal communication with the towers
• Tower data is not kept on the phone itself
» Although it might be in the future, at least for the call period
24
Information Requests
• Cellular telephone companies respond to the
same 2703 preservation letters as other
providers
» Identify user by name and SSN
• Think "Scott Peterson"
» Try to limit the data/time range of the logs
25
13
Mapping Cell Towers
• We can obtain (presumably) longitude and latitude
information about the area's cell towers
Latitude
44.25295N
44.41431N
44.50880N
44.27834N
44.55046N
Longitude
72.58229W
73.03561W
73.18223W
73.21263W
72.82316W
Name
National Life (Montpelier)
French Hill (Richmond)
Watertower Hill (Colchester)
Mt. Philo (Ferrisburg)
Mt. Mansfield (Underhill)
• Creating a map for LE purposes can aid in investigations
» Need to work closely with carriers and cell tower owners for this
info
26
27
14
Useful References
• "Cellular Communications"
» http://www.iec.org/online/tutorials/cell_comm/index.html
• "How Cell Phones Work"
» http://www.howstuffworks.com/cell-phone.htm
• "Mobile Phone"
» http://en.wikipedia.org/wiki/Mobile_phone
• Includes links to history, cell phone technologies (e.g., CDMA,
TDMA, GSM, network structure)
• "What is iDEN"
» http://idenphones.motorola.com/idenHome/common/what_is_iden.jsp
28
Cell Phone Analysis Tools
29
15
"Warning, Warning, Will Robinson!"
• Cell phones are very finicky
» Hardware and/or software that worked one day
might not work the next
» Hardware and/or software that works on one
phone might not work on another phone of the
same model
• There are standard operating systems and
communications protocols but no standard
hardware interfaces or file system
30
Hardware
• The biggest problem is the cables!!!
» No standard physical cell phone interface
• Two primary sources
» Susteen
» Paraben
• SIM reader
SUSTEEN DATAPILOT SECURE
VIEW (CARRYING CASE)
PARABEN'S CELL
SEIZURE TOOLBOX
SIM READER
31
16
Side Note on Cables
• Susteen DataPilot
» Most of the cables are USB
» No drivers required
» Also supports IR connections
» http://www.susteen.com
• Paraben
» Most cables are serial
» Motorola USB driver comes with software
» http://www.paraben.com
SUSTEEN DATAPILOT
SECURE VIEW (CABLES)
32
Software
• Software needed to access data on the
telephones
» Not all software supports all phones
» Not all software that does support a given
phone will get the same information!
» Software does not see "unallocated" space
• We essentially get a logical view of the phone
• No standard cell phone file systems!!
33
17
Cell Phone Features
• Information that may be recoverable depends upon
the cell phone model and analysis software, and
might include:
• Text messaging (SMS)
• Contact list
• Recent calls
» Inbound
» Outbound
» Incoming
» Outgoing
» Missed
• Multimedia messages
• Ringtones
• Custom wallpaper
• Voice memo
» Audio
» Video
• Calendar/Alarm
• Memo/notepad
34
DataPilot Secure View
• Works with a very large set of TDMA,
CDMA, and GSM phones
• Software might be able to find phonebook,
images, ringtones, calendar, and SMS
» Although SMS support actually seems rare
• http://www.datapilot.com/lawenforcement.htm
35
18
BitPim
• Open source and very comprehensive
• Can view and manipulate data on CDMA phones
» Not designed for forensics; intended for a person who owns a
single phone
• Must delete contents of the bitpim directory between exams or you
might end up with residual data (do not delete the directory itself!)
» Designed to allow reading and writing of cell phone data
» May be able to see entire file structure of phone
• Can be exported to a ZIP file and opened in FTK
• http://www.bitpim.org/
36
Oxygen Phone Manager
• Works with Nokia (and some other CDMA)
and Symbian OS phones only
• When it works, gathers a wealth of
information
• http://www.oxygensoftware.com/
37
19
Paraben Cell Seizure
• Can be used to acquire a wide variety of
CDMA, TDMA, and GSM cell phones, and
SIMs
» Related software for PDAs
• Inconsistent quality
• http://www.paraben.com/
38
SIMCon
• SIM Content Controller
• Used to acquire SIM cards
» Intended for GSM phones
» Can acquire SIMs from iDEN phones (but not
phonebook)
• http://www.simcon.no/
» Free to LE
39
20
iDEN Phones
• Need phone-specific software to acquire
information
» E.g., iDEN Media Manager; iDEN Super Agent
(to remove PIN), iDEN Phonebook Manager
• http://idenphones.motorola.com/iden/support/showSoftwareDownloads.do
» Phonebook and call history are in the iDEN
phone handset, not the SIM
• This is why SIMCon cannot gather this information
40
Other Tools (1)
• MOBILedit! Forensic (COMPELSON Labs)
» Works with GSM, CDMA phones
» Supports IR, Bluetooth, or cable interface
» Read-only; Word or text report output
» http://www.mobiledit.com/forensic/
• pilot-link
» Open source command line utilities developed for Linux;
also runs on Windows, and MacOS
» For use with any PalmOS-based device
» Employs Palm Hotsync protocol
» http://www.pilot-link.org/
41
21
Others Tools (2)
• SIMIS (Crownhill Mobile Solutions)
» Hardware and software to extract and interpret data
from SIM cards
» http://www.crownhillmobile.com/
• TULP2G* (Netherlands Forensic Institute)
» Open source, Windows- and .NET-based software
framework for extracting and decoding data from
electronic devices
• Includes plug-ins for cell phones and SIMs
» Storage of data only; requires other software to
generate reports
» http://tulp2g.sourceforge.net/
*) Telefoon Uitlees Programma, 2e Generatie; Dutch for "Telephone Extraction Program, 2nd Generation"
42
Others Tools (3)
• .XRY (Micro Systemation)
» Forensics software for over 170 GSM, CDMA, and
other phones, and SIM cards
» Cable (USB), IR, and Bluetooth connections supported
» Data stored in proprietary format but can be exported
» http://www.msab.com/en/
43
22
Other Tools (4)
• Logicube CellDEK
»
»
»
»
Self-contained unit
Integrated hardware and software
USB adapters, IR, Bluetooth
Can acquire data from 160 cell
phone and PDA models, including
SIMs
• http://www.logicubeforensics.com/products/hd_duplication/celldek.asp
44
When All Else Fails
• If you can't find a cable that works or you can't
acquire the information that you need with the
software, use a still and/or video camera
» For better pictures, try tilting the camera slightly so that
you are not at a 90° angle
» Get manual so that you know what buttons to push to
display the data of interest
» A dry run may not be a bad idea...
» Turn off microphone if using video!!
http://www.projectaphone.com/
45
23
Blocking Incoming Calls
• Analysis must be done on a phone that is powered
ON...
» But it is essential that phone not receive any calls, text
messages, or other communication
• Stand-alone/airplane mode
• Block incoming signals with:
» Faraday cage, Faraday room
» "Faraday box" (homegrown)
» Cell phone signal disrupter
• Devices have range of 5-10 m (17-33')
• Not illegal to possess but against FCC regulations to use
http://www.globalgadgetuk.com/Personal.htm
46
Cell Phone Analysis
• Need to obtain phone's identifying information
» E.g., Manufacturer and model number, ESN/IMEI,
serial number, and anything else
» If phone is ON, do the analysis first and get identifying
phone information second, if possible
» If phone is OFF, pop the battery to get info from label
and then do the analysis
• In either case, verify information on label with
information stored in phone
47
24
A Few General Notes
• GSM phones will have a SIM, as will some non-GSM
phones
» If there's no SIM, probably not GSM
• Phone needs to be powered ON prior to starting acquisition
software
» Generally doesn't matter whether ON or OFF prior to actually
plugging it in
• If plugging into a serial cable, may need to reboot computer
• Non-volatile RAM
» Phone number usually located in NVRAM register 0
» PIN (4 digits) is usually located in NVRAM register 2
• Usually around offset 0x60-0x7F near a 6-digit programming code and
another 6-digit security code
48
Generic Steps
• Visit Mobile Forensics
» Obtain hints about analysis of this model phone
• Visit Phone Scoop
» Obtain detailed info about this model phone
•
•
•
•
Obtain phone manual, if necessary
Find proper plug
Isolate phone from communications network
Use all available software that supports phone
49
25
Information Web Sites
• Mobile Forensics (http://www.mobileforensics.info/)
» Excellent general cell phone information
» LE-only portion of Web site includes telephone
database with hints and tips about investigating
different phones
• Phone Scoop (http://www.phonescoop.com/)
» Site contains pictures and features of all major
telephones and models
50
Case Study: Analysis of a Real
Cell Phone
51
26
Case Study
• The author's phone
» Live analysis with non-isolated phone
•
•
•
•
•
•
Manufacturer: LG
Model: VX-6100
Service provider: Verizon
ESN: 2B047916 (hex)
Serial number: 373LMVY1928736
Phone number: 802-555-1586
52
Mobile Forensics Database
53
27
54
55
28
Phone Scoop
• Next stop, to discover phone
features, photos, additional
information...
phone.php.htm
• Obtain manual if this is an
unfamiliar phone
» If not available at Phone Scoop,
try Google
56
Phone Scoop Photos
• Pictures may be good to add to report...
57
29
Susteen DataPilot
• VX-6100 uses
LG3 cable (USB)
• Set up software
» Note supported
telephone features
» Note: VX-6100
has SMS but this
software won't see
the text messages
58
DataPilot Interface
Exit program
Phonebook
Image
Calendar
Ringtone
Settings
SMS
59
30
802-555-6676
802-555-5016
532-555-3226
802-555-3916
802-555-1136
802-555-0406
802-555-5016
802-555-0506
802-555-3333
802-555-7436
802-555-2706
802-555-1316
802-555-6886
725-555-3246
802-555-6806
987-555-2776
802-555-6806
640-555-6876
802-555-0576
482-555-9326
380-555-1656
531-555-5916
802-555-0286
784-555-0316
802-555-8936
482-555-0196
293-555-8146
380-555-7486
802-555-0206
802-555-6126
802-555-7186
802-555-1111
802-555-6446
802-555-0216
802-555-1116
802-555-9999
802-555-2746
Can export as .CSV file
531-555-9396
531-555-6106
482-555-6916
60
61
31
Can be saved to local
hard drive
Best to keep phone's
directory structure and
file names
Laurie carrying Maya
62
63
32
Only a little disconcerting...
because:
a) The phone supports SMS
text messaging, and
b) There are text messages
on board
64
BitPim
• Remember to delete contents of bitpim
directory
• Can set to
write-block
» But it's not perfect
65
33
BitPim Information Setup
• Note the phone feature
data that is available
• Phone info matches the
external labels
2B047916
8025551586
66
Right-click "/" to backup file
system as ZIP file
67
34
Note PIN and
banner
message
(380) 555-1651 (Home)
(293) 555-8146 (Cell)
(725) 555-3246 (Cell)
(531) 555-5916 (Cell)
(482) 555-9326 (Home)
(802) 555-2706 (Office)
(802) 555-6886 (Cell)
(802) 555-8936 (Cell)
(802) 555-3916 (Cell)
(802) 555-7436 (Cell)
(802) 555-5016 (Home)
(987) 555-2776 (Cell)
(802) 555-1136 (Cell)
(802) 555-5016 (Cell)
(802) 555-6806 (Office)
(802) 555-1316 (Cell)
(802) 555-0206 (Cell)
(802) 555-0406 (Cell)
(640) 555-6876 (Cell)
(532) 555-3226 (Home)
(802) 555-0506 (Cell)
(482) 555-0196 (Cell)
68
(802) 555-2746 (Office)
(531) 374-9396 (Home)
(531) 495-6106 (Home)
(802) 555-02026 (Office)
(802) 555-6126 (Home)
Can export as .CSV file
(802) 555-1116 (Office)
(802) 555-7186 (Home)
(380) 555-7486 (Cell)
(482) 555-6916 (Home)
69
35
70
71
36
72
73
37
8025551136
(802) 555-1586
74
75
38
76
77
39
Analysis With FTK
• FTK can open the BitPim file structure
saved in the ZIP file
» Open a new case; import data from an
individual file (the ZIP file)
» FTK will parse the data but it is really only
formatting; there is no interpretation
78
79
40
80
81
41
82
8025551136
8025555016
5345553226
3805557486
8025553916
8025550206
7845550316
8025551136
8025556126
8025556446
8025550476
8025557186
8025555016
8025550476
8025558856
83
42
8025551136
84
8025551586
8025551136
85
43
8025553916
Gayle
8025555016
Joshua
8025556676
Sarah
8025551136
John Rogate
8025552266
N1Np
7255553246
Bob Edwards
Restricted
8305558806
86
8025551136
John Rogate
8025551586TT1121#
Voice Mail
8025553916
Gayle
4145551666
8025552706
Champlain College
8025556446
9115555236
8025550136
8025556676
Sarah
87
44
8025551136
John Rogate
8025553916
Gayle
8025550136
8025553916
Gayle
8025556676
Sarah
8025550136
8025553916
Gayle
2Gl1
8025553916
88
Case Study #2: GSM Phone
• Motorola V505
» GSM 850 / GSM 900 / GSM 1800 / GSM 1900
• Use SIMCon to examine SIM card
89
45
Alfred Hitchmans: 8025556396
JIMY: 5885554556
716: 7255557716
OREGON: 9975558366
Annie: 5955551846
Eva: 6315551446
Cary.G: 14755551886
HBOGART: 18025552266
MAUSTIN: 5605554376
BOSTON: 5556056
WARD: 16935559766
JOEY.CELL: 16965554356
ROBIN: 5885550996
VICTOR: 5805555856
BETTY: 12935550486
MARIA: 19753827856
GABS: 15805550316
Alfred Hitchmans: 8025556396
JIMY: 5885554556
716: 7255557716
OREGON: 9975558366
Annie: 5955551846
Eva: 6315551446
Cary.G: 14755551886
HBOGART:
HBOGART: 18025552266
18025552266
MAUSTIN: 5605554376
BOSTON: 5556056
WARD: 16935559766
JOEY.CELL: 16965554356
ROBIN: 5885550996
VICTOR: 5805555856
Alfred Hitchmans
BETTY:
12935550486
JI
MY
MARIA: 19753827856
716
GABS: 15805550316
HBOGART
(in) How are you
Thanks for hanging in
(in) Work
(in) 20
(in) Maybe later
(in) Pls call later when home
(in) Pls call im begging
(in) Call when u can
(del) Why r u doing this 2 me
(del) You make me cry
(del) Im so sorry
(del) Call
(del) Call
(del) You at work yet
(del) This is pissing me off
90
(in) How are you
Thanks for hanging in
(in) Work
(in) 20
(in) Maybe later
(in) Pls call later when home
(in) Pls call im begging
(in) Call when u can
(del) Why r u doing this 2 me
(del) You make me cry
(del) Im so sorry
(del) Call
(del) Call
(del) You at work yet
(del) This is pissing me off
91
46
Final Comments and References
92
Legal Issues
• Cell phones are radios and, therefore, covered by
ECPA and Title III
• Open legal issues include:
»
»
»
»
When can you search a cell phone?
What actions constitute a search?
When can you seize a cell phone?
How do you interact with the cell phone carrier and/or
the cell tower owner?
• Decisional law still emerging
» Ref: Dick Reeve
93
47
Search Incident to Arrest
• Should it be routine to search a cell phone
in the name of officer's safety?
Cell Phone Guns
http://urbanlegends.about.com/
library/bl_cell_phone_guns.htm
Cell Phone Stun Gun
http://www.safetyproductsunlimited.com/
cell_phone_stun_gun.html
94
Additional References
• Cell Phone Forensic Tools: An Overview and Analysis
(NIST)
» http://csrc.nist.gov/publications/nistir/nistir-7250.pdf
• "Evidence in Mobile Phone Systems" (Willassen)
» http://www.mobileforensics.com/
• "Forensics Examination of Mobile Phones" (Mellars)
» Digital Investigation, December 2004, 1(4), 266-272
95
48
Acronyms and Abbreviations
AMPS
BREW
CDMA
CSV
ECPA
EMS
ESN
FCC
FDMA
GSM
iDEN
IMEI
IMSI
IR
kHz
LE
MEID
MHz
Advanced Mobile Phone Service
Binary Runtime Environment for Wireless
Code division multiple access
Comma Separated Value format
Electronic Communication Privacy Act
Enhanced Message Service
Electronic Serial Number
Federal Communications Commission
Frequency division multiple access
Global System for Mobile communications
Integrated Digital Enhanced Network
International Mobile Equipment Identity
International Mobile Subscriber Identity
Infrared
Kilohertz; thousands of cycles/sec.
Law enforcement
Mobile Equipment Identification
Megahertz; millions of cycles/sec.
MIN
MMS
MTSO
NIST
OS
PDA
PIN
PSTN
PUK
RAM
SID
SIM
SMS
SSN
TDMA
USB
VMS
Mobile Identification Number
Multimedia Message Service
Mobile Telephone Switching Office
National Institute of Standards &
Technology
Operating system
Personal digital assistant
Personal Identity Number
Public switched telephone network
Personal Unblocking Key
Random access memory
System Identification code
Subscriber Identification Module
Short Message Service
Social security number
Time division multiple access
Universal Serial Bus
Voice Message Service
96
49

PDF1

Transcription

Similar documents

Permazyme Base One

Brochure - Oliver Kessler Design

Gary L. Brandt, Faculty Northwest Indian College, [email protected]

Though best known for his sartorial splendor, Interpol`s Daniel

2010 Holiday - East Kessler Park Neighborhood Association

MOLLY SIMS - Gary Kaleda.com

17 - GWRRA WA-A!

Newsletter - Gary Plumery Foundation

April 20, 1995 - The Repository

Introducing our New Executive Director Pamela