Académique Documents
Professionnel Documents
Culture Documents
Mobile Country Code (MCC): consists of three decimal places and is used to
identify the country of origin of the SIM card.
Mobile Network Code (MNC): consists of two decimal places and is used in
conjunction with the MCC to identify the SIM cards network provider.
Location Area Code (LAC): consists of a maximum of five decimal places.
GSM networks are divided into LAs which are comprised of one or more radio cells.
Each of the LAs is uniquely identified within the network by its Location Area Code
(LAC). These numbers are stored on the SIM card, thus providing the handset with
its location. This also serves as a unique reference for the location of the subscriber
as well since the LAI is required before the handset can receive an incoming call.
When the subscriber roams into a new LA, the handset also stores the new LAI on
the SIM card, adding it to a list of the previous LAIs. After being powered off and
then powered back on, the handset will search the list of its stored LAIs until it finds
the one it is currently located in, thereby allowing service to resume. Analyzing the
SIM card can provide the geographical location(s) where the SIM card, the phone,
and the owner of the phone (suspect) may have been.
B. FORENSIC TOOL OVERVIEW
To analyze a SIM card, it is normally removed from the handset and inserted into an
appropriate reader. Command directives, called Application Protocol Data Units
(APDUs), are sent to the SIM by the tool to extract potential probative evidence that
may be present in the SIM file system. The original data on the SIM card is normally
preserved by the elimination of write requests to the SIM during its analysis.
Extracted data integrity can be maintained by the tool calculating the hash value(s)
of the data from the files created and re-verifying as necessary to demonstrate that
they remain unchanged. Some SIM tools extract and preserve data better than
others. As with any forensic tool, examiners need to thoroughly research those that
are available to determine which one(s) meet their needs. Most examiners are
aware (or should be) that no one tool will be able to extract all the data from every
different type of cell phone or SIM card. Listed below are some tools that examiners
commonly use. (Disclaimer: the summarized, edited information is presented
alphabetically and should not be interpreted as a competitive ranking. This
information was obtained from the cited Web sites and should not be considered as
endorsements by Forensic Magazine or the author nor should it be construed that
these are the only tools available):
Page 4 of 4