08 - Logical / File System Examination

Question 1

Name a few good online Mobile Device Research sites?

Answer 1

• GSM Arena (www.gsmarena.com)
• Phonescoop (phonescoop.com)
• Phonearena (phonearena.com)
• Cellphone Knowledge Base (cpkb.org)
• IMEI Information Sites
  
  • GSMA device check
  • Numberingplans.com
  • IMEI.info
  • imeidata.net

Question 2

What are local device identification options?

Answer 2

• Type in to get IMEI: *#06#
• Labelling on device
• Use Mobile Device Forensic Tool

Question 3

Explain Logical / File System Examination?

Answer 3

Logical uses (vendor) API. Acquisition may provide limited data. Connects via cable or wireless methods. File system uses proprietary commands. May require multiple examination methods (Android: ADB + Android Backup + Android Backup APK Downgrade). Can provide some deleted data from databases.

Question 4

What does a examination tool validation include?

Answer 4

Evaluation reports, the use of test devices, comparison with other tools, comparison with network CDR or with app records.

Question 5

Name the three types of SIM UICC Reader?

Answer 5

• integrated into tool
• standalone tool
• clone SIM function

Question 6

Why is an examination log so important?

Answer 6

Can contain application Version, OS version, license key, type of examination. Identifies the cable used, the communication port used. Shows AT commands to read out data. Very good for fault finding.

Question 7

Explain the following AT commands:

• AT+CGMI
• AT+CGMM
• AT+CGMR
• AT+CGSN
• AT+CIMI
• AT+CNUM
• AT+CPBR

Answer 7

• Request ME manufacturer identification
• Request ME model identification
• Request ME revision identification
• Request ME IMEI
• Request IMSI
• Request MSISDN
• Read Phonebook Entries