ch4 - mobile frauds & countermeasures

Mobile Frauds & Countermeasures Session Objectives:

At the end of this Session, you will be able to understand –

Mobile Forensics.

Mobile Identification.

Mobile Tracking.

Lost Mobile Phone Tracking with IMEI.

Data Recovery from Sim Card & Memory Card.

How to take Lost Mobile Complaint?

Do’s & Don’t’s for the Mobile Users.

Chapter-4

All Rights Reserved. www.sedulitygroups.com 1

Introduction_________________________________________

Before we start understanding the Mobile Forensics or Mobile related frauds or crime, let us first understand the two major Mobile Technologies. The mobile industry in India is divided between the two technologies GSM and CDMA. While the earlier service providers had adopted the GSM technology, the new players have been using CDMA technology and have notched up a significant share of the Indian market. Hence any discussion on Mobile Forensics needs to take into account the presence of the two technologies. It is necessary for us to understand the basic differentiation of the two technologies as they may have an impact on the Forensics. An attempt is made here to present the fundamental technical aspects about the two systems.

GSM stands for Global System for Mobile Communications and CDMA stands for Code Division Multiple Access. They represent different systems of sharing of the radio spectrum for communication. Normally the radio spectrum can be shared by different users accessing the same frequency band without causing interference. The techniques used for this are TDMA (Time division multiple access), FDMA (Frequency division multiple access) and CDMA (Code division multiple access). GSM (Global System for Mobile Communications) is a form of multiplexing, which divides the available bandwidth among the different channels.

GSM is a combination of Time and Frequency-Division Multiple Access (TDMA/FDMA). The FDMA part involves the division by frequency of the (maximum) 25 MHz bandwidth into 124 carrier frequencies spaced 200 kHz apart. Each of these carrier frequencies is then divided in time, using a TDMA scheme. The fundamental unit of time in this TDMA scheme is called a burst period and it lasts 15/26 ms (or approx. 0.577 ms). Eight burst periods are grouped into a TDMA frame (120/26 ms, or approx. 4.615 ms), which forms the basic unit for the definition of logical channels. One physical channel is one burst period per TDMA frame. Thus GSM allows eight simultaneous calls on the same radio frequency.

CDMA (Code Division Multiple Access) is a form of multiplexing (access to the same resource will be given to more than one user), which allows the use of a particular frequency for a number of signals, optimizing the use of available bandwidth. It is a cellular technology that uses spread-spectrum techniques. In CDMA technology every channel uses the full available spectrum. Individual conversations are encoded with a pseudo-random digital sequence.

CDMA employs analog-to-digital conversion (ADC) in combination with spread spectrum technology. Audio input is first digitized (ADC) into binary elements. The frequency of the transmitted signal is then made to vary according to a defined pattern (code), so it can be intercepted only by a receiver whose frequency response is programmed with the same code, so it follows exactly along with the transmitter frequency. There are trillions of possible frequency-sequencing codes; this enhances privacy and makes cloning difficult. The technology is used in ultra-high-frequency (UHF) cellular telephone systems in the 800-MHz and 1.9-GHz bands.


GSM was first introduced in 1991 and until recently before the establishment of CDMA networks, GSM was the only mobile communication system present in the market. CDMA was first used during World War II by the English allies to foil German attempts at jamming transmissions. The allies decided to transmit over several frequencies, instead of one, making it difficult for the Germans to pick up the complete signal.

Since bandwidth is the major problem in the modern times the CDMA has a very clear advantage over the GSM in these terms. The number of channels (users) that can be allocated in a given bandwidth is comparatively higher for CDMA than for GSM. The cost of setting up a CDMA network is also comparatively less than the GSM network. Due to these advantages there is high probability that CDMA technology will dominate the future of mobile communications. The technologies are normally evaluated on the following three parameters namely the data transmission capacity, security and radiation levels.

Following table indicates the data transmission of different technologies:

Cellular technology Generation Data transmission capacity GSM 2G 56 Kps

CDMA (IS-95B) 2.5G 64 Kps - 140 Kps

CDMA 2000 3G 2 MBps The idea of technology with superior security is not a new one. In 1935, a Russian researcher Dmitrii Vasilevich AGEEV, published his book "The basics of linery selection theory", where he explained the concept of coding the signals. After the WWII, Soviet and American military communication systems started to use the concept very widely because of many valuable advantages of the system. The origin concept of CDMA scheme was recommended by QUALCOMM (the famous communication provider in the US and worldwide), however Korean research institute, ETRI and companies like Hyundai, LG, and Samsung performed its realization for the first time in the world in 1995. As of today many countries have accepted it as a national standard of mobile communication and worldwide number of CDMA subscribers has climbed to over 100 million. As already explained, CDMA uses a radically different approach to what GSM does. It assigns a unique "code" to put multiple users on the same wideband channel at the same time. The codes so-called "pseudo-random code sequence" is used by both the mobile station (handset) and the base station to distinguish between conversations. This gives a greater level of privacy and security to the communication. As far as radiation level concerned, CDMA is the most harmless one among all existing technologies. Of course, it transmits microwaves while on standby mode, like other technologies do. However, CDMA technology checks 800 times per second its transmission level. Therefore, radiation level is 10 times less than GSM. Another important thing to point out is that CDMA system transmits signals only when the user starts conversation. Simply saying, when you're listening the other ends conversation, you are not affected by microwave as the speaking person does.


4.1 Mobile Forensics:__________________________________

The increasing use of Mobile phones by the population as a personal means of communication has made Mobile Phones an important piece of evidence in many legal cases. Now a days, Mobiles are used for making E-commerce transactions and the relevance of Mobile Evidence will assume greater importance. Since Mobile phone is an electronic device, there are several aspects of IT Act-2000 that apply to the Mobile phone transactions. These are early days of using of Mobile evidence and there is a very high possibility that an imperfect understanding of the technology by the Police, the Lawyers and the Judges may lead to wrong judicial decisions. In view of the importance of the Mobile devices as Cyber/ Digital Evidence we shall discuss some key elements of Mobile evidence for better academic understanding which are mentioned below:

The important aspects for which Mobile evidence is being presently used are as following:

1. To find out the numbers to which calls have been made from a given mobile, along with date and time.

2. To find out the numbers from which the calls have been received in a given mobile with date and time.

3. To know the contacts through the Phone book. 4. To know the details of recent SMS received and send. 5. To know the details of SMS templates. 6. To know the details of any MMS, Video, Audio or Ring tones and Games stored

in the Mobile. 7. To know the Pictures and video clips stored in the mobile either on the SIM card

or in a memory card.

Out of all these, you should also check point 1&2, whether they are also available at the service provider's level or not. Also while the number of entries available on the instrument may be limited by the memory, the service provider has a more detailed and reliable data with timing for the purpose of billing. What the service provider's data may provide is however the information as recorded at their system based on the SIM card recognized by the system. If the data at the service provider's systems match the data of recently called and received numbers as found on the instrument, it could mean that the SIM card presently on the instrument has data matching with what is available at the service provider's level. If the two data does not match it means that the SIM card data has been manipulated or there might be some thing spoofed (SMS or Phone Calls) which could be fake also.

Manipulating SIM card data on the instrument is a very easy process and hence the data on the SIM card can only be taken as only indicating evidence and has to be properly certified to be of any use in a court of law. If the data on the SIM card is extracted from the Mobile after the mobile has been in the custody of the Police for some time, it is possible for the defense to take a stand that the data has been manipulated.


On the other hand the data at the service provider's level cannot be manipulated except with the connivance of the service provider or hacking into their system. Again here the data as found visible on the computers of the service provider can be taken as prima-facie evidence but if it has to be relied upon, then there has to be a relevant certification that the data is apparently not altered. Since mobile conversations are not presently recorded by the service provider and they are not normally available for any evidence. If the conversation is hacked and recorded, then it will be a case of illegal tapping and the quality of the evidence needs to be evaluated by other parameters including voice recognition also. The phone book detail only provides information about the persons whom the mobile owner has been in contact and nothing more. A few of the incoming SMS messages are normally stored on the mobile and along with time data corroborated with the service provider's information, may be evidence of an incoming message. Templates may indicate the likely outgoing information and if it contains any spam or obscene message, may indicate the intention of the mobile user and nothing more. Ring tones and Games may be relevant from the point of view of copyright violations. Details of pictures and video clippings on an accompanying memory card indicates the intentions of the mobile user and if they can be matched with any outgoing data packets, may be used as evidence for the likely outgoing message. These can be of use in case of any obscene pictures being transmitted from the mobile. However linking the stored data to a sent message requires certain Forensic testing and it is doubtful if such capabilities exist with the Indian Police as of date.

4.2 Identification of Mobile______________________________ Essentially there are two identification aspects of a mobile device. Firstly the SIM card identity which allows the transactions of a mobile to be recorded in the service provider's records. The second is the IMEI (International Mobile Equipment Identifier) which is associated with the hardware. Some service providers monitor IMEI numbers with call data. In such cases if a mobile is stolen and a new SIM card is being used, it would be possible to run IMEI filters to block the stolen numbers. 4.2.1 Spoofing:

It must be remembered that spoofing of SMS messages as well as voice messages is not impossible on a mobile. Firstly it is possible to send SMS messages from a computing device with a false "Sender's Mobile Number". Secondly, it is possible to pick a hand set and alter the SIM card data to make it look like a different SIM card and use it for sending offending messages or making calls which can be attributed to the original owner of the SIM Card. For example a card belonging to Mr. Fraud can be altered to match the SIM card of Mr. Innocent and used for making calls to Targets 1 and 2. Then if this SIM card is presented as evidence with or without the hand set of Mr. Innocent, it is possible to create an evidence which appears as if Mr. Innocent has made calls to Mr. Targets 1 and 2. Acceptance of SIM card data as evidence is therefore required to be accompanied by several collaborative Forensic certifications that eliminate the possibilities of such manipulation.


Even though the IMEI number is considered a good identification of the hardware, it is said that in India the existence of sets with duplicate IMEI numbers is wide spread and hence the service providers have been reluctant to use IMEI blocking as a solution to immobilize stolen mobiles.

Note: In CDMA phones the identification is through what is called ESN-(Electronic Security Number) numbers.

Further both IMEI numbers and ESN numbers can be modified with the use of right equipments and such practices are being regularly practiced by those who deal in stolen mobiles. It must therefore be considered possible to clone a mobile if the person so charged is shown to have sufficient resources and access to technology.

4.2.2 Future of Mobile Evidence

The first impact of the recognition that Mobile Evidence can be modified, will be felt by the law enforcement authorities since evidence gathered by them in many cases will be questioned in the courts of law. Just when the judiciary in India is grappling with understanding the evidentiary aspects of Computer records, the focus being generated on the Mobile Evidence will be a further challenge to the Indian judiciary. The undersigned is in the process of developing a Check list and Guidance Note to suggest the preferred procedure for Mobile Evidence Seizure, Preservation and Presentation as part of its activity to contribute to the "Mobile Forensics".

4.3 Cell Tracking______________________________________

Mobile phone tracking tracks the current position of a mobile phone even on the move. To locate the phone, it must emit at least the roaming signal to contact the next nearby antenna tower, but the process does not require an active call. GSM localization is then done by multilateration based on the signal strength to nearby antenna masts. Mobile positioning, i.e. location based service that discloses the actual coordinates of a mobile phone bearer, is a technology used by telecommunication companies to approximate where a mobile phone, and thereby also its user (bearer), temporarily resides. The more properly applied term locating refers to the purpose rather than a positioning process. Such service is offered as an option of the class of location-based services (LBS). 4.3.1 Technology The technology of locating is based on measuring power levels and antenna patterns and uses the concept that a mobile phone always communicates wirelessly with one of the closest base stations, so if you know which base station the phone communicates with, you know that the phone is close to the respective base station.


Advanced systems determine the sector in which the mobile phone resides and roughly estimate also the distance to the base station. Further approximation can be done by interpolating signals between adjacent antenna towers. Qualified services may achieve a precision of down to 50 meters in urban areas where mobile traffic and density of antenna towers (base stations) is sufficiently high. Rural and desolate areas may see miles between base stations and therefore determine locations less precisely. 4.3.2 Operational purpose In order to route calls to a phone the cell towers listen for a signal sent from the phone and negotiate which tower is best able to communicate with the phone. As the phone changes location, the antenna towers monitor the signal and the phone is roamed to an adjacent tower as appropriate. By comparing the relative signal strength from multiple antenna towers a general location of a phone can be roughly determined. Other means is the antenna pattern that supports angular determination and phase De-Crimination. Newer phones may also allow the tracking of the phone even when turned on and not active in a telephone call-. This results from the roaming procedures that perform hand over of the phone from one base station to another. 4.3.3 Bearer interest A phone's location can be uploaded to a common web site where one's "friends and family" can view one's last reported position. Newer phones may have built-in GPS receivers which could be used in a similar fashion, but with much higher accuracy. 4.3.4 Bearer supporting alternatives GPS units, though no longer more costly than a mobile phone, are dedicated to the purpose of locating, and provide commercial handhelds with a precision of down to 5 meters in the USA and in other areas on the Globe. 4.3.5 Privacy Locating or positioning touches upon delicate privacy issues, since it enable someone to check where a person is without the person's consent. Strict ethics and security measures are strongly recommended for services that employ positioning, and the user must give an informed, explicit consent to a service provider before the service provider can compute positioning data from the user's mobile phone. In Europe, where most countries have a constitutional guarantee on the secrecy of correspondence, location data obtained from mobile phone networks is usually given the same protection as the communication itself. The United States however has no explicit constitutional guarantee on the privacy of telecommunications, so use of location data is limited by law. With tolling systems, as in Germany, the locating of vehicles is equally sensitive to the constitutional guarantee on the secrecy of correspondence and thus any further use of tolling information beyond deducting the road fee is prohibited. That leads to the strange situation that even obviously criminal intent may not be interfered by such yet available technical means.


Officially, the authorities (like the police) can obtain permission to position phones in emergency cases where people (including criminals) are missing. The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. This works with or without locating. The technique is called a "roving bug," and was approved by top U.S. Department of Justice. A judge ruled that police use of such tracking in the USA will require a warrant showing probable cause. The Electronic Frontier Foundation is tracking some cases, including USA v. Pen Register, regarding government tracking of individuals such as pedophiles and political activists. 4.3.6 References

"Tracking a suspect by mobile phone: Tracking SIM and handset". "Location Based Services for Mobiles: Technologies and Standards“, Shu Wang,

Jungwon Min and Byung K. Yi, IEEE International Conference on Communication (ICC) 2008, Beijing, China

"Roving Bug in Cell Phones Used By FBI to Eavesdrop on Syndicate". The Chicago Syndicate.

"FBI taps cell phone mic as eavesdropping tool". ZDNet. http://www.washingtonpost.com/wp-

dyn/content/article/2008/09/11/AR2008091103292.html http://www.eff.org/issues/cell-tracking

GSM localization is the use of multilateration to determine the location of GSM mobile phones, usually with the intent to locate the user [1] .

4.4 Types of LBS Technology___________________________

Localization-Based Systems can be broadly divided into: Network based Handset based Hybrid

4.4.1 Network Based Network-based techniques utilize the service provider's network infrastructure to identify the location of the handset. The advantage of network-based techniques is that they can be implemented non-intrusively, without affecting the handsets. The accuracy of network-based techniques varies, with cell identification as the least accurate and triangulation as the most accurate. The accuracy of network-based techniques is closely dependent on the concentration of base station cells, with urban environments achieving the highest possible accuracy. One of the key challenges of network-based techniques is the requirement to work closely with the service provider, as it entails the installation of hardware and software within the operator's infrastructure. Often, a legislative framework, such as E911, would need to be in place to compel the cooperation of the service provider as well as to safeguard the privacy of the information.


http://www.eff.org/issues/cell-tracking

4.4.2 Handset Based Handset-based technology requires the installation of client software on the handset to determine its location. This technique determines the location of the handset by computing its location by cell identification, signal strengths of the home and neighboring cells or the latitude and longitude, if the handset is equipped with a GPS module. The calculated location is then sent from the handset to a location server. The key disadvantage of this technique is the necessity of installing software on the handset. It requires the active cooperation of the mobile subscriber as well as software that must be able to handle the different operating systems of the handsets. Typically, only a smart phone, such as one based on Symbian or Windows Mobile, would be able to run such software. One of the proposed work-arounds is the installation of embedded hardware or software on the handset by the manufacturers. However, the obvious difficulty of convincing different manufacturers to cooperate on a common mechanism and to address the cost issue means that this avenue has not made any significant headway. Another difficulty would be to address the issue of foreign handsets that are roaming in the network. 4.4.3 Hybrid Hybrid-based techniques use a combination of network-based and handset-based technologies for location determination. One example would be Assisted-GPS, which uses both GPS and network information to compute the location. Hybrid-based techniques give the best accuracy of the three but inherit the limitations and challenges of network-based and handset-based technologies. Examples of LBS technologies Cell Identification - The accuracy of this method can be as good as a few hundred meters in urban areas, but as poor as 32 km in suburban areas and rural zones. The accuracy depends on the known range of the particular network base station serving the handset at the time of positioning. Enhanced Cell Identification - With this method, one can get a precision similar to Cell Identification, but for rural areas, with circular sectors of 550 meters. TDOA - Time difference of arrival - The network determines the time difference and therefore the distance from each base station to the mobile phone. TOA - Time of arrival - Same as TDOA, but this technology uses the absolute time of arrival at a certain base station rather than the difference between two stations. AOA - Angle of arrival - AOA mechanism locates the mobile phone at the point where the lines along the angles from each base station intersect. E-OTD - This is similar to TDOA, but the position is estimated by the mobile phone, not by the base station. The precision of this method depends on the number of available LMUs in the networks, varying from 50 to 200 m. Assisted-GPS - A largely GPS-based technology, which uses an operator-maintained ground station to correct for GPS errors caused by the atmosphere/topography. Assisted-GPS positioning technology typically falls back to cell-based positioning methods when indoors or in an urban canyon environment.


4.4.4 References "Location Based Services for Mobiles: Technologies and Standards“, Shu Wang, Jungwon Min and Byung K. Yi, IEEE International Conference on Communication (ICC) 2008, Beijing, China

4.5 Case Study_______________________________________

4.5.1 Tracking a suspect by mobile phone Hussain Osman was staying at his brother's flat in Rome Calls made from a mobile phone led Italian police to one of the suspects in the failed suicide bombings in London on 21 July. Officers used a combination of tracking and tapping Hussain Osman's calls to locate him. It is relatively simple to follow a person via their mobile phone. Plenty of companies offer technology to do so, legally and with the phone user's knowledge. However, the same process can be employed by police to locate the user without alerting them. Detectives need to first identify the phone and then find out where it is.


4.5.2 Tracking SIM and handset In the case of Mr. Osman, British police had provided their Italian counterparts with two mobile numbers linked to him. The Italian police were able to keep tabs on him despite the fact that he changed his SIM card along the way. This is because the phone identifies itself in two ways when it connects to the mobile phone network. The SIM card sends its unique IMSI number - standing for International Mobile Subscriber Identity. This starts with the country code of the user's account, followed by the network code and finally the telephone number. The second number is the IMEI - International Mobile Equipment Identity. This is the number of the handset and remains constant even if the SIM card is changed.

Hussain Osman was staying at his brother's flat

in Rome

Mobile phones transmit these numbers each time they make a call and when they regularly "check in" to the local base stations. Once the police know which mobile they are looking for, it is not hard to locate.

Phone sends signal to nearby base stations Positioning software performs a triangulation calculation on the information from

the base stations The data is converted into a geographical location

The mobile telephone network is divided into cells with a base station at the centre of each cell. The base station which processes the call provides the first clue to location, giving police an idea of the general area in which to look. But other base stations can also make contact with the phone and once information from several base stations has been gathered, the location of the phone can be narrowed down using triangulation. In built up areas where the base stations are close together this can be to within a few hundred metres; in rural areas, the system is less accurate. 4.5.3 Phone tapping As well as tracking Mr. Osman, Italian police listened in to his calls. They heard him speaking in an Ethiopian dialect spoken among people from the Somali/Eritrean border and this encouraged them to believe they had the right man. One way tapping a mobile phone is with a device called an IMSI-catcher. This pretends to be a legitimate base station of the mobile phone network and tricks the phone into routing its call via the IMSI-catcher where it can be passed on for decryption. Once received, the IMSI-catcher passes the call on to the network, so the suspect is none the wiser he is being monitored. However, Italian police may have just contacted the mobile phone company to intercept the call. Police mobile phone tapping is particularly prevalent in Italy and the country's state mobile phone network, TIM, recently appealed to magistrates to cut the number of requests as it had reached the limit it could cope with.


4.6 Roving Bug in Cell Phones Used By FBI to Eavesdrop on Syndicate

Sunday, December 03, 2006 The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wire tapping him. Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia. The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone. Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set. While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years. The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call." Nextel and Samsung handsets and the Motorola RAZR are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone." Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone--all without the owner knowing it happened. (The FBI declined to comment on Friday.) "If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone," Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added. The FBI's Joint Organized Crime Task Force, which includes members of the New York police department, had little luck with conventional surveillance of the Genovese family.


They did have a confidential source who reported the suspects met at restaurants including Brunello Trattoria in New Rochelle, N.Y., which the FBI then bugged. But in July 2003, Ardito and his crew discovered bugs in three restaurants, and the FBI quietly removed the rest. Conversations recounted in FBI affidavits show the men were also highly suspicious of being tailed by police and avoided conversations on cell phones whenever possible. That led the FBI to resort to "roving bugs," first of Ardito's Nextel handset and then of Peluso's. U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to "be advised of the locations" of the suspects when their conversations were recorded. Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware. One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone. "They had to have physical possession of the phone to do it," Porteous said. "There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by." But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere "within the United States"--in other words, outside the range of a nearby FBI agent armed with a radio receiver. In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner's affidavit seeking a court order lists Ardito's phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted. A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. "A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug," the article said, "enabling them to be activated at a later date to pick up sounds even when the receiver is down." For its part, Nextel said through spokesman Travis Sowders: "We're not aware of this investigation, and we weren't asked to participate." Other mobile providers were reluctant to talk about this kind of surveillance. Verizon Wireless said only that it "works closely with law enforcement and public safety officials. When presented with legally authorized orders, we assist law enforcement in every way possible." A Motorola representative said that "your best source in this case would be the FBI itself." Cingular, T-Mobile, and the CTIA trade association did not immediately respond to requests for comment. This isn't the first time the federal government has pushed at the limits of electronic surveillance when investigating reputed mobsters. In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data. So with a judge's approval, FBI agents repeatedly snuck into Scarfo's business to plant a keystroke logger and monitor its output. Like Ardito's lawyers, Scarfo's defense attorneys argued that the then-novel technique was not legal and that the information gleaned through it could not be used.


Also like Ardito, Scarfo's lawyers lost when a judge ruled in January 2002 that the evidence was admissible. The FBI's "applications made a sufficient case for electronic surveillance," Kaplan wrote. "They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance." Bill Stollhans, president of the Private Investigators Association of Virginia, said such a technique would be legally reserved for police armed with court orders, not private investigators. There is "no law that would allow me as a private investigator to use that type of technique," he said. "That is exclusively for law enforcement. It is not allowable or not legal in the private sector. No client of mine can ask me to overhear telephone or strictly oral conversations." Surreptitious activation of built-in microphones by the FBI has been done before. A 2003 lawsuit revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors' OnStar to snoop on passengers' conversations. When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored. Malicious hackers have followed suit. A report last year said Spanish authorities had detained a man who writes a Trojan horse that secretly activated a computer's video camera and forwarded him the recordings.

4.7 Judge Limits Searches Using Cell Phone Data__________

The government must obtain a warrant based on probable cause of criminal activity before directing a wireless provider to turn over records that show where customers used their Cell Phones, a federal judge ruled, in the first opinion by a federal district court on the issue. Judge Terrence F. McVerry of the Western District of Pennsylvania rejected the government's argument that historical Cell Phone tower location data did not require probable cause. The ruling could begin to establish the standard for such requests, which industry lawyers say are routine as more people carry Cell Phones that reveal their locations. Around the country, magistrate judges, who handle matters such as search warrants, have expressed concern about the lack of guidance. In this case, which involved a government investigation of a drug trafficker, the judge affirmed a February ruling by U.S. Magistrate Judge Lisa Pupo Lenihan that whether the data sought was historical or real-time, it required a warrant. "This is a great ruling for location privacy and for people who think the government should have probable cause before they track you," said Jennifer Granick, an attorney with the Electronic Frontier Foundation, which filed a friend-of-the-court brief in the case. But Orin Kerr, a constitutional law expert at George Washington University, said the decision was "very likely wrong" and faces "an uphill battle on appeal." The government is "considering options" on an appeal, Justice spokesman Dean Boyd said. At issue was a government request for an order directing Sprint Spectrum to disclose historical cellphone data that included cell tower location information as well as call times and durations. Lenihan said the information sought, which she said could identify a subject's location to within about 200 feet, was "extraordinarily personal and potentially sensitive . . . (and) particularly vulnerable to abuse." The government argued that cell site historical records are no different from routine transactional records and as such are not "tracking devices" that require a warrant.


"For instance, records of past credit card transactions will often serve to place a person at a given location at a specific time, yet under established Fourth Amendment law they enjoy no Fourth Amendment protection," U.S. Attorney Mary Beth Buchanan said in a brief asking the district court to review Lenihan's ruling. She argued that historical cell-site records reveal location only to within a few hundred yards, not feet, and are "much too imprecise" to tell whether calls have been made from a "constitutionally protected space, let alone to reveal facts about the interiors of private homes or other protected areas." To obtain such orders, the government said, the correct standard is a showing of "specific and articulable facts" that the information is "relevant" to a criminal investigation. A "majority of federal districts" grant orders based on that standard, Boyd said. But Catherine Crump, a lawyer with the American Civil Liberties Union, said the government's position on historical data was flawed. "People place a certain privacy value on their movements," she said. "Whether it's their movements yesterday or their movements today, it's the same." Said Granick: "Most people don't think that somebody could go back in time and find out where I was or who I was talking to or who was nearby at that same time. This is sensitive information, and there should be good reason before the government gets it." For more precise Cell Phone location, such as by Global Positioning System technology in phones, Justice Department attorneys say access requires a warrant.

4.8 Recovering Stolen Mobile___________________________

We all know that bad things could happen anytime with anybody. We hear such kind of stolen news very frequently, that your friend’s keys from his apartment were stolen; a neighbor lost his wallet at the party and somebody has stolen his MOBILE PHONE from the Car/ Market/ Public Transports and so on. There are hundred stories like these. In all these stories bad things happen because of the existence of criminals. Cellphones attracted attention of criminals since they became popular. There are few good reasons for that like; A cellphone doesn't weight much and it is easy to sell, even if you don't have a charger or manual. Sometimes it is even more profitable to steal a cellphone than a wallet. The average profit of a cellphone thief in public transport is about Rs.3000-Rs.6000 at ones and the risk to get caught is very little.

There are few very common ways to steal a cellphone. The classical scheme is very simple where a cellphone was taken from the purse. It is easy to steal a cellphone from the purse if there are many people around, like in a movie theater or in public transport. To steal a cellphone from the belt is easier in crowds, for example during festivals or in public transport during rush-hours. When you get pushed from every direction, you won't notice one more push. For a skilled thief, it's not an obstacle even if your cellphone is hidden under your jacket, sweater or coat.

Few Advices to safeguard your Mobile phone are as follows:

Don't put the cellphone in the external pockets of your bag or purse. You should always keep it inside. Of course, it may take you longer to get your cellphone, but it will be safer there.


If you keep the cellphone on the belt, we recommend you to use a cellphone case. It is more difficult to remove this case from your belt unnoticeably.

Never give your cellphone to people you don't know. Even if they don't steal it, you don't know where they would call. Don't be surprised if you will have to talk to a policeman about that call two days later. On the other hand if you think that the person is really in trouble, help him.

The above mentioned techniques of stealing are rather primitive. More interesting are ones based on a specific of mobile communication and human psychology. For example, a nice girl asks you, a young man, to borrow your cellphone to make a call to her friend who is late for a meeting. You think a little and give her your phone. The girl dials a number (it may not be a local number as you thought) and shortly explains to her friend how tired she is to wait for her. The girl finishes the call and you stop worry because you don't expect dirty tricks anymore. What will happen next depends on the place, time of the day and amount of people around. The most popular scheme is when someone bumps into you and almost knocks you down. The girl disappears with your cellphone while that someone makes excuses. The second scheme is when the girl returns your cellphone to you but a teenager snatches it and runs away. Of course you try to catch him and forget about the girl. Though she also participates in this theft, you can't prove it.

Criminals often try to divert the attention of the victim by using a cellphone. Usually they do it in crowded places, near the Railway Stations or Airports, Markets, Petrol Pumps, Public Transport etc. A good looking stranger with a cellphone comes to you and asks you something like: “Could you please help me dial the number, I can't do it?” or “I just arrived, I need to call home but the roaming doesn't work”. When you try to help and install new settings someone steals something (suitcase, wallet, etc.) from you. A common sense can protect you in such situations. Don't be too enthusiastic while setting up stranger's cellphone.

We are not going to discuss situations when the owner of the cellphone is careless, for example when the phone is stolen from under the towel on the beach. We would like to tell you that what to do if the phone was stolen or lost. First, relax and forget about your phone. There is 97% probability that you will never see it again. Second, you have to call your cellular service to block your phone number. So, the thief won't be able to use your cellphone. If cellular service supports a black-list, your phone will be listed there. In that case your phone can't be activated in cellular network again. However, not many cellular services support this feature.

Don't rely on security codes that you setup in your phone. Entering PIN code is necessary only while switching on the phone. Criminals know that and won't switch off the phone. A password which you should enter to unlock a keypad is more efficient, but can be overwritten too. These codes can protect your phone from your friends, colleagues or your child but not from a thief. That means that all the phone numbers from your phonebook could be viewed. Some thieves find a fun dialing the numbers from your phonebook, talking with your friends. They waste your money and throw a SIM-card as an operator trace calls.


Someone may call you and offer returning your cellphone for a reward. It's a rare case when the phone is really returned, because the thieves are afraid to get caught. If you find a cellphone and decide to return it to the owner, the most convenient way is to look at the SIM-card and take the phone to the nearest cellphone office. You can ask for a receipt that you deliver a phone or you can do it anonymously. In any case you did a good thing and nobody will think that you are a thief. You can insure the phone against the theft. In this case you can get some compensation. In general, follow a common sense and trust your life experience. The cellphone theft is a big problem of many developed countries. Some of them pass laws against it.

The cellphone theft in UK was increasing greatly in the past few years. According to John Denham (British Minister of the Internal Affairs), half of the all thefts in London are cellphone thefts (totally about 700 000 of cellphones per year get stolen in UK).. Now, changing of IMEI code, distribution of the information how to change it, possession and distribution of the equipment that can be used for making this change in UK will be considered as a criminal offence.

The same problem is very serious in Australia. There, sponsored by Australian Association of Mobil Telecommunication (AMTA) was created a data base of stolen cellphones and their IMEI-codes. This project is supported by all cellular cervices and will begin to work simultaneously at the end of the year 2003. The next step would be prohibiting changing of IMEI codes. The amount of cellphone thefts in Australia is lesser then in UK only by 100 000 a year. In the conclusion Nobody is protected against cellphone theft. Don't yell at your relatives if their cellphone was stolen. It will be a lesson for them. The most important is to prevent it from happening again.

4.9 Here are steps on how to find a stolen or lost phone.____

Call the number of the phone. If the person who has the phone answers it, explain to them that you know the phone was stolen and that you know their name and address and will report them to the police if the cell phone is not returned. (Do this even if you do not know the crook's name and address).

Call your cell phone company and let them know your cell phone has been stolen. They will be able to cut off service and will be able to track calls and other actions performed on the phone.

Contact the police and report the cell phone has been stolen. Hire a Cyber Security Professional/ Independent Security Consultant to help you

finding your stolen cell phone. There are people who have skills and techniques for finding lost or stolen cell phones.

Program your email to receive messages when the SIM card has been changed or when any other changes have been made to the phone. You can do this when you first buy the cell phone. Therefore, when the crook tries to make changes to your phone, you will be identified via email.

Use a GPS tracking system with your phone.


http://www.ehow.com/gps/

4.10 Recover your stolen mobile using IMEI number________ Your cell phone operator or the police can help you to find it if only you provide them the IMEI number of your Mobile Phone. The IMEI (international mobile equipment identity) is your handset's fingerprint that helps track down your lost phone. Here's how you can find the IMEI number of your cell phone: Just punch in *#06#, and the phone will display a 15-digit number. Note this number. The IMEI number gets logged on to the SIM card and a cellular operator can locate the area from where a call is made, says Jagdish Kini, CEO, Bharati Mobile Services. Alarmed by growing number of mobile thefts and losses, operators and the police are creating awareness about this. "Existing recovery systems are good, but identification becomes a problem since owners don't know their IMEI,'' says Bangalore ACP H.M.A. Sharief. He says cell phone thefts reported to the police have doubled in the city over the last one year. And what's reported is believed to be only 10% of the actual number. "Every one carries a cell phone these days and it is easy to snatch one and sell in the grey market.'' The IMEI number assumes importance because thieves and unauthorised users have become clever enough not to use the same SIMs or service providers. While it is possible for each service provider to track the transactions of its subscribers, tracking becomes complicated when the networks are changed. BSNL GM, mobile services (Karnataka Telecom Circle), M.C. Kalkura says cell operators can block or track all calls originating from a lost mobile provided the IMEI number is noted. "Tracking systems can become even more efficient if switches and networks of all service providers could pool intelligence,'' he says. BSNL's CellOne alone replaces over 200 SIM cards a month due to handset theft. Key Points:

• All the mobiles have a number in-built. • It is written in it by manufacturer and it is a 15-16 digit number this number is

useful when our mobile gets stolen. • We can block the mobile handset by using this number. • With the help of Service provider we can also recover the mobile • Just press *#06# you will get an IMEI number. It works for all kinds of mobile. • Just store that number some where it is useful if you’re mobile gets lost or stolen.

4.11 Identifying Fake SMS______________________________

Identification can be done by tracking the records from the service providers by gathering the information and then compare the list of both the no. of sender and receivers so that to clarify the things. Supreme court have issued the evidence that the SMS would not being considered as a digital evidence in the court. Because it can be spoofed or it can be fake. Tools to generate the spoofed SMS

• Fake SMS etc.


4.12 Collecting Evidence to be presented in Court__________

To collect the evidence and generate the report of Mobile Phone Forensics there are many tools and the devices are available in the market where few of them are

4.12.1 Cellebrite UFED System-Universal Forensic Extraction Device

Overview

The Cellebrite UFED Forensics system is the ultimate standalone device which can be used in the field as well as the forensic lab. The Cellebrite UFED can extract vital data such as phonebook, pictures, videos, text messages, call logs, ESN and IMEI information from 1600+ models of handsets sold worldwide. The UFED supports CDMA, GSM, IDEN, and TDMA technologies, and it is compatible with any wireless carrier. The Cellebrite UFED system supports 95% of all cellular phones in the market today, including Smartphones and PDA devices. (Palm OS, Microsoft, Blackberry, Symbian) It requires no PC for field use, and can easily store hundreds of phonebooks and content items onto an SD card or USB flash drive. The Cellebrite UFED supports all known cellular device interfaces, including serial, USB, infrared, and bluetooth. It can then be brought back to the forensic lab for review and verification using the reporting/analysis tool. Field extraction of data insures that a suspect’s phone can be examined before the individual has a chance to destroy or erase data. By working exclusively with most major carriers worldwide including Verizon Wireless, AT&T, Sprint/ Nextel, T-Mobile UK, Orange France, Telstra Australia as well as 50 others in the US alone, Cellebrite ensures that future devices are supported prior to retail launch.


4.12.2 Handheld Digital Forensics

Cell Phone Forensic Software, Hardware, and Training Paraben has been a leader in handheld digital forensics since early 2002 when Paraben’s PDA Seizure 1.0 released followed by the release of the first commercially available tool for cellular forensics - Paraben's Cell Seizure. Paraben combined these two powerful tools into the ultimate handheld forensic program creating Paraben's Device Seizure. The latest handheld forensics innovation from Paraben is the CSI Stick - THE portable cell phone forensic device. Device Seizure still includes PDD (Palm DD Command Line Acquisition) and supports PDAs using the following Operating Systems: Palm through 6, Windows CE/Pocket PC/Mobile 4.x and earlier, BlackBerry 4.x and earlier, and Symbian 6.0. It also supports Garmin GPS devices. Combine this with support for hundreds of cell phone models and you can see why Device Seizure moves mountains when it comes to digital forensics for handheld devices. With full flashers, new model support, improved manufacturer support, and new cables added to the accompanying toolbox, the Device Seizure software is moving to new levels in handheld forensics. Customized technology gives Device Seizure a unique edge with viewers and new data carvers. We know that simply getting information from a phone is not enough. Protection of evidence, analysis of data, and comprehensive reporting truly make a tool critical to your toolbox. From software, to hardware Paraben covers the complete range of needs of any investigator, whether at the forensic or detective level. The data is within and we have what you need to extract, maintain, and validate your handheld evidence. Product Information: Device Seizure - Acquire and analyze cell phone, PDA, and GPS device data. Device Seizure Toolbox - A collection of popular handheld data cables and power supplies. Device Seizure Field Kit - A handheld forensic lab on the go with rugged case, laptop, software, & cables. DS Lite - A Device Seizure and CSI Stick file analysis tool. It's like Device Seizure without the acquisitions. CSI Stick - Get cell phone evidence anywhere with this thumb-drive sized acquisition tool. Point 2 Point - Import GPS data coordinates directly into Google Earth for easy visualization of data points. SIM Card Seizure - Acquire SIM card data, including deleted test messages. StrongHold Bag - Protect wireless devices from unwanted signals. StrongHold Box - Perform handheld examinations in a wireless signal protected box. Project-A-Phone - When all else fails, old school pictures of device screens can do the trick. Handheld Bundles

Device Seizure and Toolbox - Buy the software and hardware together and save. Handheld Training Bundle - Get hardware, software, and all Paraben's training

classes and save a bundle. Handheld Lab Kit - Start a handheld processing lab for much less than you

imagined.


P3 Command Kit+ - Combine Paraben's handheld forensic products and our hard drive forensic products and save over $1,000.00.

4.12.3 SIM card data recovery software Sim card data recovery software easily recovers all lost deleted text messages and phone book contact numbers from Sim card of the mobile phones. Our award winning SIM card data recovery software retrieves sim card deleted inbox, outbox or draft text messages and phone book contact numbers (last dialed or fixed numbers) from the corrupted sim card. Similarly provides full detail of sim card service provider name, IMSI and identification number with the help of PC/SC

standard or phoenix standard supported sim card reader. Features:

Shows full recovery detail of sim card memory. Restore both read and unread text messages of the sim card. Support all major mobile phone sim card service providers. Provide IMSI number along with ICC-ID identification number printed inside the

sim card chip. Sim card retrieval software reads sim of any country on any network service

provider. Software provides option to save recovery in txt format for future reference. Software displays senders name and number with date and time. Non technical person can easily operate the sim card recovery software. Software System Requirements: Operating System: Windows 98/2000/Server 2003/NT/XP/Vista Memory Space: 20 MB free hard disk space and 64 MB RAM (128 MB

recommended) Processor: Pentium class or equivalent processor

4.12.4 Memory card data recovery software

Memory card data recovery software recovers lost deleted pictures, lost images/photos, formatted audio/video files and folders, encrypted data from the corrupted memory card storage devices. The software easily restores data even if memory card being pulled out while the camera or other memory card supported device is still on.

Software support recovery even “drive not formatted” messages are displayed while accessing the memory card via your computer PC or Laptop-Desktop system. The software is very easy to use and does not require any technical skills to operate it. Features:

Software reveals missing files and directories lost due to battery failure, formats or corruption caused by hardware or software malfunction.

Recovery software restores all wav, mpg, mpeg, mp3, jpg, jpeg, bmp, midi etc. graphical files in an effective manner.


Memory card file recovery software support all major memory card devices including compact flash, multimedia card, secure digital card, PDA, Pocket PC drive, external Mobile phone storage card and other similar flash drives.

Software is compatible with all major memory card brands like Kodak, Konica, Minolta, Nikon, Ricoh, Samsungs, Sony, Toshiba etc.

Software support of all types of USB port memory card reader. Support memory card in major storage capacity drives including 128MB, 256MB,

512MB, 1GB, 2 GB, 4GB and other higher capacity drives. Does not require any technical skills to operate the software.

Software System Requirements:

Operating System: Windows 98/2000/Server 2003/NT/XP/Vista Memory Space: 20 MB free hard disk space and 64 MB RAM (128 MB


4.12.5 Mobile Phone Inspector Data Doctor’s Mobile phone inspector is free utility tool that provides mobile phone users with the detailed information of Sim and mobile phone phonebook numbers, SMS memory status and other mobile phone general information for the symbian OS-based Nokia mobile phones. Mobile Phone Inspector Forensic utility shows the detailed information that includes Mobile manufacture Name, Mobile model number, Mobile IMEI number, Sim IMSI number, Signal quality and

Battery status of any supported mobile phone.Similarly the free of cost software which can be downloaded easily provides detail of PhoneBook entries including (contact name/phone number) and Phone Book capacity for both Sim and mobile phone memory. Also shows the SMS text messages including (SMS status, sender phone number and message) and SMS capacity for both Sim and mobile cell phone memory. The software provide complete detail of the mobile phone and Sim card memory status in text format which can be used in scientific investigation as a forensic tool. If any user is interested in Data Doctor – Mobile Phone Inspector Forensics Software with VC++ Source Code for educational usage, customized development or in scientific investigation regarding mobile phone, please remember the user need to pay only if he want to get the software with source code. Software System Requirements:

Operating System: Windows 98/2000/Server 2003/NT/XP/Vista Memory Space: 20 MB free hard disk space and 64 MB RAM (128 MB



4.12.6 Pocket PC Forensic Tool Data Doctor’s Pocket PC forensic tool is used to extract all detailed information of windows based mobile phone and other similar devices. Forensic software analyzes all saved phone book contact numbers and text messages with person name. Affordable investigation tool is used to get relevant information of mobile phone such as mobile model name, IMEI number, database records, operating system registry, phone book, calendar, word lists, images, videos, call history, etc.

A detailed case study will provide examples of information that can be found on phones (e.g., Pocket PC forensic utility supports all PDA or smart phone devices such as Anextek SP230, Asus Pocket PC Phone, Audiovox PPC 5050, Carrier Devices i-Mate, Gigabyte gSmart, Hitachi Pocket PC phone, HP iPAQ, HTC TyTN Pocket PC, i-mate, Motorola MPx200, O2 Xphone, Orange SPV E200 smartphone, Palm Treo 700w, Pantech PH-S8000T smartphone, Samsung Pocket PC phone, Sharp W-Zero3 Pocket PC Phone, Siemens, T-Mobile MDA, UTStarcom XV6600, Voxtel W740 etc. Features:

Extract all relevant information of windows based mobile phone such as mobile manufacturer name, model number, database records, operating system registry and all saved files/folders.

Provide the information about saved text messages and phone book contact numbers.

Support all OS based mobile phone and smart phone devices. Simple and affordable utility is useful in investigation field. Facilitate with in built user guide. Software System Requirements: Operating System: Windows 98/2000/Server 2003/NT/XP/Vista Memory Space: 20 MB free hard disk space and 64 MB RAM (128 MB


4.12.7 FTK Mobile Phone Examiner

FTK® Mobile Phone Examiner (MPE) integrates with the industry-standard, court-validated Forensic Toolkit® solution to deliver the broadest support for mobile phone analysis. Now you can correlate computer evidence with phone evidence in the same intuitive interface, as well as analyze multiple phones simultaneously. With support for more than 800 phone models, FTK MPE is the ultimate in mobile phone investigations.


Product Features:

Correlate mobile phone data with computer evidence and data from other phones.

Analyze multiple phones within the same interface, simultaneously. Acquire phone data in a forensically sound container without altering mobile

phone data. Analyze phonebook, last dialed numbers, missed calls, received calls, SMS

messages, multimedia messages, photos, files, phone details, calendar, notes, tasks and more.

An unsurpassed quantity of mobile phones is supported. Frequent updates and upgrades with new features and more phones. Direct SIM analyzer through SIM reader. Reads deleted messages from the SIM card. Generate reports. Hex viewer. Includes SIM reader and USB communication cables and drivers.

Hardware & Software No recommendations are made or implied!

4.12.8 Some Other Softwares

BKForensics [Commercial]

• Cell phone analyzer - a data interpreter for cell phone flash files; and SIM Analyzer [Demo available]

• CPA SIM Analyzer Pro - for examination of SIM cards; e.g."flagged deleted" SMS and international language sets.

BitPim [Open source]

Allows you to view and manipulate data on LG VX4400/VX6000 and many Sanyo Sprint cell phones. This includes the PhoneBook, Calendar, WallPapers, RingTones (functionality varies by phone) and the Filesystem for most Qualcomm CDMA chipset based phones.

CellDek [Commercial]

Hardware & Software; Can acquire data from over 160 of the most popular cell phones and PDA's

Cellebrite UFED System [Commercial]

Extract data such as phonebook, pictures, videos, text messages, call logs, ESN and IMEI information from 1400+ models of handsets.

ChipIt [Free]

Explores GSM Sim Cards; Save, Load, Edit or Copy the Phone Book.


DataPilot [Commercial]

Data transfer software

Float MobileAgent (FMA) for Sony-Ericsson [Free]

FMA allows easy management of Phonebook (both SIM and Phone memory), SMS, Profiles, and Files stored on the phone.

Forensic Card Reader (FCR) [Free]

FCR software indicates the ICC-ID and the IMSI to identify the mobile phone card with the network operator, and more.

ForensicSIM [Commercial]

Allows operators to easily clone a SIM card and examine it without any chance of damaging the evidence. It even allows you to examine the phone memory without any possibility of accidental connection to the phone network.

FTK Mobile Phone Examiner [Commercial]

Integrates with the Forensic Toolkit® solution to deliver support for mobile phone analysis. Correlate computer evidence with phone evidence in the same interface, as well as analyze multiple phones simultaneously, With support for more than 800 phone models.

MOBILedit! Forensic [Download available]

Gathers all possible data from the mobile phone, then generates an extensive report that can be stored or printed.

Motorola iDEN Companion Pro [Free]

This PC based software application enables you to retrieve and or/modify call lists and set up ergonomic preferences in your Motorola iDEN phone.

Motorola Tools [Free]

"Flash&Backup" - update the firmware and restore an operable configuration "M-Explorer" - small, easy to use and FREE file manager

Neutrino [Commercial]

Guidance software's answer to collecting mobile device data for forensic examination; the page includes links to a webinar, and a cable guide.


Nokia PC Suite [Free]

Lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection.

Orate's Forensic SIM card reader [Commercial] No writing to the SIM concerned, so it leaves the SIM completely unchanged.

Oxygen Forensic Suite II [Demo available] Extract much more data than usually extracted by logical forensic tools, especially for smartphones.

Pandora's Box [Demo available] Allows forensic acquisition of user entered data and portions of unallocated storage on some devices.

Paraben Forensics Sim Card Seizure (w/ SimCon) [Demo available]

Hex dump for cellphone forensics

PDAZap [Free] Saves an image of the flash memory of a Sony Ericsson P800 mobile phone on a memory stick.

PhoneBase2 [Commercial] Mobile phone analysis system which gives law enforcement agencies a full report on the contents of SIM cards and phone memories.

PmExplorer [Demo Available]

A forensic software tool for the review and examination of PM files for Nokia mobile telephones.

Project-a-Phone [Commercial] Live demo of your phone screen or take screen shots and record audio/video clips.

Radio Tactics Limited [Commercial]

ForensicSIM Toolkit - recovers digital evidence from GSM SIM and USIM devices ForensicMobile Toolkit will give Law Enforcement Agencies the capability to safely and conveniently recover relevant digital evidence from GSM and 3G Mobile Phone devices.

Sim-Manager Pro [Commercial] Gives access to a GSM card of a mobile phone from a PC


SIMCon [Commercial]

Allows the user to securely image all files on a GSM SIM card to a computer file with a standard smart card reader.

SIMIS [Commercial]

SIMIS & XRY SIMIS 3G is a most comprehensive tool for the recovery and clear precise presentation of the data.

SIMQuery [Free]

SIMQuery is a tool that retrieves the ICCID and IMSI from a GSM SIM card.

SIMScan [& other software] [Free]

Allows functionality analysis of Yours GSM SIM smart card. SIMSpy & PDUSpy [Free]

With a smartcard reader which is supported by Microsofts SmartCard API, you may read out some interesting things from your SIM, change and unblock your PIN.

Smelter [Free]

Multiple purpose tool for Siemens mobile telephones. SnapMedia [Commercial]

Lets you extract pictures from your camera phone to store on your PC. TULP2G [Open source]

Telephone Extraction Program, 2nd Generation - forensic framework for extracting and decoding data.

UndeleteSMS [Free]

UndeleteSMS can recover deleted SMS messages from a GSM SIM card. USIMdetective [Demo available]

USIMdetective allow you view acquired information (including phonebook contacts and numbers, SMS text messages, deleted text messages, call records) in a number of report formats.

WOLF [Commercial]

Extracts the information from the internal memory of the iPhone without altering the device.


XDA OSImageTool [Free]

The XDA OSImageTool is a very useful tool to obtain the OS in the ROM

.XRY [Commercial]

Hardware and Software

4.13 How to take a Complaint from the Victim?____________________

4.13.1 Law & Order These are the steps mentioned below which are involved in taking the complaint from a victim in any Police station in case of Lost or Stolen Mobile Phone ;

Should take the Name of the Mobile Phone Owner. Should take the Residential Address of the Victim. Should take the address or the location from where the Mobile was lost or Stolen. Should take the IMEI Number of the Mobile phone. Should take the Name & Phone Number of the Lost or Stolen Mobile phone

service Provider like, Airtel, Vodafone, Idea, Aircel, etc. Should note the Handset Model along with the last specifications like color, any

mark or anything of the Mobile that helps in investigation. Should send the request to take support from Service Provider in order track or

Block the Mobile or its services. Should send the request to take support from Mobile Phone Manufactures of that

country by dialing their Customer Service Numbers in order to block and track the Handset.

4.13.2 How to complain about cellphone theft? On an average, about 150 mobile phone instruments are either stolen or snatched or lost in the Chennai Metropolitan Police area. But not every loser approaches the police to lodge a complaint. What should the owners of mobile phones do when they lose their instrument? In the past two months, when the city police had to spare much of its manpower for poll duty, as many as 40 cellphone theft cases had been solved and instruments restored to owners. An officer of the Database Management Division of the Cyber Crime Wing of the Central Crime Branch (CCB) wing said while about 50 instruments are pocket picked in public places, about 30 are snatched from the owners. The remaining handsets are misplaced, he says. Last year, the Crime Records Bureau received about 3,000 complaints, and the Database Management Division received another 1,000 complaints, the police officials say. A sizeable number of complaints had been received from people traveling in buses on the Adyar-Guindy and Thorappakkam-Parry's routes. The next common target is lodging houses where bachelors or Information Technology professionals are put up. These inmates normally keep the windows and doors open, making the job of the lifters easy, say the police.


4.13.3 How to register complaint when a cellular phone is lost or stolen? The victims could send their complaints to [email protected]. Complaints could be sent to the Database Management authorities by e-mail and victims need not go to a police station in person to register the loss of their handsets. The complaint should have information such as name and address of the complainant, model and make of the lost mobile instrument, the last used number, address and e-mail for communication with missing date and IMEI number. Many people do not note down the IMEI number of their mobile. One can see the number by typing *#06# on their GSM mobile phone. The owners should record the 15-digit number, which is displayed in the instrument, police suggest. Here are some tips for those planning to buy a cellular phone.

Do not buy a second-hand cellular phone from strangers. It could have been used for some anti-social activity, landing the second-hand buyer in trouble at a later date. Similarly, they should not sell the instrument to strangers. The unknown buyer could use them for some nefarious activities, warn the police.

4.14 Do and don't for mobile user________________________

Don’ts: • Do not take photographs of anybody without his/her permission by using your

mobile phones because you could invade the privacy. • Do not send obscene/pornographic text, images through SMS or MMS. • Do not receive or reply to any SMS/MMS of strangers. • Do not transmit obscene/ pornographic material, as it is an offence under

Section-67 of IT Act –2000 for which the Punishment/ penalty is 5 yrs imprisonment and Fine up to 1 Lakh rupees.

• Do not call to any unknown phone/mobile numbers that you get while chatting or exhibited on various profiles on Internet. If you do you may be causing harassment on behalf of other person.

• Do not keep your Blue tooth option SWITCHED ON every time, because you may receive unwanted Viruses, Obscene/Pornographic Text and Images etc.

• Do not give your mobile numbers while chatting on INTERNET to any stranger in order to avoid “CYBER STALKING”.

• DO not Sell and Buy your mobile phone from any unauthorized dealer.

Do’s • Always keep your IMEI number with you. • Never purchase any Mobile Handset without IMEI number. • Put some Security pin code in your Mobile Handset to avoid misuse of your

mobile phones by anybody. • SMS/ MMS received should be checked properly before opening. • Delete obscene/pornographic text, images. SMS/MMS from your mobile phones. • Always use updated Anti-virus softwares in the mobile phone.

Mobile phone keypad should be locked after every use (if Possible). Make a complaint if you lost your Mobile Phone or it may be stolen.


http://www.cybercellmumbai.com/news/do-and-dont-for-mobile

ch4 - mobile frauds & countermeasures

Documents