Interview Tech Quiz
what does ICCID stand for?
Integrated Circuit Card Identification Number
What is the ICCID?
An 18-22 (19-20)digit number, no two SIM cards have the same ICCID number. This is a unique serial number - a one of a kind signature that identifies the SIM card itself.
What does IMSI stand for?
International Mobile subscriber Identity
What is the IMEI
A unique 15 digit number that identifies the phone.
what does GSM stand for?
global system for mobile communications
what does SIM stand for?
subscriber ifentity module
whats the difference between a SIM and a memory card?
A SIM is a mini computer and a memory card is just a storage device
Do SIM cards store data?
yes, they provide limited storage data (SMS and contacts etc.) by means of a simple file system.
what is USIM?
universal subscriber identity module.
the software application running on the card.
What is a Multi-Application card?
both SIM and USIM
What are the different form factors of SIMs?
mini -2FF
Micro - 3FF
Nano- 4FF
SIM File System - tell me more.
They use a simple File System to store data related to the operation of the mobile phone and its interaction with the network, in addition to data which can be created and modified by the user.
3 parts:
Master File MF. ( root - similar to C:\ on a PC)
Dedicated File DF - sub folders
Elementary File EF - fixed file sizes containing data.
Components of ICCID
Major Industry Identifyer (MII) "89" always for SIMs
Issuing Country identifyer - normally the calling code doe the issuing country (+44) canada uses 302.
Issuer Identification Number (IIN) Identifies the issuing service provider.
Individual Account Identification number - identifies a unique card
Check Digit- The last digit is typically a check sum calculated from the previous digits.
Whats PUK on SIM card?
personal Unblocking Key
a master password thats not the PIN to access a locked SIM
random 8 digit number
what is the IMEI? What does it stand for?
Intenational Mobile Equipment Identifyer. a unique 15 digit number that identifies the phone.
What is the purpose of the IMSI?
The IMSI is SIM specific and identifies the user not the device itself. identifies the users sunscription profile on the network. athenticates users.
What does SMS stand for?
Short Message Service
what does MMS stand for?
Multimedia Messaging Service
What are the ACPO principles and why are they so important?
1 - never change origional data
2- when its necissary to it must be justified and competent practitioner.
3 - audit trail, can be repeated by 3rd party company and produce same results.
4- Case officer has responsibility of case and that these principles are followed.
Why is network isolation so important?
ACPO Principle 1
preserves the integrity of the digital evidence
What does SIM stand for?
Subscriber Indentity Modules
What are the different Micro SD memory card varients?
Micro SD :
microSDHC
microSDXC
What are Memory Cards Typically used to store?
Multimedia data.
however, they may have been inserted into many other different devices and could contain any type of digital data.
What is 'Hashing' ?
Hashing can help demonstrate our compliance with ACPO principle 1.
Hashing is a vital part of digital 'signatures' which are used to verify the authenticity and integrity or a document/message(data).
It is an irreversible ("one way") mathematical process which can be applied to any unit of data. The output of this process is referred to as a "hash". it is a number which is typically presented as a string of hexedecimal characters.
Tell me more about "Hashing" and its use in digital Forensics.
A hash can be considered a digital fingerprint of a unit of data.
Hashing is irreversible and is a mathematical process that can be applied to any unit of data.
INTEGRITY VERIFICATION - check we havent changed data in our processes.
aquisition and then after analysis (both hashes should be the same ) ACPO Principle 1.
What are the two hashing algorithms typically used in digital forensics?
MD5 and SHA-1 (SHA-256)
SHA-1 = 40 characters in length
What other purpose does hashing have in digital forensics?
File identification.
To recognise files that have been encountered before.
libraries of hash values can be compiled and shared between forensic practitioners e.g. to ifentify IIOC.
uninteresting files can also be filtered out using hashing.
Tell me about Hash Collisions
This is when two different sets of data generate the same hash.
We use longer hash values such as MD5 and SHA-1 in Digital forensics as there is less chance of hash collisions due to the larger number of possible hash values produced with these algorythyms.
combibing these with SHA-256 is best as there have been no collisions to data with 256.
What is Write Blocker and how can it be used in memory card extactions to preserve origional data?
Its functions prevent changes to the data being examined.
Write protected memory card readers provide a "read only" access to the original data to ensure compliance with ACPO principle 1. Ensures any changes to the data on the card are prevented.
List 3 ways ACPO principle 3 is followed during your examination process?
Audit trail:
1) written notes. 2)Electronic logs from extraction software.
3) photographs.
Tell me more about the IMEI
The International Mobile Equipment Identity is used as a serial number and is one of the few things that is standardised accross different makes and models of handset.
15 digit number unique to a particular handset.
Barcode underneath can me scanned too.
Suffix at end of printed IMEI
some handset providers will add a siffix software version number to the end of the IMEI. however this is not reliable as software can be updated but shows what it was when the device was manifactured.
FIRMWARE
What makes the IMEI unreliable?
It is possible for an IMEI to be re-programmed (stollen devices - scrated off the back).
Whats special about O2 SIM cards?
They are suitably configured that they record the IMEI of handsets that they have been inserted into.