The main purpose of this paper is to describe the real filesys- tem of SIM and USIM cards, enlightening what the offi cial standard reference does not say. By analyzing the full filesystem of such embedded devices, it is possible to find a lot of undocumented files usable to conceal sensitive and arbitrary information that are unrecoverable with the stan- dard tools normally used in a forensic field. In order to understand how it is possible to use a SIM/USIM for data hiding purposes, the paper will present a tool capable of extracting the entire observable memory of these devices to- gether with the effective filesystem structure. Further, some practical examples regarding the data hiding procedure as a proof of concept will be analyzed and discussed.
SIM and USIM Filesystem: a Forensics Perspective
GUBIAN, Paolo;
2007-01-01
Abstract
The main purpose of this paper is to describe the real filesys- tem of SIM and USIM cards, enlightening what the offi cial standard reference does not say. By analyzing the full filesystem of such embedded devices, it is possible to find a lot of undocumented files usable to conceal sensitive and arbitrary information that are unrecoverable with the stan- dard tools normally used in a forensic field. In order to understand how it is possible to use a SIM/USIM for data hiding purposes, the paper will present a tool capable of extracting the entire observable memory of these devices to- gether with the effective filesystem structure. Further, some practical examples regarding the data hiding procedure as a proof of concept will be analyzed and discussed.| File | Dimensione | Formato | |
|---|---|---|---|
|
paper_sac07-submitted.pdf
gestori archivio
Tipologia:
Full Text
Licenza:
DRM non definito
Dimensione
218.5 kB
Formato
Adobe PDF
|
218.5 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
