MTEB Diploma CSUT2 Partner

 

Diploma for SIM and USIM Technology Examination
Mobile Telephone Diploma Core
Diploma:CSUT2

Partner Support
The Mobile Telephone Examination Board (MTEB) are pleased announce that Quantaq Solutions (http://www.quantaq.com/about.htm) have agreed to be the MTEB Diploma CSUT2 Partner. Quantaq Solutions role is as a "Partner Support". This role entails

- providing trial copies of software
- respond to technical enquiries that a student may require to make

to assist with the student's Diploma.

Moreover, Quantaq Solutions will host an MTEB webpage solely for use by MTEB Diploma Students so that students can have acess to the software and post questions to seek technical assistance.

MTEB selected to work with Quantaq Solutions as a "Partner Support" because of their existing experience with (U)SIM/smart card examination tools, their range of independent, stand-alone tools to analyse (action commands/receive responses) on SIM/Smartcard and their highly regarded technical knowledge and experience in the fields of:

SIM, smartcards, NFC, RFID, M2M, location, DRM, security, cryptography, Mobile Wallet, technology, innovation, patents, technical design authority, standardisation, proof-of-concepts and software development

Gary Waite

Leading the "Partner Support" on behalf of Quantaq Solutions is Gary Waite. Gary is very well known in the mobile forensics arena for his work on the tools the (U)SIM forensic tools USIM Detective (USIM-D) and USIM Detective Professional (USIM-DP).

His experience and technical background further underpin his credentials of his expertise:
- Founder of Quantaq Solutions
- Past Vice Chair of the Smart Card Group GSM Association
- Test software supplier to Global Certification Forum (GCF) Field Trial Guidelines
- Authored the original ETSI GSM 11.17 standard. This standard formalised the core test processes and procedures for SIM Cards and remains at the heart of (U)SIM testing, programming and examination today.
- First to introduce recording in CUST File (EF) a particular handset's IMEI on SIM Card, which is important, evidentially
- Employed as Technology Manager for the last 11 years with a well know international Mobile Network Operator
- Skilled in C/C++/Java
- Holds a Degree from the University of Abertay Dundee - Electrical & Electronic Engineering, Electronic Engineering

Diploma:CSUT2
Free trial access to the following tools will be made available to Diploma Students. 

USIMdetective - http://www.quantaq.com/usimdetective.htm
USIMexplorer - http://www.quantaq.com/usimexplorer.htm
USIMexplorer - http://www.quantaq.com/usimcommander.htm
USIMprofiler - http://www.quantaq.com/usimprofiler.htm

Diploma for SIM and USIM Technology Examination
Mobile Telephone Diploma Core
Diploma:CSUT2

The latest MTEB Diploma Modules Guide is MTEdipl 2.2 can be downloaded here:
https://dl.dropboxusercontent.com/u/84491783/MTEdipl%202.2.pdf

5-Billion Mobile Subscriptions forecast by Q4-2010

Mobile market forecasts all predict the heavily reliance on GSM/3G/LTE and Mobile WiMax etc over the next 15 years. This is something I have been predicting for the last 10 years. Naturally, mobile forensics will need to play its part and hence the reason for the MTEB educational programme for students and experienced individuals.

Worldwide Mobile Subscriptions Forecast To Exceed Five Billion By 4Q-2010

Singapore -- ABI Research forecasts over five billion mobile subscriptions by the end of 2010, with an approximate 4.8 billion connections having been reached by the end of the year's first quarter. Much of this growth will be registered in developing markets in Africa and the Asia-Pacific region.

Africa remains the fastest growing mobile market with a YoY growth of over 22%. Mobile penetration in Asia-Pacific will rise significantly to 65% by the end of 2010. "This unprecedented growth is driven by India and Indonesia, which have together added over 150 million subscriptions in the past four quarters," comments ABI Research analyst Bhavya Khanna. "Falling monthly tariffs and ultra-low-cost mobile handsets have democratised the reach and use of the mobile phone, and aggressive rollouts by mobile operators in these countries will see the current rate of subscriber addition maintained for some time to come."

At the other end of the spectrum, developed countries in North America and Europe continue to add subscriptions despite already having crossed the 100% penetration threshold. Driving this growth in subscriptions are new mobile devices and the ‘third screen' - including netbooks, tablet computers, USB dongles and e-book readers. "The success of Apple's iPad 3G shows that even operators in saturated markets can add subscriptions by introducing innovative and user-friendly devices," says vice president of forecasting Jake Saunders.

In addition, the introduction of 4G data networks such as WiMAX and LTE will see more consumers ditch their cables and access the Internet through mobile broadband connections. Operators such as Clearwire in the United States and Yota in Russia have seen consumers turn to their networks as fast and mobile alternatives to fixed-line broadband.

For more information visit www.abiresearch.com.

SOURCE: ABI Research

Mobile Phone Flash Memory Chip Evidence

Mobile Phone Flash Memory Chip Evidence

.

When recovering data using flasher box devices it may be useful to support the notion of obtaining a detail (IMSI/ICCID/etc) about a previously inserted paricular SIM Card in a particular mobile telephone that the notion about storing such data in memory is:

.

- not new

- not clandestine shady black-box technology

- not a security breach by the handset manufacturer

.

In fact the entire process of maintaining a SIM List in the phone was designed to allow a user with more than one SIM Card to gain access to previously held memory data associated with each particular SIM Card.

.

In order to support that statement it would be helpful to see practitioners using authoratitive statements about the forensic 'reliability' and 'accuracy' of recovered data being obtained using flash reading devices and the evidential 'weight' and 'value' to be given to the data.

.

To assist, here is a statement from a 1996 published Electronic User Guide for the Nokia 2110:

.

SECURITY LEVEL (Menu 5 2) Page 71

"The phone keeps a list of the SIM cards which are used with the phone. This list may contain the information on up to five different SIM cards."

.

However under the same section in the User Guide it states:

.

"Regardless of the selected security level, all temporarily stored phone numbers are erased when a new SIM card is installed. On the other hand, these phone numbers are not erased when a previously used SIM card is inserted, regardless of the selected security level."

.

As a query about forensic reliability and accuracy:

.

- During the acquisition process and the harvesting of the data acquired is there/ has there been anything lost in translation of the data themselves, at first instance? If the IMSI you have recovered from flash memory is presented along with call logs etc, how do you know that those call logs relate to that IMSI and not another IMSI?

.

As a query about evidential weight and value:

.

- What weight can be given to the recovered IMSI being directly associated with those call logs? Moreover, what value is there in using such potentially uncorroborated evidence assigned to the recovered data being presented as evidence?

Mobile Telephone Examination Procedure

Mobile Telephone Examination Procedure

.
This discussion continues on the theme to highlight, over the last five years, the diminishing quality of the knowledge in mobile telephone evidence training and very poor understanding by those giving advice about or presenting mobile telephone forensic evidence and opinion.
.
By way of further illustration about poor understanding which was given in an advice note regarding mobile telephone examination procedure, the advice given:
.
(1) by removing the battery of certain make/model of mobile telephone can lose the date and time stamp and call history, but using a Shielding Room can prevent this because you won’t need to remove the battery.
.
(1a) the party giving the advice above then went on to suggest they did not think, by and large, the above is a better methodology that should be adopted and went on to advocate that the method of producing a clone test SIM (Access Card) appeared to them to be more appropriate.
.
A shielding room is used to prevent radio signals entering a given space that the shielding is designed to protect, and also prevent the mobile telephone from registering to the mobile telephone network; [it] cannot though prevent loss of full call history and date and time stamp irrespective of whether the mobile telephone is in a shielded room or not. Removing the battery on some older models of mobile telephone can lose the full call history and date and time stamp. To produce a clone test SIM (Access Card) the examiner is required at first instance to remove the battery to get to the SIM/USIM. So how is their recommendation shown (in 1a) that it is any better than the unsuitable Shielding Room scenario (in 1)?
.
- For the record the point I am making is not to advocate shielding rooms or faraday bags, I am just pointing out the absurdity of the advice -
.
By noting in their advice that using a Shielding Room may not be the best method (thus tacitly negativing its use) the advice then goes on to positively suggest that the examiner wouldn’t need to remove the battery because it is in a shielding room and that call history and date and time stamp on the mobile telephone would be secure. They then go on to advocate the removal of the battery which implicitly requires taking the SIM out also from the handset for the purposes of producing a clone test SIM (Access Card). Their advice is confusing as they have already admitted removing the battery can lose data.
.
An examiner will naturally have to remove the SIM/USIM out of the handset anyway (thus removing the battery first is one point; another point being removing the SIM/USIM can inevitably cause loss of data in the handset - it can't be helped) because the proper order of examination requires a full examination of the SIM/USIM to get at evidence that is not readily available and obtainable by leaving the SIM/USIM in the handset during examination.
.
I concluded from reading their advice that it contained so many mixed messages and conflicting use of methodologies which each method that would usually be used for the treatment of different issues in isolation were now being squeezed together to make them work, would leave an examiner following their advice open to and vulnerable to potentially discrediting their own evidence.
.
Moreover, if the advice note was intended to succeed in getting an examiner to use Access Cards over Shielding Rooms then in my view it failed to convince me to use one or not the other.