Smith's LND Dilemma
In real cases of mobile 'phone and SIM Card examination, as opposed to theoretical discussion about them, entries found in elementary file Last Number Dialled (EFLND) on a SIM Card can be quite complex to determine and today do not have a clearly defined pattern as to the origin of data, as one might think is suggested by the GSM Standard 11.11. This is largely due to misunderstandings as to the interpretation to be given to relevant clauses within the Standard and what they actually mean. There is some commentary in the Standard which provides for minimal comprehension of possible origin of data in LND, but not nearly enough for my work.
Back in the early 1990s there was an considerable amount to be learnt about GSM SIM cards and I needed a way that I could at least comprehend how data was being shared and recorded in elementary files (EF) in the SIM. As data was being recorded in the elementary files Last Number Dialled (EFLND) which appeared to be from origins other than from within the SIM by 2002, this meant a re-think of a simple 'problem' algorithm I had written back in 1995, which was titled "Smith's LND Dilemma", so titled for copyright reasons.
As mentioned above, the early algorithm was written relating to data generated in EFLND internally to the SIM and the 2003 update I did included possible arguments for external sources for generation of the data. I updated Smith's LND Dilemma to consider where less restrictive assumptions are considered regarding determining LND entries, the investigation uncovers a more complex series of potential events and appears as a non-complete combinational problem, due to some undefined sources. The undefined sources are used for investigation having first investigated common sources where data is known to originate. The undefined sources were, in essence, a precaution by me to cover myself where sources occurred from uncommon or a new implementations in SIM, or simlar from external sources, such as mobile telephones. Also, I needed to consider the issue of programs that can generate data on SIM Cards. I didn't wish to be confined by identifying particular program/s.
I have reproduced the main part of Smith's LND Dilemma and cut out coding remarks and other bits etc, which make for uncomfortable reading and comprehension. Well I hope this helps examiners, or newbies to our branch of forensic science, regarding investigating mobile telephone evidence. This is just the tip of the iceberg .
Smith's LND Dilemma
#
# Makefile for Smith's LND Dilemma (c) by Gregory N Smith
#
.
.
.
Where (
Entries = 3F00+2FE2+7F10+6F44+6F4A
)
if (
and 7F20+6F38+7F10+6F3D = allocated+activated+string
)
Where origin needs to be known (
If 7F10+6F3D+6F44+6F3A+6F40+6F4A
)
and/ (
If 7F10+6F3D+6F44+6F4A+6F42
)
/or (
If 7F10+6F3D+6F44+6F3B(6F3A+6F40+6F42+6F4A)+6F4B
)
/or (
If 7F10+6F3D+6F44+6F49+6F4C
)
/or (
If 7F10+6F3D+6F44+6F4D(6F44+6F3A+6F40+6F42+6F49+6F4A+6F4B+6F4C)+6F4E
)= Entries
However, where (
Entries = 3F00+2FE2+7F10+6F44+6F4A
)
If (
and 7F20+6F38+7F10+6F3D = allocated+activated+string
)
Where origin needs to be known (
If +CGMI+CGMM +CGSN
)
If (
and/ +CLCC+7F10+6F3D+6F44+6F4A
)
If (
/or +CPBS(+CPBR)+7F10+6F3D+6F44+6F4A
)
If (
/or +CMGL(+CPMR)+7F10+6F3D+6F44+6F4A
)= Entries
Alternatively, where (
Entries = 3F00+2FE2+7F10+6F44+6F4A
)
if (
and 7F20+6F38+7F10+6F3D = allocated+activated+string
)
Where origin needs to be known (
and/ undefinedsource+7F10+6F3D+6F44+6F4A
)= Entries
(c) Gregory N Smith 1995-2006
No comments:
Post a Comment