SIM Card Data Extraction in Digital Investigations: A UFED Cellebrite Approach

In the present-day crime investigation scenario, the first evidence of crime was searched for or obtained from mobile phones. Significant data of importance could be present in the internal and external memory modules and SIM cards of mobile phones, which assume vital parts as evidence. The Subscriber Identity Module (SIM) card is one of the most fundamental parts of any cell phone and contains significant data, such as ICCID, IMSI, SMS, and Call Logs, which have incredible evidential value in forensic examination. SIM card forensics is thus a promising region that can provide plenty of evidentiary information to forensic examiners. This paper presents the SIM structure, various service providers in India, and SIM data extraction by logical and file system methods using UFED Cellebrite and its analogy using SIM cards of different service providers.

Further, SIM data were studied before and after Mobile Number Portability (MNP). The logical and file system data of every SIM card extracted from the UFED Cellebrite has evidential value and is very helpful in forensic investigations. Furthermore, after the MNP, the data stored in the SIM card changed. In contrast, the contacts and messages stored in the previous SIM were deleted. Therefore, one should take the backup of these data before the MNP.