The Association of Digital Forensics, Security and Law (ADFSL)


Mobile phones and other handheld devices incorporating cellular capabilities, such as Personal Digital Assistants, are ubiquitous. Besides placing calls, these devices allow users to perform other useful tasks, including text messaging and phonebook entry management. When cell phones and cellular devices are involved in a crime or other incident, forensic specialists require tools that allow the proper retrieval and speedy examination of data present on the device. For devices conforming to the Global System for Mobile Communications (GSM) standards, certain data such as dialed numbers, text messages, and phonebook entries are maintained on a Subscriber Identity Module (SIM). This paper gives a snapshot of the state of the art of forensic software tools for SIMs and an explanation of the types of digital evidence they can recover.


3GPP (1999), Alphabets and Language-specific Information, 3rd Generation Partnership Project, TS 03.38, version 7.2.0 (Release 1998), Technical Specification (1999-07).

3GPP (2005a), Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface, 3rd Generation Partnership Project, TS 11.11 V8.13.0 (Release 1999), Technical Specification, (2005-06).

3GPP (2005b), Technical Realization of the Short Message Service (SMS), 3rd Generation Partnership Project, TS 23.040 V6.6.0 (Release 6), Technical Specification (2005-12).

3GPP (2006), Numbering, Addressing and Identification, 3rd Generation Partnership Project, TS 23.003, V6.9.0 (Release 6), Technical Specification (2006-03)

3GPP2 (2001), Removable User Identity Module for Spread Spectrum Systems, 3rd Generation Partnership Program 2,

3GPP2 C.S0023-0, Version 4.0, June 15.

Ayers, R. et al. (2005), Cell Phone Forensic Tools: An Overview and Analysis, NIST Interagency Report - 7250,

Casadei, F. et al. (2005), SIMbrush: an Open Source Tool for GSM and UMTS Forensics Analysis, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05), November 7-9, pp. 105-119.

Dearsley, T. (2005), Mobile Phone Forensics – Asking the Right Questions, New Law Journal, July 29, pp. 1164-1165.

Dechaux, C., Scheller, R. (1993), What are GSM and DECT?, Electrical Communication, 2nd Quarter, pp. 118-127.

GSM World (2006), GSM Global Networks on Air, .

ITU-T (2006), Automatic International Telephone Credit Cards, International Telecommunications Union, Telecommunication Standardization Sector (ITU-T), Recommendation E.118, (02/01).

Vedder, K. (1993), Security Aspects of Mobile Communications, in Computer Security and Industrial Cryptography - State of the Art and Evolution, Lecture Notes in Computer Science, Vol. 741, pp. 193-210.

Willassen, S. (2003), Forensics and the GSM Mobile Telephone System, International Journal of Digital Evidence, Volume 2, Issue 1, .

Willassen, S. (2005), Forensic Analysis of Mobile Phone Internal Memory, IFIP International Conference on Digital Forensics, National Center for Forensic Science, Orlando, Florida, February 13-16, in Advances in Digital Forensics, Vol. 194, Pollitt, M.; Shenoi, S. (Eds.), XVIII, 313 p., 2006.




To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.