2. Learning Outcomes
By the end of this subject you should be able to:-
To understand the importance of Digital audio
video cds , sims and CDRs
3. 3
DIGITAL FORENSIC (CDRs /Audio/Video/CDs/Sims)
As per Section 164 of QSO and 27-B of ATA, the Court may
consider evidence that has been produced via a modern device or
a technique including CDRs, Audio and video clips to be
admissible and hence conviction for terrorism incidents can be
held based on that.
4. • Call Data Record (CDR) are the data recorded with Cellular
operator pertaining usage of the mobile phone subscriber.
• It is a communication between two or more mobile phones
that automatically recorded by cellular operators.
• CDR helps in investigation as it shows contacts, IMEIs,
date & time, Location etc.
• This helps in investigation.
• It is also admissible in court
5. MSISDN/ IMEI/ IMSI
Frequent caller/Associates
Call type (Incoming/Outgoing, SMS/Call etc.)
Usage (Date/Time)
Location (Bedding, Route, Day activities)
6. MSISDN
• Stands for Mobile Station International
Subscriber Directory Number.
• It is the identity of the user of the SIM card in
a mobile/cellular phone
7. IMSI
• Stands for International Mobile Subscriber
Identity
• IMSI can be simply defined as, the mapping of
MSISDN and ICCID (integrated circuit card
identifier, printed on SIM Card)
• It is unique in cell operator.
• Replacing a SIM card for same mobile number
will change IMSI.
• IMSI of Pakistani SIMs has a Mobile Country
Code of 410 .
– Mobilink: 41001
– Ufone: 41004
– Telenor: 41006
– Zong: 41003
– Warid: 41007
8. IMEI
• International Mobile Equipment
Identity is a unique 15 digits
number given to every single
mobile phone.
• Last (15th) digit is known is
check digit or network digit.
• We usually ignore last digit in
investigation because it is not
fixed. Every network read it
differently.
• IMEI Search provides us the
detail of other numbers used in
Cell Phone.
• IMEI Number is shown by
device by dialling *#06#
9. Call Type
• Call Type in CDR shows:
– Incoming Call
– Incoming SMS
– Outgoing Call
– Outgoing SMS
10. B-Party Numbers
• The B-Party numbers
are the contacts with
the suspect CDR to
whom either the
CALL/SMS is dialled or
received.
Row Labels InComing
Incoming
SMS Outgoing
Outgoing
SMS
Grand
Total
3449016377 25 1 1 27
3149048204 4 7 11
3005908331 4 7 11
3009309888 3 7 10
3345433874 1 8 9
3013029300 1 8 9
3459050915 6 1 7
3009500661 2 5 7
3065968206 7 7
11. Date & Time
• The CDR shows activity log with actual Date
and Time.
12. Location
• location in CDR may shows following
information.
– The location visited will have a proper
• Cell ID/ Lac ID
• Description
• Latitude & Longitude
13. HLR
• HLR (Home Location Register) is a database that
contains various information about all of the
mobile subscribers of a mobile network such as
the mobile numbers, services, whether the
numbers have been ported to another network
and similar information.
• Home Location Register lookup (HLR Lookup) is a
service that dynamically contacts a central
database (on the operator’s side) that contains
details of each mobile phone subscriber
authorized to use the GSM core network.
14. VLR
• Monitor the subscriber’s location within the VLR’s
jurisdiction
• Determine whether a subscriber may access a
particular service
• Allocate roaming numbers during incoming calls
• Delete the records of inactive subscribers
• Accept information passed to it by the HLR
• Last Real loc ….visitor locater register
16. • Bedding Location
• The bedding location of a suspect is
considered to be a location visited by the
suspect from 2000 hrs to 0700 hrs.
CDR Analysis
17. Continue…
• Common Caller of Multiple numbers
• Common number in multiple CDR
• Common IMEI in Multiple CDR
• IMEI Sharing
• Common Location in Multiple CDR
• Movements and Route
• Plotting route on Google maps
• Plotting call locations on Google maps
• Various other reports on Google maps
• Daily called number and location
• Moving Call of a number
• Roaming Summary of a number
• Pattern Analysis of a number
• Split and view other party in contact for time period
18. Multiple Number Analysis
• Graphical relation between multiple numbers
• Common callers of multiple numbers
• Internal calls of multiple numbers
• Mixed calls of multiple numbers
• Common numbers in multiple CDRs
• Common IMEI in multiple CDRs
• Common Location in multiple CDRs
• Location of multiple numbers on Map & Earth
• IMEIs used by multiple numbers
• Pattern Analysis of multiple numbers
19. IMEI Analysis
• Target numbers of IMEI
• Period of using target numbers in IMEI
• Common callers of target numbers in IMEI
• Common Other party and locations of IMEI
• Summary of Calls from an IMEI
• Chart displaying all calls graphically
• Archives (Past history) from an IMEI
• Moving Calls from an IMEI
• Distinguish duplicates (China) IMEI from original
IMEI
20. Continue…
• Summary of all SIMs from an IMEI
• Movements & Route of an IMEI
• First Call & Last Call from an IMEI
• Daily Called & Daily Location from an IMEI
• Pattern Analysis of an IMEI
21. Multiple IMEI Analysis
• Target Numbers of multiple IMEIs
• Chart displaying all calls graphically
• Mobile Numbers used in multiple IMEIs
• Other Party called from multiple IMEIs
• Pattern Analysis of multiple IMEIs
• Links displaying all patterns of multiple IMEIs
graphically
• All outgoing & incoming Calls & SMSs from
multiple IMEIs
22. Continue…
• Roaming Summary of an IMEI
• Moving Calls from an IMEI
• Summary of all SIMs from an IMEI
• Movements & Route of an IMEI
• First Call & Last Call from an IMEI
• Daily Called & Daily Location from an IMEI
• Pattern Analysis of an IMEI
23. Tower Analysis
• Relation of calls between different towers
• Numbers common in different towers
• Other party common in different towers
• Groups of numbers in different towers
• Searching multiple numbers in tower
• Day wise analysis of towers.
• Half day wise analysis of towers.
• Tower analysis on time basis.
24. Overlapping
• Overlapping is defined as to cover a location
by a suspect partly by going over its edge in a
short period of time.
• Overlapping in a timeframe is considered by:
– Its Cell IDs
– Its description
25. Count of Date/Time Call Type
A B INCOMING OUTGOING Grand Total
3138698606 3012373123 1 1
3018909161 1 1
3129032736 1 1
3135856232 1 1
3149957193 1 1
3219836258 2 1 3
3329230460 5 1 6
3335801074 1 1 2
3369069520 2 2
3419010279 1 1
3469178361 1 1
3138698606 Total 14 6 20
Grand Total 14 6 20
28. I-2 Link Analysis
• It is a STAND ALONE application for analyzing the Links and visualization of
complex networks
• Visual graphs to represent Links between all distinct numbers
• Sub graph to analyze a particular module, important network(s) etc.
• It shows Links between all uploaded CDRs
• Identification of the direct and/or indirect relationship between two people in a
given number of CDRs
• Can generate call frequency matrix for multiple CDRs to show cross calls between
parties
• Filters are available for graphical representation (Visual Filter)
• Graphically presents results making more accessible and easier to understand
• The application draws a visual representation between the multiple nodes of a
network in a single panel and also have inbuilt intelligence to identify:Single Points
of Failure in the network,Nodes with maximum density and Nodes which can
influence the entire network in the shortest time possible.
29. Continue…
• Capability to show the relation between different nodes and also show the
subscriber information of the selected nodes
• Sub graph facility available for analyzing particular or important module of graphs
• Also have capability of analyzing important modules in a separate window
• Can remove unwanted nodes from data panel and the graph in a separate process
and also automatically remove numbers whose length are less than the specified
input
• Can highlight the important and common nodes and also indicate any existing
suspect number in the data set
• Different options are available for layouts like FRL Layout, Static Layout, Circle
Layout, Tree Layout, Isometric Layout etc.
30. Continue…
• Font can be changed for number and/or name
• Can Zoom In & Out for better view
• Can generate reports with directed or undirected option
• Can Transform or move the whole graph
• Can Pick a particular node with its adjacent node
• Can Name a particular node
• Can Zoom a particular area of a graph in Link Analysis through Lense
option
• Can Print graph
• Can Save graph as an Image
• Customization available in Link Analysis
• Any external data can be imported and graph can be generated visually
• Can filter node on the basis of Length and selected number
34. Sector1
Sector2
Sector3
CID – Cell ID
• Corresponds to a single
cellular tower and
normally identifies the
sector of coverage 120
degree of 360 degree
coverage tower.
• Each BTS normally
comprises of three
sectors/ Cell IDs
Note: Sector 1 is always towards North
35. A grouping of Cell IDs to form a broader coverage area (sometimes is one per city
or village)
LAC-Location Area Code
36. 1. What is digital evidence ?
2. Name any two types of digital evidences ?
3. If you find scratch card of mobile load from crime scene what
will you do ?
4. Can we use hard disk as evidence ?
5. What is mean by CDR ?
6. What is IMEI ?
7. What is IMSI ?
8. What is UFED ?
QUESTION PAPER CAN BE ANSWER IN
URDU OR ENGLISH