Guide to SIMfill Use and Devlopment (NIST IR-7658)
暫譯: SIMfill 使用與開發指南 (NIST IR-7658)

The National Institute of Standards and Technology IR-7658, Guide to SIMfill Use and Development discusses SIMFull which is a proof-of-concept, open source, application developed by NIST to populate identity modules with test data, as a way to assess the recovery capability of mobile forensic tools. An initial set of test data is also provided with SIMfill as a baseline for creating other test cases. This report describes the design and organization of SIMfill in sufficient detail to allow informed use and experimentation with the software and test data provided, including the option to modify and extend the program and data provided to meet specific needs. Reference materials are vital in forensic laboratories and similar settings, where quality assurance is a major issue. Reference material refers to material, sufficiently homogeneous and stable with respect to one or more specified properties, which has been established to be fit for its intended use in a measurement process. One area of application is in the validation of forensic tools to identify inaccuracies that might exist and establish overall suitability for use. New versions of forensic software tools are issued regularly by a tool manufacturer to broaden the range of existing functions, provide new features, and correct identified problems. After the laboratory successfully validates a tool, it can be safely put into use for its intended purpose. Reference materials, such as handsets and identity modules containing populated data, are typically used to validate forensic tools targeting mobile handheld devices. However, populating such devices with data that exhibit the needed properties, including a broad range of character sets, data structures, and file content, is difficult. Populating a device with a representative data to create suitable reference material can be done in various ways: Manually – Using manual means to populate a group of individual items onto devices is typically a time-consuming and error-prone process, since it is normally done through the user interface of a handset; Semi-automated – Using a semi-automated process typically preserves manually populated data for reuse by copying or transferring the data to another device with the same or very similar characteristics; Automated – Using an automated means to populate devices through a well-defined interface can greatly expedite validation, once the initial effort to construct the test data is completed. SIMfill is a proof-of-concept application developed to expedite validation by populating certain devices automatically with test data, to create reference material for tool assessment. SIMfill works with Subscriber Identity Modules (SIMs) found in many present-day mobile phones. Universal Mobile Telecommunications System (UMTS) SIMs (USIMs) being deployed in 3G networks are often backwards-compatible with SIMs and able to be populated by SIMfill as well [3GPP09c]. (U)SIMs are highly standardized devices with well-defined interfaces. The vast majority of forensic tools for cell phones provides the functionality to recover (U)SIM-resident data, making SIMfill a potentially useful means for use in assessing their capabilities. This report describes the design and organization of SIMfill in sufficient detail to allow informed use and experimentation with the software distribution, including the option to modify the program and test dataset provided to meet specific needs.~