Mobile Network Forensics: General Principles and Legal Aspects

Mobile Network Forensics: General Principles and Legal Aspects

Copyright: © 2019 |Pages: 44
DOI: 10.4018/978-1-5225-5855-2.ch006
(Individual Chapters)
No Current Special Offers


The sensitive nature of mobile network forensics requires careful organization of the investigative processes and procedures to ensure legal compliance and adequate privacy protection. Investigations in mobile networking environments can be conducted for two main purposes: (1) to reconstruct criminal activities facilitated by a use of a mobile service and (2) to attribute malicious attacks targeting the normal operation of the mobile infrastructure. In both cases, investigators need to know the concepts introduced in the previous chapters to operationalize any mobile network related investigation. This chapter elaborates the legal framework, the general investigative principles, and evidence types characteristic for investigations in mobile network infrastructures.
Chapter Preview

Mobile Network Forensics


Mobile network forensics is a cross-discipline of digital forensics and mobile networks. Digital forensics is the application of scientific methods to investigate evidence from digital sources about security incidents or criminal activities (Palmer, 2001; Ruan et al., 2011). Mobile networks are a rich source of digital evidence and as such can help reconstruct any criminal activities facilitated by or targeted towards the network infrastructure. Formally, mobile network forensics refer to the scientific methods for identification, collection, acquisition, and preservation of digital evidence from mobile network infrastructures for further analysis, interpretation, and presentation in investigating security incidents and criminal activities. Mobile network forensics can also be denoted as cellular network forensics, referring to the cellular organization of the radio network subsystems.

Key Terms in this Chapter

Bid: Broadcast area identifier.

ITOT: ISO transport service on top of TCP (ITOT); also referred to as TPKT.

AMR: Adaptive multi rate.

CIN: Communication identity number.

LAC: Location area code.

GERAN: GPRS radio access network.

HI1: Handover interface 1.

PCRF: Policy charging rules function.

GTP: Gateway tunneling protocol.

SDCCH: Standalone dedicated control channel.

NEID: Network element identifier.

(E)RAB: (Evolved) radio access bearer.

RRC: Radio resource control.

RRLP: Radio resource LCS protocol (RRLP).

SMLC: Service mobile location centers.

RAC: Routing area code.

USSD: Unstructured supplementary service data.

SMS: Short message service.

LIID: Lawful interception identifier.

UE: User equipment.

CAN: Connectivity access network.

CALEA: Communications Assistance for Law Enforcement Act.

SGSN: Serving GPRS support node.

GSM: Global system for mobile.

MSC: Mobile switching center.

LEMF: Law enforcement monitoring facility.

GPS: Global positioning system.

UTDOA: Uplink time difference of arrival.

MLP: Mobile location protocol.

3GPP: 3rd generation partnership project.

CGI: Cell global identity.

P-GW: Packet gateway.

TCP: Transmission control protocol.

CAMEL: Customized applications for mobile enhanced logic.

SMSC: SMS center.

DSS: Digital signature standard.

URL: Universal resource locator.

QoS: Quality-of-service.

HI3: Handover interface 3.

PLMN: Public land mobile network.

BSC: Base station controller.

LTE: Long-term evolution.

UTRAN: UMTS terrestrial radio access network.

PS: Packet switched traffic.

BTS: Base transceiver station.

MME: Mobility management entity.

APN: Access point name.

MSISDN: Mobile subscriber ISDN number.

EIR: Equipment identity register.

AVP: Attribute-value pairs.

IMEISV: IMEI software version.

HSS: Home subscriber system.

MMS: Multimedia message service.

IIF: Internal interception function.

DHCP: Dynamic host configuration protocol.

OCCSSA: Omnibus Crime Control and Safe Streets Act.

LCS: Location services.

LALS: Lawful access location services.

MSCS: MSC server.

LEA: Law enforcement agency.

TAI: Tracking area identity.

GMLC: Gateway mobile location center.

LI: Lawful interception.

EPC: Evolved packet core.

RSRP: Received signal received signal power.

RSRQ: Received signal received quality.

RAI: Routing area identity.

CLIR: Calling line identification restriction.

LMU: Location measurement units.

GPRS: General packet radio service.

ECPA: Electronic Communications Privacy Act.

MCC: Mobile country code.

IN: Intelligent network.

DES: Digital encryption standard.

IMEI: International mobile equipment identity.

A-GNSS: Assisted global navigation satellite systems.

MSRN: Mobile subscriber routing number.

OA&M: Operations, administration, and maintenance.

(U)SIM: (Universal) subscriber identity module.

QCI: QoS class identifier.

HeNB: Home eNB.

PDP: Packet data protocol.

HI2: Handover interface 2.

S-GW: Serving gateway.

CID: Communication identifier.

IP: Internet protocol.

Cc: Content-of-communication.

AKA: Authentication and key agreement.

PDTCH: Packet data TCH.

RTT: Round-trip time.

IRI: Interception-related information.

SAI: Service area identity.

PDCP: Packet data convergence protocol.

NID: Network identifier.

VPLMN: Visiting PLMN.

OCS: Online charging function.

FISA: Foreign Intelligence Surveillance Act.

ECID: Enhanced cell ID.

RSCP: Received signal code power.

ISDN: Integrated service digital network.

MNC: Mobile network code.

HLR: Home location register.

TTFF: Time-to-first-fix.


GGSN: GPRS gateway support node.

IMS: Internet multimedia subsystem.

UMTS: Universal mobile telecommunication system.


CCID: CC link identifier.

LAI: Location area identity.

TAC: Tracking area code.

AAA: Authentication, authorization, accounting.

DoS: Denial of service attack.

SCCP: Signaling connection control part.

CSG: Closed subscriber group.

AEs: Advanced encryption standard.

RSTD: Received signal time difference.

TCH: Traffic channel.

Complete Chapter List

Search this Book: