Friday, February 19, 2016

Moral Ethics of Backdoor iPhone 5C

Backdoor iPhone 5C

The discussion below is entirely hypothetical and is not intended to make or shift people into making decisions, legally or morally, nor create detriment at all.

There has been a huge amount of press regarding the balance between lawful investigation / national security versus Apple's company policy not to backdoor their products precisely for privacy and security reasons. It is laudable stand-off Apple have created because they ask where is the demarcation between full access and privacy and security. I cannot say this is David and Goliath being played out because Apple are far too big to be labelled a minnow (unjustly facing might versus right).

However, are Apple's arguments being raised legal ones or moral ones or both. Is Apple your moral barometer in life? Does Apple think for you and make/take your moral decisions for you? Only you can answer these. Apple appear to have made a good fist of standing by their publicised policy for legal reasons and, in fairness, it is understandable, they could have a fear of being accused of misleading statements to suddenly confirm there was always a backdoor into their product. They have done well and spoken in their statement that they never tried to make one in the first place.

[u][b]Apple's Open Letter[/b][/u]
"But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone."

The public statement was made following a US Judge's Order:

There is a point at which peoples' morals are woven in the fabric of their country's constitution where those moral become tenets that become doctrines for the society in which they wish to live. These can lead these morals being inextricably linked (not easy to disentangle) in the decision making process where an organisation like Apple might bend and could say for example "Okay, hands up, we have stood by our customers and promises we made to them but a greater good needs our help. If customers wish us to assist law enforcement and national security carefully set down by a strict and specific set of criteria allowing Apple to (firstly) build the access and (secondly) to deploy it, then we need customers' support to loosen are obligations?"  That statement is hypothetical only created for the following question to ask what would criteria do Apple customers morally consider should release Apple to allow access and deployment (backdooring)?

Below is a short list of graduated crimes against society. It is accepted straightaway that some may not figure in your moral domain (but then create one for yourself and see how you feel about it?). Put the list in order so that you create a moral demarcation where you believe Apple could (not should) allow backdooring on a single make/model of smartphone. The stage is now yours, and yours alone, as this is about you and not me, national security, law enforcement or Apple for that matter. Where do you think you feel and stand on this matter.

Place in your order of importance the below and highlight at what stage you would expect Apple to concede and backdoor their device for the greater good?

10....................backdoor device to find a burglary/car thief
9....................backdoor device to find local cannabis supplier
8..................backdoor device to find IIoC photo distributor/procurer
7................backdoor device to find people trafficker
6..............backdoor device to find arms smuggler
5...........backdoor device to find LE or civilian murderer
4.........backdoor device to find agent spreading bacterial warfare
3.......backdoor device to find murderer of national president
2.....backdoor device to find kidnapper of 30 babies from hospital
1...backdoor device to find where nuclear device placed before explodes

Remember more is less and less is more.  

Sunday, February 07, 2016

Threatware - legally speaking

The courts maybe faced with dealing with a wide range of mobile and computer criminal cases and civil disputes. These may include exploitation of the latter devices. Given the explosion of discontent in the world the use of "threatware" (a vernacular term adopted for this discussion) requires identification as to the type of threat defined by the outcome.
The supposed threat may not be enough by simply labelling it a threat - a victim's experience may not amount to a skilled opinion: The evidence was held not to be admissible on the grounds inter alia that no expert had given evidence as to the records, and that any connection they displayed between the cars stolen and those connected with the accused was a question of fact, not as in Abadom a question of opinion - Myers .v. D.P.P. [1965] A.C. 1001.
Calling a program "threatware" may require more than a simple label being attached to it; proof that it is what it is claimed to be a court may require substantiation: Patel v Controller of  Customs [1966] AC356 held the words “produce of  Morocco” stamped upon bags of coriander were inadmissible to prove the country of origin of the coriander.  The words were stamped on the bag with express intention of asserting a fact and were thus hearsay.
A person having threatware may amount to possession but not intention to use. Equally, the definition of storage container vis-à-vis stored computer may also be subject to definition of 'computer' in e.g. civil law: Section 5 ss6 Civil Evidence Act 1968 - (6) Subject to subsection (3) above, in this Part of this Act " computer " means any device for storing and processing information, and any reference to information being derived from other information is a reference to its being derived therefrom by calculation, comparison or any other process. Also see Civil Evidence Act 1972 and 1995 for hearsay and opinion.
Where threatware is involved in the form of ransomware that arises in contractual dispute between parties see - Ordanduu GmbH & Anor, R (On the Application Of) v Phonepayplus Ltd [2015] EWHC 50 (Admin) (16 January 2015)
For a case where ransomware and data protection are involved see - CASE STUDIES 2013 - Data Protection Commissioner - Ireland [2013] IEDPC 18 (2013)    
Cyber Warfare: A Review of Theories, Law, Policies, Actual Incidents – and the Dilemma of Anonymity | Reich | European Journal of Law and Technology:   

Speaking of the problem of attributing, General Alexander notes that it is very hard "telling one actor from another and divining actors' intentions":
Not every event that affects our networks rises to the level of a national security threat. It is important to remember that hacking, spreading malware and other malicious activities are crimes, defined domestically as well as internationally by the Convention on Cybercrime, and accordingly have legal consequences. Even if you spot an intrusion and you know it originated from an adversary, you usually cannot tell an intelligence operation from a military one. (*page 5)
As part of the overall strategic plan of the US Department of Defense, emphasis must be placed on deterrence. General Alexander notes:
Attacks by hackers and criminals can cause "nation-state sized" effects; indeed, the accidental "release" of malware might do the same, and the problem of attributing the attack to a particular actor similarly remains difficult to impossible. We have to study deterrence anew, from a variety of perspectives, and to gain clarity on our authorities. To take a thought from Sun Tzu, we must understand the cyber environment and, the capabilities of our adversaries, and our own abilities as well. This is not going to be easy, and it is not going to yield answers soon. If we know one thing from the Cold War, it is that stable deterrence can take years to achieve, and is the product of planning, analysis, and dialogue across the government, academe, and industry, and with other nations as well. Cyber deterrence will require progress in situational awareness, defense, and offensive capabilities that adversaries know we will use if we deem necessary. (*page 5)
The above is a small sample of what is available regarding title variations, possible definitions and legal classification that may have bearing when dealing with threatware. I am not a lawyer merely I am simply using legal references to help support points in this discussion and suggesting a possible direction to seek further clarifications, observations or advice.


Monday, February 01, 2016

Investigation USIM EFs and Service Table

There has been so much going on over the past year and with research and testing I haven't posted as much as I would like. The growth areas in the variety of methods and tools for logical data and physical data extraction, harvesting and examination; impact that apps and malware might have on evidence; wireless options available on smartphones and tablets changing the way traditional cell site analysis can be conducted; and the generally the explosion in mobile information and standards needing to be absorbed and understood has been mind-blowing to say the least. These and other matters have consumed my time and the casualty has been fewer posts at the blog. However, from all the work and research I will endeavour to post here, hopefully, useful examination and investigative information on areas that may have either become outdated or evolved such that particular methods applied or tools used could be out-of-date or updated.

USIM (UICC) Cards memory storage and network/user files have seen a massive increase since 2010. Just have a look back at a post in 2010 I made here at trewmte.blogspot and compare the EFUST (elementary files usim service table) in TS 31.102 back then 3g-usim-2g-sim-service-numbers.html compared to the latest releases 12 ( 31_series/31.102/ ) and 13 ( 31.102/ )

The first thing an examiner might wish do first thing in the morning at work is check whether the USIM reader tool is up-to-date. Have a look at the EFUST list and list of elementary files below and check that your reader has the capability to detect, extract and harvest data from these files. Then ask yourself do you actually understand when they are allocated and activated in a USIM what use is made of them? What evidence maybe harvested from them? How would the acquired data assist investigations in the following categories as they would apply to the use of mobile communications?

i)                    Contract Law

ii)                  Tort Law

iii)                Intellectual Property Law

iv)                Criminal (including the new Cybercrime) Law

v)                  Data Protection Law

vi)                Taxation Law

vii)              Computer Law

viii)            Communications Law

ix)                Internet Law

x)                  Etc.

Service n°1: Local Phone Book
Service n°2: Fixed Dialling Numbers (FDN)
Service n°3: Extension 2
Service n°4: Service Dialling Numbers (SDN)
Service n°5: Extension3
Service n°6: Barred Dialling Numbers (BDN)
Service n°7: Extension4
Service n°8: Outgoing Call Information (OCI and OCT)
Service n°9: Incoming Call Information (ICI and ICT)
Service n°10: Short Message Storage (SMS)
Service n°11: Short Message Status Reports (SMSR)
Service n°12: Short Message Service Parameters (SMSP)
Service n°13: Advice of Charge (AoC)
Service n°14: Capability Configuration Parameters 2 (CCP2)
Service n°15: Cell Broadcast Message Identifier
Service n°16: Cell Broadcast Message Identifier Ranges
Service n°17: Group Identifier Level 1
Service n°18: Group Identifier Level 2
Service n°19: Service Provider Name
Service n°20: User controlled PLMN selector with Access Technology
Service n°21: MSISDN
Service n°22: Image (IMG)
Service n°23: Support of Localised Service Areas (SoLSA)
Service n°24: Enhanced Multi Level Precedence and Pre emption Service
Service n°25: Automatic Answer for eMLPP
Service n°26: RFU
Service n°27: GSM Access
Service n°28: Data download via SMS-PP
Service n°29: Data download via SMS CB
Service n°30: Call Control by USIM
Service n°31: MO-SMS Control by USIM
Service n°32: RUN AT COMMAND command
Service n°33: shall be set to '1'
Service n°34: Enabled Services Table
Service n°35: APN Control List (ACL)
Service n°36: Depersonalisation Control Keys
Service n°37: Co-operative Network List
Service n°38: GSM security context
Service n°39: CPBCCH Information
Service n°40: Investigation Scan
Service n°41: MexE
Service n°42: Operator controlled PLMN selector with Access Technology
Service n°43: HPLMN selector with Access Technology
Service n°44: Extension 5
Service n°45: PLMN Network Name
Service n°46: Operator PLMN List
Service n°47: Mailbox Dialling Numbers
Service n°48: Message Waiting Indication Status
Service n°49: Call Forwarding Indication Status
Service n°50: Reserved and shall be ignored
Service n°51: Service Provider Display Information
Service n°52 Multimedia Messaging Service (MMS)
Service n°53 Extension 8
Service n°54 Call control on GPRS by USIM
Service n°55 MMS User Connectivity Parameters
Service n°56 Network's indication of alerting in the MS (NIA)
Service n°57 VGCS Group Identifier List (EFVGCS and EFVGCSS)
Service n°58 VBS Group Identifier List (EFVBS and EFVBSS)
Service n°59 Pseudonym
Service n°60 User Controlled PLMN selector for I-WLAN access
Service n°61 Operator Controlled PLMN selector for I-WLAN access
Service n°62 User controlled WSID list
Service n°63 Operator controlled WSID list
Service n°64 VGCS security
Service n°65 VBS security
Service n°66 WLAN Reauthentication Identity
Service n°67 Multimedia Messages Storage
Service n°68 Generic Bootstrapping Architecture (GBA)
Service n°69 MBMS security
Service n°70 Data download via USSD and USSD application mode
Service n°71 Equivalent HPLMN
Service n°72 Additional TERMINAL PROFILE after UICC activation
Service n°73 Equivalent HPLMN Presentation Indication
Service n°74 Last RPLMN Selection Indication
Service n°75 OMA BCAST Smart Card Profile
Service n°76 GBA-based Local Key Establishment Mechanism
Service n°77 Terminal Applications
Service n°78 Service Provider Name Icon
Service n°79 PLMN Network Name Icon
Service n°80 Connectivity Parameters for USIM IP connections
Service n°81 Home I-WLAN Specific Identifier List
Service n°82 I-WLAN Equivalent HPLMN Presentation Indication
Service n°83 I-WLAN HPLMN Priority Indication
Service n°84 I-WLAN Last Registered PLMN
Service n°85 EPS Mobility Management Information
Service n°86 Allowed CSG Lists and corresponding indications
Service n°87 Call control on EPS PDN connection by USIM
Service n°88 HPLMN Direct Access
Service n°89 eCall Data
Service n°90 Operator CSG Lists and corresponding indications
Service n°91 Support for SM-over-IP
Service n°92 Support of CSG Display Control
Service n°93 Communication Control for IMS by USIM
Service n°94 Extended Terminal Applications
Service n°95 Support of UICC access to IMS
Service n°96 Non-Access Stratum configuration by USIM
Service n°97 PWS configuration by USIM
Service n°98 RFU
Service n°99 URI support by UICC
Service n°100 Extended EARFCN support
Service n°101 ProSe
Service n°102 USAT Application Pairing

Particular note: when looking at the EFUST service list above this should not be taken as all the services that may be allocated and activated on modules in a UICC. GSM EFSST (sim service table) has particular services unique to GSM SIM (GSM 11.11), such as Service n°29: Proactive SIM which does not appear in the EFUST list. And if Service n°29: Proactive SIM is important to an investigation (and it can be) it is worth the reminder to look at GSM 11.14 (sim application toolkit) that adds services and most importantly "capabilities" between SIM and smartphone. Perhaps you might think, such as, how this can assist an investigation? My responses is consider (a) man-in-the-middle attacks (b) crime (c) cybercrime.

There has been an abundance in the growth of elementary files, too, in USIM Releases 12/13. The increase in access to varying networks by smartphones and tablets has meant the technical, privacy, commercial and monetisation influences how a subscriber latches and attaches to networks. The relevance being recovered message data for instance requires understanding and identifying how the data got there via which particular network access point etc.

3GPP TS 31.102 V12.10.0 (2016-01)
4 Contents of the Files 18
4.1 Contents of the EFs at the MF level 18
4.2 Contents of files at the USIM ADF (Application DF) level 18
4.2.1 EFLI (Language Indication) 18
4.2.2 EFIMSI (IMSI) 19
4.2.3 EFKeys (Ciphering and Integrity Keys) 20
4.2.4 EFKeysPS (Ciphering and Integrity Keys for Packet Switched domain) 21
4.2.5 EFPLMNwAcT (User controlled PLMN selector with Access Technology) 21
4.2.6 EFHPPLMN (Higher Priority PLMN search period) 22
4.2.7 EFACMmax (ACM maximum value) 23
4.2.8 EFUST (USIM Service Table) 25
4.2.9 EFACM (Accumulated Call Meter) 27
4.2.10 EFGID1 (Group Identifier Level 1) 28
4.2.11 EFGID2 (Group Identifier Level 2) 28
4.2.12 EFSPN (Service Provider Name) 28
4.2.13 EFPUCT (Price per Unit and Currency Table) 29
4.2.14 EFCBMI (Cell Broadcast Message identifier selection) 30
4.2.15 EFACC (Access Control Class) 31
4.2.16 EFFPLMN (Forbidden PLMNs) 31
4.2.17 EFLOCI (Location Information) 32
4.2.18 EFAD (Administrative Data) 33
4.2.19 Void 35
4.2.20 EFCBMID (Cell Broadcast Message Identifier for Data Download) 35
4.2.21 EFECC (Emergency Call Codes) 36
4.2.22 EFCBMIR (Cell Broadcast Message Identifier Range selection) 37
4.2.23 EFPSLOCI (Packet Switched location information) 37
4.2.24 EFFDN (Fixed Dialling Numbers) 39
4.2.25 EFSMS (Short messages) 39
4.2.27 EFSMSP (Short message service parameters) 41
4.2.28 EFSMSS (SMS status) 43
4.2.29 EFSDN (Service Dialling Numbers) 43
4.2.30 EFEXT2 (Extension2) 44
4.2.31 EFEXT3 (Extension3) 44
4.2.32 EFSMSR (Short message status reports) 45
4.2.33 EFICI (Incoming Call Information) 45
4.2.34 EFOCI (Outgoing Call Information) 49
4.2.35 EFICT (Incoming Call Timer) 50
4.2.36 EFOCT (Outgoing Call Timer) 50
4.2.37 EFEXT5 (Extension5) 51
4.2.38 EFCCP2 (Capability Configuration Parameters 2) 51
4.2.39 EFeMLPP (enhanced Multi Level Precedence and Pre-emption) 52
4.2.40 EFAaeM (Automatic Answer for eMLPP Service) 53
4.2.41 Void 54
4.2.42 EFHiddenkey (Key for hidden phone book entries) 54
4.2.43 Void 54
4.2.44 EFBDN (Barred Dialling Numbers) 54
4.2.45 EFEXT4 (Extension4) 55
4.2.46 EFCMI (Comparison Method Information) 55
4.2.47 EFEST (Enabled Services Table) 56
4.2.48 EFACL (Access Point Name Control List) 56
4.2.49 EFDCK (Depersonalisation Control Keys) 57
4.2.50 EFCNL (Co-operative Network List) 57
4.2.51 EFSTART-HFN (Initialisation values for Hyperframe number) 59
4.2.52 EFTHRESHOLD (Maximum value of START) 59
4.2.53 EFOPLMNwACT (Operator controlled PLMN selector with Access Technology) 59
4.2.54 EFHPLMNwAcT (HPLMN selector with Access Technology) 60
4.2.55 EFARR (Access Rule Reference) 61
4.2.56 Void 62
4.2.57 EFNETPAR (Network Parameters) 62
4.2.58 EFPNN (PLMN Network Name) 64
4.2.59 EFOPL (Operator PLMN List) 65
4.2.60 EFMBDN (Mailbox Dialling Numbers) 66
4.2.61 EFEXT6 (Extension6) 67
4.2.62 EFMBI (Mailbox Identifier) 67
4.2.63 EFMWIS (Message Waiting Indication Status) 67
4.2.64 EFCFIS (Call Forwarding Indication Status) 69
4.2.65 EFEXT7 (Extension7) 70
4.2.66 EFSPDI (Service Provider Display Information) 70
4.2.67 EFMMSN (MMS Notification) 71
4.2.68 EFEXT8 (Extension 8) 73
4.2.69 EFMMSICP (MMS Issuer Connectivity Parameters) 73
4.2.70 EFMMSUP (MMS User Preferences) 76
4.2.71 EFMMSUCP (MMS User Connectivity Parameters) 77
4.2.72 EFNIA (Network's Indication of Alerting) 77
4.2.73 EFVGCS (Voice Group Call Service) 78
4.2.74 EFVGCSS (Voice Group Call Service Status) 80
4.2.75 EFVBS (Voice Broadcast Service) 80
4.2.76 EFVBSS (Voice Broadcast Service Status) 82
4.2.77 EFVGCSCA (Voice Group Call Service Ciphering Algorithm) 83
4.2.78 EFVBSCA (Voice Broadcast Service Ciphering Algorithm) 84
4.2.79 EFGBABP (GBA Bootstrapping parameters) 84
4.2.80 EFMSK (MBMS Service Keys List) 85
4.2.81 EFMUK (MBMS User Key) 86
4.2.82 Void 87
4.2.83 EFGBANL (GBA NAF List) 87
4.2.84 EFEHPLMN (Equivalent HPLMN) 88
4.2.85 EFEHPLMNPI (Equivalent HPLMN Presentation Indication) 88
4.2.86 EFLRPLMNSI (Last RPLMN Selection Indication) 89
4.2.87 EFNAFKCA (NAF Key Centre Address) 89
4.2.88 EFSPNI (Service Provider Name Icon) 90
4.2.89 EFPNNI (PLMN Network Name Icon) 91
4.2.90 EFNCP-IP (Network Connectivity Parameters for USIM IP connections) 91
4.2.91 EFEPSLOCI (EPS location information) 94
4.2.92 EFEPSNSC (EPS NAS Security Context) 96
4.2.93 EFUFC (USAT Facility Control) 97
4.2.94 EFNASCONFIG (Non Access Stratum Configuration) 98
4.2.96 EFPWS (Public Warning System) 102
4.2.97 EFFDNURI (Fixed Dialling Numbers URI) 103
4.2.98 EFBDNURI (Barred Dialling Numbers URI) 104
4.2.99 EFSDNURI (Service Dialling Numbers URI) 104
4.2.100 EFIWL (IMEI(SV) White Lists) 105
4.2.101 EFIPS (IMEI(SV) Pairing Status) 106
4.2.102 EFIPD (IMEI(SV) of Pairing Device) 107

4.3 DFs at the USIM ADF (Application DF) Level 108
4.4 Contents of DFs at the USIM ADF (Application DF) level 108
4.4.1 Contents of files at the DF SoLSA level 108 EFSAI (SoLSA Access Indicator) 109 EFSLL (SoLSA LSA List) 109 LSA Descriptor files 112

4.4.2 Contents of files at the DF PHONEBOOK level 113 EFPBR (Phone Book Reference file) 113 EFIAP (Index Administration Phone book) 115 EFADN (Abbreviated dialling numbers) 116 EFEXT1 (Extension1) 119 EFPBC (Phone Book Control) 120 EFGRP (Grouping file) 121 EFAAS (Additional number Alpha String) 122 EFGAS (Grouping information Alpha String) 123 EFANR (Additional Number) 123 EFSNE (Second Name Entry) 125 EFCCP1 (Capability Configuration Parameters 1) 125 Phone Book Synchronisation 126 EFUID (Unique Identifier) 126 EFPSC (Phone book Synchronisation Counter) 127 EFCC (Change Counter) 128 EFPUID (Previous Unique Identifier) 128 EFEMAIL (e-mail address) 129 Phonebook restrictions 130 EFPURI (Phonebook URIs) 130

4.4.3 Contents of files at the DF GSM-ACCESS level  (Files required for GSM Access) 131 EFKc (GSM Ciphering key Kc) 131 EFKcGPRS (GPRS Ciphering key KcGPRS) 132 Void 132 EFCPBCCH (CPBCCH Information) 132 EFInvScan (Investigation Scan) 133
4.4.4 Contents of files at the MexE level 134 EFMexE-ST (MexE Service table) 134 EFORPK (Operator Root Public Key) 134 EFARPK (Administrator Root Public Key) 136 EFTPRPK (Third Party Root Public Key) 137 EFTKCDF (Trusted Key/Certificates Data Files) 138

4.4.5 Contents of files at the DF WLAN level 138 EFPseudo (Pseudonym) 138 EFUPLMNWLAN (User controlled PLMN selector for I-WLAN Access) 139 EFOPLMNWLAN (Operator controlled PLMN selector for I-WLAN Access) 139 EFUWSIDL (User controlled WLAN Specific Identifier List) 140 EFOWSIDL (Operator controlled WLAN Specific IdentifierList) 141 EFWRI (WLAN Reauthentication Identity) 141 EFHWSIDL (Home I-WLAN Specific Identifier List) 142 EFWEHPLMNPI (I-WLAN Equivalent HPLMN Presentation Indication) 143 EFWHPI (I-WLAN HPLMN Priority Indication) 143 EFWLRPLMN (I-WLAN Last Registered PLMN) 144 EFHPLMNDAI (HPLMN Direct Access Indicator) 144

4.4.6 Contents of files at the DF HNB level 145 Introduction 145 EFACSGL (Allowed CSG Lists) 145 EFCSGT (CSG Type) 148 EFHNBN (Home NodeB Name) 150 EFOCSGL (Operator CSG Lists) 150 EFOCSGT (Operator CSG Type) 152 EFOHNBN (Operator Home NodeB Name) 153
4.4.7 Void 153

4.4.8 Contents of files at the DF ProSe level 153 Introduction 153 EFPROSE_MON (ProSe Monitoring Parameters) 153 EFPROSE_ANN (ProSe Announcing Parameters) 154 EFPROSEFUNC (HPLMN ProSe Function) 155 EFPROSE_RADIO_COM (ProSe Direct Communication Radio Parameters) 156 EFPROSE_RADIO_MON (ProSe Direct Discovery Monitoring Radio Parameters) 157 EFPROSE_RADIO_ANN (ProSe Direct Discovery Announcing Radio Parameters) 158 EFPROSE_POLICY (ProSe Policy Parameters) 158 EFPROSE_PLMN (ProSe PLMN Parameters) 160 EFPROSE_GC (ProSe Group Counter) 161 EFPST (ProSe Service Table) 162 EFPROSE_UIRC (ProSe UsageInformationReportingConfiguration) 162

4.5 Contents of Efs at the TELECOM level 166
4.5.1 EFADN (Abbreviated dialling numbers) 166
4.5.2 EFEXT1 (Extension1) 166
4.5.3 EFECCP (Extended Capability Configuration Parameter) 166
4.5.4 EFSUME (SetUpMenu Elements) 166
4.5.5 EFARR (Access Rule Reference) 166
4.5.6 EFICE_DN (In Case of Emergency – Dialling Number) 167
4.5.7 EFICE_FF (In Case of Emergency – Free Format) 167
4.5.8 EFRMA (Remote Management Actions) 168
4.5.9 EFPSISMSC (Public Service Identity of the SM-SC) 168

4.6 Contents of DFs at the TELECOM level 168
4.6.1 Contents of files at the DFGRAPHICS level 169 EFIMG (Image) 169 EFIIDF (Image Instance Data Files) 170 EFICE graphics (In Case of Emergency – Graphics) 171 EFLAUNCH SCWS 171 EFICON 175

4.6.2 Contents of files at the DFPHONEBOOK under the DFTELECOM 176
4.6.3 Contents of files at the DFMULTIMEDIA level 176 EFMML (Multimedia Messages List) 176 EFMMDF (Multimedia Messages Data File) 179
4.7 Files of USIM 180

I will leave you to conclude whether you may think USIM has little or no relevance to an investigation.