Sunday, August 06, 2023

Practical Digital Forensics (Book 2023)

Practical Digital Forensics. Forensic Lab Setup, Evidence Analysis, and Structured Investigation Across Windows, Mobile, Browser, HDD, and Memory ISBN: 9789355511454



Table of Contents

1. Introduction to Digital Forensics

Introduction

Structure

Objectives

Defining digital forensics

Digital forensics goals

Defining cybercrime

Sources of cybercrime

Computers in cybercrimes

Digital forensics categories

Computer forensics

Mobile forensics

Network forensics

Database forensics

Forensic data analysis

Digital forensics users

Law enforcement

Civil ligation

Intelligence and counterintelligence

Digital forensics investigation types

Forensics readiness

Type of digital evidence

User-created data

Machine and network-created data

Locations of electronic evidence

Chain of custody

Examination process

Seizure

Acquisition

Analysis

Reporting

Conclusion

Multiple choice questions/questions

Learning Section

Answers


See in extra comments below


2. Essential Technical Concepts

Introduction

Structure

Objectives

Decimal (Base-10)

Binary

Hexadecimal (Base-16)

Hexadecimal (Base-64)

Character encoding schema

File carving

File structure

Digital file metadata

Timestamps decoder

Hash analysis

Calculate file hash

System memory

Types of computer memory storage

Primary storage

RAM

ROM

Secondary storage

Backup storage

HDD

Hard disk storage

SSD

DCO and HPA

Considerations for data recovery

File system

NTFS

FAT

Environment for computing

Cloud computing

Software as a service (SaaS)

Platform as a service (SaaS)

Infrastructure as a service (SaaS)

Windows versions

Internet protocol (IP) address

Getting an IP address

Conclusion


3. Hard Disks and File Systems

Introduction

Structure

Objectives

Hard disk and file systems

File systems

Hard disk

Hard disk forensics

Analyzing the registry files

Conclusion


4. Requirements for a Computer Forensics Lab

Introduction

Structure

Objectives

Digital Forensic Lab

Physical requirements

Environment controls

Digital forensic equipment

Forensic hardware

Office electrical equipment

Networked devices

Forensic workstation

Commercial digital forensic workstations

Forensic software applications

Commercial forensics tools

Open-source forensic tools

Linux distributions

Virtualization

Lab information management system (LIMS)

Lab policies and procedures

Documentation

Lab accreditation

Conclusion


5. Acquiring Digital Evidence

Introduction

Structure

Objectives

Raw format

Advanced forensic format

EnCase: Expert witness transfers

Other file formats

Validation of forensic imaging files

Live memory acquisition

Virtual memory: Swap space

Challenges acquiring RAM

Administration privilege

Live RAM capturer

Magnet RAM capture

FTK imager

Acquiring nonvolatile memory

Hard disk acquisition

Acquiring physical resources

Logical acquisition

Sparse acquisition

Capturing hard drives using FTK imager

Network acquisition

Limitations of a forensic tool

Conclusion


6. Analysis of Digital Evidence

Introduction

Structure

Objectives

Arsenal Image Mounter

OSFMount

Autopsy

Analyzing RAM forensic image

Memoryze

Redline

Volatility framework

Conclusion


7. Windows Forensic Analysis

Introduction

Structure

Timeline analysis tools

File recovery

Undeleting files

Recycle bin forensics

Data carving

Associated user account action

Windows registry analysis

Windows registry architecture

Acquiring windows registry

Registry examination

Windows registry program keys

USB device forensics

Most recently used list

Network analysis

Windows shutdown time

UserAssist forensics

Printer registry information

File format identification

Windows thumbnail forensics

Windows 10 forensics

Notification area database

Cortana forensics

Conclusion


8. Web Browser and E-mail Forensics

Introduction

Structure

Objectives

Web browser forensics

Google chrome browser forensics

Top sites and shortcuts

Login data

Web data

Bookmarks

Bookmarks.bak

Cache folder

Mozilla Firefox Browser Forensics

Microsoft Edge browser forensics

Other Web browser investigation tools

Conclusion

References


9. E-mail Forensics

Introduction

Structure

Objectives

E-mails around us

E-mail communication steps

E-mail protocols

Examine e-mail headers

Reveal header information

View Gmail headers

View Outlook mail header

View Mozilla Thunderbird headers

View Outlook mail client header

Analyzing e-mail headers

Determine the sender’s geolocation and time zone

Conclusion


10. Anti-Forensics Techniques and Report Writing

Introduction

Structure

Objectives

Anti-forensics techniques

Digital Steganography

Text Steganography

Image Steganography

Audio-video Steganography

Network Steganography

Metadata manipulation

Encryption techniques

Disk encryption using open-source tools

Anonymity techniques

Digital forensic reports

Conclusion


11. Hands-on Lab Practical

Introduction

Lab 1: FTK imager

Lab 2: Magnet RAM capture

Lab 3: Memory forensics

Lab 4: Malware analysis

Lab 5: data hiding—Steganography

Lab 6: Recovering deleted files

Lab 7: Finding key evidence

Lab 8: Analyzing the registry for evidence

Lab 9: Analyzing Windows pre-fetch files for evidence

Lab 10: Browser forensics

Lab 11: Extracting EXIF data from graphics files

Index

Sunday, July 02, 2023

Device Access Platforms Visual Representation

Device Access Platforms Visual Representation

Back in 2016 I commented briefly about "Exploration - missing the micro-evidence" (https://trewmte.blogspot.com/2016/03/exploration-missing-micro-evidence.html) from which I have copied the image and pasted below.

Please bear in mind that when considering the 3 linked posts (below) with the architecture displayed in the image, it provides a relevant platform for you to visually start attributing where directory and elementary files will be found having first obtained the standard 3GPP TS 31.102 V18.1.0 (2023-06) which is freely available. 

USIM Expanded Directories and Files (https://trewmte.blogspot.com/2023/07/usim-expanded-directories-and-files.html)

USIM Expanded Capabilities Pt2 (https://trewmte.blogspot.com/2023/07/usim-expanded-capabilities-pt2.html)

USIM Expanded Capabilities Pt1 (https://trewmte.blogspot.com/2023/07/usim-expanded-capabilities-pt1.html)



Integrated embedded SIMs (eSIMs)

Integrated embedded SIMs (eSIMs)

As more and more devices and products are having eSIMS (embedded SIMs) integrated at the board and circuitry level keeping abreast of the latest specifications and standards are not always easy in a cloud and digital forensics or DFIR (Digital Forensics Incident Response) given we live in today's multi-tech society. 

The Machine-to-Machine (M2M) documents below will at least provide for you a list of the current versions of M2M Specifications.


Architecture Specifications

SGP.01 M2M eSIM Architecture

SGP.01 V4.3 Embedded SIM Remote Provisioning Architecture


Current versions of M2M Technical Specifications

SGP.02 eSIM Technical Specifications

SGP.02 V4.3 eSIM Technical Specification


Current versions of M2M Test Specifications

SGP.11 eSIM Test Specifications

SGP.11 v4.2.1  GP Test Suite SGP.11 v4.2.1


Current versions of M2M Compliance Specifications

SGP.16 M2M eSIM Compliance

SGP.16 v1.4 eSIM Compliance Specification


Current versions of M2M Security Evaluation of Integrated eUICC

SGP.08 GSMA Security Evaluation of Integrated eUICC

SGP.08 V1.1 Security Evaluation of Integrated eUICC

SGP.08 V1.2 Security Evaluation of Integrated eUICC based on PP-0084


Current versions of M2M Security Evaluation of Integrated eUICC based on PP-0117

SGP.18 GSMA Security Evaluation of Integrated eUICC based on PP-0117

SGP.18 V1.0 Security Evaluation of Integrated eUICC  Security Evaluation of Integrated eUICC based on PP-0117


Current versions of M2M GSMA eUICC Security Assurance Scheme

GSMA eUICC Security Assurance Specifications

SGP.06 V1.0 GSMA eUICC Security Assurance Principle

SGP.07 V1.0 GSMA eUICC Security Assurance Methodology


Current versions of M2M Protection Profile Specifications

SGP.05 M2M eSIM Protection Profile

SGP.05 V4.1 eSIM Protection Profile Specification


Current versions of M2M eUICC PKI Certificate Policy

SGP.14 eUICC PKI Certificate Policy V2.0

SGP.14 eUICC PKI Certificate Policy

USIM Expanded Directories and Files

 3GPP TS 31.102 V18.1.0 (2023-06)

3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Characteristics of the Universal Subscriber Identity Module (USIM) application (Release 18)

The expanded Directory Files (DFs) and Elementary Files (EFs) under the Master File (MF) take into account data and evidence that could be relevant to evidence in the areas of Mobile comms and content, IoT, WLAN, Satellite, Vehicle forensics, TV and so on.

Contents of the Files 24
Contents of the EFs at the MF level 24
Contents of files at the USIM ADF (Application DF) level 25
EFLI (Language Indication) 25
EFIMSI (IMSI) 25
EFKeys (Ciphering and Integrity Keys) 26
EFKeysPS (Ciphering and Integrity Keys for Packet Switched domain) 27
EFPLMNwAcT (User controlled PLMN selector with Access Technology) 27
EFHPPLMN (Higher Priority PLMN search period) 29
EFACMmax (ACM maximum value) 30
EFUST (USIM Service Table) 31
EFACM (Accumulated Call Meter) 35
EFGID1 (Group Identifier Level 1) 35
EFGID2 (Group Identifier Level 2) 36
EFSPN (Service Provider Name) 36
EFPUCT (Price per Unit and Currency Table) 37
EFCBMI (Cell Broadcast Message identifier selection) 38
EFACC (Access Control Class) 39
EFFPLMN (Forbidden PLMNs) 39
EFLOCI (Location Information) 40
EFAD (Administrative Data) 41
EFCBMID (Cell Broadcast Message Identifier for Data Download) 43
EFECC (Emergency Call Codes) 44
EFCBMIR (Cell Broadcast Message Identifier Range selection) 45
EFPSLOCI (Packet Switched location information) 45
EFFDN (Fixed Dialling Numbers) 47
EFSMS (Short messages) 47
EFMSISDN (MSISDN) 49
EFSMSP (Short message service parameters) 49
EFSMSS (SMS status) 51
EFSDN (Service Dialling Numbers) 51
EFEXT2 (Extension2) 52
EFEXT3 (Extension3) 52
EFSMSR (Short message status reports) 53
EFICI (Incoming Call Information) 53
EFOCI (Outgoing Call Information) 57
EFICT (Incoming Call Timer) 58
EFOCT (Outgoing Call Timer) 58
EFEXT5 (Extension5) 59
EFCCP2 (Capability Configuration Parameters 2) 59
EFeMLPP (enhanced Multi Level Precedence and Pre-emption) 60
EFAaeM (Automatic Answer for eMLPP Service) 61
EFHiddenkey (Key for hidden phone book entries) 62
EFBDN (Barred Dialling Numbers) 62
EFEXT4 (Extension4) 63
EFCMI (Comparison Method Information) 63
EFEST (Enabled Services Table) 64
EFACL (Access Point Name Control List) 64
EFDCK (Depersonalisation Control Keys) 65
EFCNL (Co-operative Network List) 65
EFSTART-HFN (Initialisation values for Hyperframe number) 67
EFTHRESHOLD (Maximum value of START) 67
EFOPLMNwACT (Operator controlled PLMN selector with Access Technology) 67
EFHPLMNwAcT (HPLMN selector with Access Technology) 68
EFARR (Access Rule Reference) 69
EFNETPAR (Network Parameters) 70
EFPNN (PLMN Network Name) 72
EFOPL (Operator PLMN List) 73
EFMBDN (Mailbox Dialling Numbers) 74
EFEXT6 (Extension6) 74
EFMBI (Mailbox Identifier) 75
EFMWIS (Message Waiting Indication Status) 75
EFCFIS (Call Forwarding Indication Status) 77
EFEXT7 (Extension7) 78
EFSPDI (Service Provider Display Information) 79
EFMMSN (MMS Notification) 79
EFEXT8 (Extension 8) 81
EFMMSICP (MMS Issuer Connectivity Parameters) 82
EFMMSUP (MMS User Preferences) 84
EFMMSUCP (MMS User Connectivity Parameters) 85
EFNIA (Network's Indication of Alerting) 85
EFVGCS (Voice Group Call Service) 86
EFVGCSS (Voice Group Call Service Status) 88
EFVBS (Voice Broadcast Service) 88
EFVBSS (Voice Broadcast Service Status) 90
EFVGCSCA (Voice Group Call Service Ciphering Algorithm) 91
EFVBSCA (Voice Broadcast Service Ciphering Algorithm) 92
EFGBABP (GBA Bootstrapping parameters) 92
EFMSK (MBMS Service Keys List) 93
EFMUK (MBMS User Key) 94
EFGBANL (GBA NAF List) 95
EFEHPLMN (Equivalent HPLMN) 96
EFEHPLMNPI (Equivalent HPLMN Presentation Indication) 96
EFLRPLMNSI (Last RPLMN Selection Indication) 97
EFNAFKCA (NAF Key Centre Address) 97
EFSPNI (Service Provider Name Icon) 98
EFPNNI (PLMN Network Name Icon) 99
EFNCP-IP (Network Connectivity Parameters for USIM IP connections) 99
EFEPSLOCI (EPS location information) 102
EFEPSNSC (EPS NAS Security Context) 105
EF UFC (USAT Facility Control) 106
EFNASCONFIG (Non Access Stratum Configuration) 107
EFUICCIARI (UICC IARI) 112
EFPWS (Public Warning System) 113
EFFDNURI (Fixed Dialling Numbers URI) 114
EFBDNURI (Barred Dialling Numbers URI) 114
EFSDNURI (Service Dialling Numbers URI) 115
EFIPS (IMEI(SV) Pairing Status) 117
EFIPD (IMEI(SV) of Pairing Device) 118
EFePDGId (Home ePDG Identifier) 119
EFePDGSelection (ePDG Selection Information) 120
EFePDGIdEm (Emergency ePDG Identifier) 122
EFePDGSelectionEm (ePDG Selection Information for Emergency Services) 122
EFFromPreferred (From Preferred) 122
EFIMSConfigData (IMS Configuration Data) 123
EFTVCONFIG (TV Configuration) 123
EF3GPPPSDATAOFF (3GPP PS Data Off) 125
EF3GPPPSDATAOFFservicelist (3GPP PS Data Off Service List) 126
EFXCAPConfigData (XCAP Configuration Data) 126
EFEARFCNList (EARFCN list for MTC/NB-IOT UEs) 127
EFMuDMiDConfigData (MuD and MiD Configuration Data) 128
EFOCST ("Operator controlled signal threshold per access technology") 128
DFs at the USIM ADF (Application DF) Level 130
Contents of DFs at the USIM ADF (Application DF) level 131
Contents of files at the DF SoLSA level 131
EFSAI (SoLSA Access Indicator) 131
EFSLL (SoLSA LSA List) 131
LSA Descriptor files 134
Contents of files at the DF PHONEBOOK level 135
EFPBR (Phone Book Reference file) 136
EFIAP (Index Administration Phone book) 138
EFADN (Abbreviated dialling numbers) 138
EFEXT1 (Extension1) 141
EFPBC (Phone Book Control) 143
EFGRP (Grouping file) 144
EFAAS (Additional number Alpha String) 144
EFGAS (Grouping information Alpha String) 145
EFANR (Additional Number) 145
EFSNE (Second Name Entry) 147
EFCCP1 (Capability Configuration Parameters 1) 148
Phone Book Synchronisation 148
EFUID (Unique Identifier) 148
EFPSC (Phone book Synchronisation Counter) 149
EFCC (Change Counter) 150
EFPUID (Previous Unique Identifier) 151
EFEMAIL (e-mail address) 151
Phonebook restrictions152
EFPURI (Phonebook URIs) 152
Contents of files at the DF GSM-ACCESS level (Files required for GSM Access) 153
EFKc (GSM Ciphering key Kc) 154
EFKcGPRS (GPRS Ciphering key KcGPRS)  154
EFCPBCCH (CPBCCH Information) 155
EFInvScan (Investigation Scan) 156
Contents of files at the MexE level 156
EFMexE-ST (MexE Service table) 157
EFORPK (Operator Root Public Key) 157
EFARPK (Administrator Root Public Key) 159
EFTPRPK (Third Party Root Public Key) 160
EFTKCDF (Trusted Key/Certificates Data Files) 160
Contents of files at the DF WLAN level 161
EFPseudo (Pseudonym) 161
EFUPLMNWLAN (User controlled PLMN selector for I-WLAN Access) 162
EFOPLMNWLAN (Operator controlled PLMN selector for I-WLAN Access) 162
EFUWSIDL (User controlled WLAN Specific Identifier List) 163
EFOWSIDL (Operator controlled WLAN Specific IdentifierList) 164
EFWRI (WLAN Reauthentication Identity) 164
EFHWSIDL (Home I-WLAN Specific Identifier List) 165
EFWEHPLMNPI (I-WLAN Equivalent HPLMN Presentation Indication) 166
EFWHPI (I-WLAN HPLMN Priority Indication) 166
EFWLRPLMN (I-WLAN Last Registered PLMN) 167
EFHPLMNDAI (HPLMN Direct Access Indicator) 167
Contents of files at the DF HNB level 168
EFACSGL (Allowed CSG Lists) 168
EFCSGT (CSG Type) 171
EFHNBN (Home NodeB Name) 173
EFOCSGL (Operator CSG Lists) 173
EFOCSGT (Operator CSG Type) 175
EFOHNBN (Operator Home NodeB Name) 176
Contents of files at the DF ProSe level 176
EFPROSE_MON (ProSe Monitoring Parameters) 176
EFPROSE_ANN (ProSe Announcing Parameters) 177
EFPROSEFUNC (HPLMN ProSe Function) 178
EFPROSE_RADIO_COM (ProSe Direct Communication Radio Parameters) 179
EFPROSE_RADIO_MON (ProSe Direct Discovery Monitoring Radio Parameters) 181
EFPROSE_RADIO_ANN (ProSe Direct Discovery Announcing Radio Parameters) 182
EFPROSE_POLICY (ProSe Policy Parameters) 183
EFPROSE_PLMN (ProSe PLMN Parameters) 185
EFPROSE_GC (ProSe Group Counter)  186
EFPST (ProSe Service Table) 188
EFPROSE_UIRC (ProSe UsageInformationReportingConfiguration) 188
EFPROSE_GM_DISCOVERY (ProSe Group Member Discovery Parameters) 192
EFPROSE_RELAY (ProSe Relay Parameters) 193
EFPROSE_RELAY_DISCOVERY (ProSe Relay Discovery Parameters) 194
Contents of files at the DF ACDC level 197
EFACDC_LIST (ACDC List) 197
EFACDC_OS_CONFIG (ACDC OS configuration) 198
Contents of files at the DF TV level 199
EFTVUSD (TV User Service Description) 199
Contents of files at the DF5GS level 200
EF5GS3GPPLOCI (5GS 3GPP location information) 201
EF5GSN3GPPLOCI (5GS non-3GPP location information) 202
EF5GS3GPPNSC (5GS 3GPP Access NAS Security Context)  203
EF5GSN3GPPNSC (5GS non-3GPP Access NAS Security Context) 206
EF5GAUTHKEYS (5G authentication keys) 206
EFUAC_AIC (UAC Access Identities Configuration) 208
EFSUCI_Calc_Info (Subscription Concealed Identifier Calculation Information EF) 209
EFOPL5G (5GS Operator PLMN List) 211
EFSUPI_NAI (SUPI as Network Access Identifier) 212
EFRouting_Indicator (Routing Indicator EF) 213
EFURSP (URSP) 214
EFTN3GPPSNN (Trusted non-3GPP Serving network names list) 215
EFCAG (Pre-configured CAG information list EF) 216
EFSOR-CMCI (Steering Of Roaming - Connected Mode Control Information) 217
EFDRI (Disaster roaming information EF) 218
EF5GSEDRX (5GS eDRX Parameters) 219
EF5GNSWO_CONF (5G Non-Seamless WLAN Offload configuration) 220
EFMCHPPLMN (Multiplier Coefficient for Higher Priority PLMN search) 221
EFKAUSF_DERIVATION (KAUSF derivation configuration) 222
Contents of files at the DF SNPN level 222
EFPWS_SNPN (Public Warning System in SNPNs)  222
EFNID (Network Identifier for SNPN) 223
Contents of files at the DF 5G ProSe level 224
EF5G_PROSE_ST (5G ProSe Service Table) 224
EF5G_PROSE_DD (5G ProSe configuration data for direct discovery) 224
EF5G_PROSE_DC (5G ProSe configuration data for direct communication)  228
EF5G_PROSE_U2NRU (5G ProSe configuration data for UE-to-network relay UE)  230
EF5G_PROSE_RU (5G ProSe configuration data for remote UE)  234
EF5G_PROSE_UIR (5G ProSe configuration data for usage information reporting) 237
Contents of files at the DF 5MBS UE pre-configuration level  239
EF5MBSUECONFIG (5MBS UE pre-configuration) 239
EF5MBSUSD (5MBS User Service Description) 242
Contents of Efs at the TELECOM level 242
EFADN (Abbreviated dialling numbers) 243
EFEXT1 (Extension1) 243
EFECCP (Extended Capability Configuration Parameter) 243
EFSUME (SetUpMenu Elements) 243
EFARR (Access Rule Reference) 243
EFICE_DN (In Case of Emergency – Dialling Number) 243
EFICE_FF (In Case of Emergency – Free Format) 244
EFRMA (Remote Management Actions) 245
EFPSISMSC (Public Service Identity of the SM-SC) 245
Contents of DFs at the TELECOM level 245
List of DFs at the TELECOM level 245
Contents of files at the DFGRAPHICS level 246
EFIMG (Image) 246
EFIIDF (Image Instance Data Files) 247
EFICE_graphics (In Case of Emergency – Graphics) 248
Contents of files at the DFPHONEBOOK under the DFTELECOM 249
Contents of files at the DFMULTIMEDIA level 249
EFMML (Multimedia Messages List) 249
EFMMDF (Multimedia Messages Data File) 251
Contents of files at the DFMCS level 252
EFMST (MCS Service Table) 252
EFMCS_ CONFIG (MCS configuration data) 253
Contents of files at the DFV2X level 254
V2X configuration data related files 254
EFVST (V2X Service Table) 254
EFV2X_CONFIG (V2X configuration data) 255
EFV2XP_PC5 (V2X data policy over PC5) 255
EFV2XP_Uu (V2X data policy over Uu) 257

USIM Expanded Capabilities Pt2

USIM Expanded Capabilities Pt2

3GPP TS 31.102 V18.1.0 (2023-06)

3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Characteristics of the Universal Subscriber Identity Module (USIM) application (Release 18)

The following abbreviations apply. It is worth noting that with 5G whilst you may know what the acronym "PIN" stands for, do you know what "PINE" means (not appearing below)?

3GPP 3rd Generation Partnership Project
5GCN 5G Core Network
AC Access Condition
ACDC Application specific Congestion control for Data Communication
ACL APN Control List
ADF Application Dedicated File
AID Application Identifier
AK Anonymity key
ALW ALWays
AMF Authentication Management Field
AoC Advice of Charge
APN Access Point Name
ASME Access Security Management Entity
ASN.1 Abstract Syntax Notation One
AuC Authentication Centre
AUTN Authentication token
BDN Barred Dialling Number
BER-TLV Basic Encoding Rule - TLV
B-TID Bootstrapping Transaction Identifier
CAG Closed Access Group
CCP Capability Configuration Parameter
CK Cipher key
CLI Calling Line Identifier
CNL Co-operative Network List
CPBCCH COMPACT Packet BCCH
CS Circuit switched
DCK Depersonalisation Control Keys
DF Dedicated File
DO Data Object
EC-GSM-IoT Extended coverage in GSM for IoT
DUCK Discovery User Confidentiality Key
DUIK Discovery User Integrity Key
DUSK Discovery User Scrambling Key
eDRX Extended Discontinuous Reception
EARFCN Evolved Absolute Radio Frequency Channel Number
EF Elementary File
EPC Evolved Packet Core
ePDG Evolved Packet Data Gateway
EPS Evolved Packet System
FCP File Control Parameters
FFS For Further Study
FQDN Full Qualified Domain Name
GCI Global Cable Identifier
GLI Global Line Identifier
GSM Global System for Mobile communications
HE Home Environment
HNB Home NodeB
HeNB Home eNodeB
IARI IMS Application Reference Identifier
ICC Integrated Circuit Card
ICE In Case of Emergency
ICI Incoming Call Information
ICT Incoming Call Timer
ID Identifier
Idi Identity of the initiator
Idr Identity of the responder
IEI Information Element Identifier
IK Integrity key
IMSI International Mobile Subscriber Identity
IOPS Isolated E-UTRAN Operation for Public Safety
K USIM Individual key
KC Cryptographic key used by the cipher A5
KSI Key Set Identifier
LI Language Indication
LSA Localised Service Areas
LSB Least Significant Bit
MAC Message authentication code
MAC-A MAC used for authentication and key agreement
MAC-I MAC used for data integrity of signalling messages
MBMS Multimedia Broadcast/Multicast Service
MCC Mobile Country Code
MCData Mission Critical Data
MCPTT Mission Critical Push To Talk
MCS Mission Critical Services
MCVideo Mission Critical Video
MexE Mobile Execution Environment
MF Master File
MGV-F MTK Generation and Validation Function
MICO Mobile Initiated Connection Only
MiD Multi-iDentity
MIKEY Multimedia Internet KEYing
MINT Minimization of Service Interruption
MM Multimedia Message
MMI Man Machine Interface
MMS Multimedia Messaging Service
MMSS MultiMode System Selection
MNC Mobile Network Code
MODE Indication packet switched/circuit switched mode
MSB Most Significant Bit
MSK MBMS Service Key
MTC Machine Type Communications
MTK MBMS Traffic Key
MuD Multi-Device
MUK MBMS User Key
NAI Network Access Identifier
NB-IoT Narrowband IoT
NEV NEVer
ngKSI Key Set Identifier in 5G
NG-RAN Next Generation Radio Access Network
NID Network Identifier for SNPN
NPI Numbering Plan Identifier
NSI Network Specific Identifier
NSWO Non-Seamless WLAN Offload
OCI Outgoing Call Information
OCST Operator Contolled Signal Threshold per Access Technology
OCT Outgoing Call Timer
PBID Phonebook Identifier
PGK ProSe Group Key
PIN Personal Identification Number
PL Preferred Languages
PS Packet switched
PSDK Public Safety Discovery Key
PS_DO PIN Status Data Object
PSM Power Saving Mode
PTK ProSe Traffic Key
RAND Random challenge
RANDMS Random challenge stored in the USIM
RES User response
RFU Reserved for Future Use
RLOS Restricted Local Operator Services
RST Reset
SDN Service dialling number
SE Security Environment
SENSE Signal level Enhanced Network SElection
SEQp Sequence number for MGV-F stored in the USIM
SFI Short EF Identifier
SGSN Serving GPRS Support Node
SN Serving Network
SNPN Standalone Non-Public Network
SoLSA Support of Localised Service Areas
SOR-CMCI Steering of roaming connected mode control information
SQN Sequence number
SRES Signed RESponse calculated by a USIM
SUCI Subscription Concealed Identifier
SUPI Subscription Permanent Identifier
SW Status Word
TLV Tag Length Value
TMGI Temporary Mobile Group Identity
TV Television
UAC Unified Access Control
URSP UE Route Selection Policy
USAT USIM Application Toolkit
USD User Service Description
USIM Universal Subscriber Identity Module
V2X Vehicle-to-Everything
VLR Visitor Location Register
WLAN Wireless Local Area Network
WSID WLAN Specific Identifier
XRES Expected user RESponse


USIM Expanded Capabilities Pt1

3GPP TS 31.102 V18.1.0 (2023-06)

3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Characteristics of the Universal Subscriber Identity Module (USIM) application (Release 18)

Updating past topics published here. EF-UST (148)

-Services EFUST (USIM Service Table)
Contents: Service n°1: Local Phone Book
Service n°2: Fixed Dialling Numbers (FDN)
Service n°3: Extension 2
Service n°4: Service Dialling Numbers (SDN)
Service n°5: Extension3
Service n°6: Barred Dialling Numbers (BDN)
Service n°7: Extension4
Service n°8: Outgoing Call Information (OCI and OCT)
Service n°9: Incoming Call Information (ICI and ICT)
Service n°10: Short Message Storage (SMS)
Service n°11: Short Message Status Reports (SMSR)
Service n°12: Short Message Service Parameters (SMSP)
Service n°13: Advice of Charge (AoC)
Service n°14: Capability Configuration Parameters 2 (CCP2)
Service n°15: Cell Broadcast Message Identifier
Service n°16: Cell Broadcast Message Identifier Ranges
Service n°17: Group Identifier Level 1
Service n°18: Group Identifier Level 2
Service n°19: Service Provider Name
Service n°20: User controlled PLMN selector with Access Technology
Service n°21: MSISDN
Service n°22: Image (IMG)
Service n°23: Support of Localised Service Areas (SoLSA)
Service n°24: Enhanced Multi-Level Precedence and Pre-emption Service
Service n°25: Automatic Answer for eMLPP
Service n°26: RFU
Service n°27: GSM Access
Service n°28: Data download via SMS-PP
Service n°29: Data download via SMS-CB
Service n°30: Call Control by USIM
Service n°31: MO-SMS Control by USIM
Service n°32: RUN AT COMMAND command
Service n°33: shall be set to '1'
Service n°34: Enabled Services Table
Service n°35: APN Control List (ACL)
Service n°36: Depersonalisation Control Keys
Service n°37: Co-operative Network List
Service n°38: GSM security context
Service n°39: CPBCCH Information
Service n°40: Investigation Scan
Service n°41: MexE
Service n°42: Operator controlled PLMN selector with Access Technology
Service n°43: HPLMN selector with Access Technology
Service n°44: Extension 5
Service n°45: PLMN Network Name
Service n°46: Operator PLMN List
Service n°47: Mailbox Dialling Numbers
Service n°48: Message Waiting Indication Status
Service n°49: Call Forwarding Indication Status
Service n°50: Reserved and shall be ignored
Service n°51: Service Provider Display Information
Service n°52 Multimedia Messaging Service (MMS)
Service n°53 Extension 8
Service n°54 Call control on GPRS by USIM
Service n°55 MMS User Connectivity Parameters
Service n°56 Network's indication of alerting in the MS (NIA)
Service n°57 VGCS Group Identifier List (EFVGCS and EFVGCSS)
Service n°58 VBS Group Identifier List (EFVBS and EFVBSS)
Service n°59 Pseudonym
Service n°60 User Controlled PLMN selector for I-WLAN access
Service n°61 Operator Controlled PLMN selector for I-WLAN access
Service n°62 User controlled WSID list
Service n°63 Operator controlled WSID list
Service n°64 VGCS security
Service n°65 VBS security
Service n°66 WLAN Reauthentication Identity
Service n°67 Multimedia Messages Storage
Service n°68 Generic Bootstrapping Architecture (GBA)
Service n°69 MBMS security
Service n°70 Data download via USSD and USSD application mode
Service n°71 Equivalent HPLMN
Service n°72 Additional TERMINAL PROFILE after UICC activation
Service n°73 Equivalent HPLMN Presentation Indication
Service n°74 Last RPLMN Selection Indication
Service n°75 OMA BCAST Smart Card Profile
Service n°76 GBA-based Local Key Establishment Mechanism
Service n°77 Terminal Applications
Service n°78 Service Provider Name Icon
Service n°79 PLMN Network Name Icon
Service n°80 Connectivity Parameters for USIM IP connections
Service n°81 Home I-WLAN Specific Identifier List
Service n°82 I-WLAN Equivalent HPLMN Presentation Indication
Service n°83 I-WLAN HPLMN Priority Indication
Service n°84 I-WLAN Last Registered PLMN
Service n°85 EPS Mobility Management Information
Service n°86 Allowed CSG Lists and corresponding indications
Service n°87 Call control on EPS PDN connection by USIM
Service n°88 HPLMN Direct Access
Service n°89 eCall Data
Service n°90 Operator CSG Lists and corresponding indications
Service n°91 Support for SM-over-IP
Service n°92 Support of CSG Display Control
Service n°93 Communication Control for IMS by USIM
Service n°94 Extended Terminal Applications
Service n°95 Support of UICC access to IMS
Service n°96 Non-Access Stratum configuration by USIM
Service n°97 PWS configuration by USIM
Service n°98 RFU
Service n°99 URI support by UICC
Service n°100 Extended EARFCN support
Service n°101 ProSe
Service n°102 USAT Application Pairing
Service n°103 Media Type support
Service n°104 IMS call disconnection cause
Service n°105 URI support for MO SHORT MESSAGE CONTROL
Service n°106 ePDG configuration Information support
Service n°107 ePDG configuration Information configured
Service n°108 ACDC support
Service n°109 Mission Critical Services
Service n°110 ePDG configuration Information for Emergency Service support
Service n°111 ePDG configuration Information for Emergency Service configured
Service n°112 eCall Data over IMS
Service n°113 URI support for SMS-PP DOWNLOAD as defined in
Service n°114 From Preferred
Service n°115 IMS configuration data
Service n°116 TV configuration
Service n°117 3GPP PS Data Off
Service n°118 3GPP PS Data Off Service List
Service n°119 V2X
Service n°120 XCAP Configuration Data
Service n°121 EARFCN list for MTC/NB-IOT UEs
Service n°122 5GS Mobility Management Information
Service n°123 5G Security Parameters
Service n°124 Subscription identifier privacy support
Service n°125 SUCI calculation by the USIM
Service n°126 UAC Access Identities support
Service n°127 Control plane-based steering of UE in VPLMN
Service n°128 Call control on PDU Session by USIM
Service n°129 5GS Operator PLMN List
Service n°130 Support for SUPI of type NSI or GLI or GCI
Service n°131 3GPP PS Data Off separate Home and Roaming lists
Service n°132 Support for URSP by USIM
Service n°133 5G Security Parameters extended
Service n°134 MuD and MiD configuration data
Service n°135 Support for Trusted non-3GPP access networks by USIM
Service n°136 Support for multiple records of NAS security context storage for multiple registration
Service n°137 Pre-configured CAG information list
Service n°138 SOR-CMCI storage in USIM
Service n°139 5G ProSe
Service n°140 Storage of disaster roaming information in USIM
Service n°141 Pre-configured eDRX parameters
Service n°142 5G NSWO support
Service n°143 PWS configuration for SNPN in USIM
Service n°144 Multiplier Coefficient for Higher Priority PLMN search via NG-RAN satellite access
Service n°145 KAUSF derivation configuration
Service n°146 Network Identifier for SNPN (NID)
Service n°147 5MBS UE pre-configuration
Service n°148 UE configured for using "Operator controlled signal threshold per access technology