e-Security | Vol: 36-12014 © CyberSecurity Malaysia 2014 - All Rights Reserved 67 I was once given a mobile phone to be analysed for a criminal case several years ago. The case objective was to extract SMS text messages from the phone and to correlate the timestamp of SMS from the sender’s phone and the SMS from the receiver’s phone. What was supposed to be a simple analysis became complex as the timestamp correlation did not make sense at all. Further analysis on the timestamp found that there were actually three possibilities of how SMS timestamp were generated on the phone. When a SMS is received, the timestamp displayed on the SMS could be: • The timestamp of the sender’s phone device time • Timestamp of the telecommunication provider’s server time network time • Timestamp of the recipient’s phone device time Figure 1: Three 3 possibilities of timestamp generated for an SMS. Have you ever wondered which timestamp is displayed on your SMS? How do we determine which timestamp is generated on the SMS? In this article, I will present a simple analysis on three phone models and provide a conclusion from the analysis. Methodology The methodology of conducting this analysis is quite simple. The steps below show how the analysis is conducted: Preliminary Study on Timestamp Before we proceed to the next section, it is important for an analyst to understand the timestamp system. Mobile phones, in general, uses the Coordinated Universal Time UTC format. It is also known as Zulu time’ or ‘Z time’. UTC is 24-hour time, which begins at 00:00 at midnight. To obtain Malaysia’s local time known as GMT, we need to add 8 hours +8 to the UTC. The example of UTC to GMT calculation is as below: Figure 2: Converting UTC time to GMT time Analysis Finding Three phone models were used for the purposes of this study. The phones have been synchronised to the SIRIM standard time. The details are as follows: A Forensic Analysis on SMS Timestamp By | Nor Zarina Zainal Abidin e-Security | Vol: 36-12014 © CyberSecurity Malaysia 2014 - All Rights Reserved 68 The phones were then plugged into the .XRY and the SMS data was extracted from the phones. Analysis on Apple iPhone 4 GSM After synchronising the time to the standard time, SMS was sent from Phone A to Phone B and Phone C. The SMS timestamp shown in each phone is shown is the figures below: Analysis on Samsung GT-i9305 Galaxy S III In the next step, SMS was sent from Phone B to Phone A and Phone C. The SMS timestamps shown in each phone are displayed in the diagram below: Analysis on BlackBerry 9800 Torch In the final step, SMS was sent from Phone C to Phone A and Phone B. The SMS timestamps shown in each phone are displayed in the diagram below : No Model Operating System Telecommunication Provider Telco Label 1 Apple iPhone 4 GSM iOS Telco X Phone A 2 Samsung GT-i9305 Galaxy S III Android Telco Y Phone B 3 BlackBerry 9800 Torch Blackberry OS Telco Z Phone C Table 1: Mobile Phone details e-Security | Vol: 36-12014 © CyberSecurity Malaysia 2014 - All Rights Reserved 69 The following table provides a summarised view of the SMS timestamps for all the phones. Summary of Finding The forensic analysis conducted on the SMS timestamps from the three different phone models shows that: 1. Apple iPhone 4 GSM generates network timestamp for incoming SMS and device time for outgoing SMS. 2. Samsung GT-i9305 Galaxy S III records the device time for both incoming and outgoing text messages. 3. BlackBerry 9800 Torch Phone C records the device and network times for incoming text messages but only device time for outgoing text messages. No Mobile Phone Findings Time Incoming text messages Outgoing text messages 1. Apple iPhone 4 GSM Phone A Network Device

2. Samsung GT-

i9305 Galaxy S III Phone B Device Device

3. BlackBerry

9800 Torch Phone C Network Device Device Table 5: Summary of findings Conclusion Being a forensic analyst, one must be able to explain the meaning and significance what each data entails, especially the timestamp on a piece of data. This is important to ensure that data can be correctly correlated with each other, and at the end providing meaningful data to assist the investigation of a criminal case. ￭ iPhone 4 Samsung S III Blackberry Torch Outgoing SMS Timestamp Incoming SMS Timestamp 17102013 3:58:42 AM UTC Device 16102013 3:59:01 AM UTC Device • 17102013 3:59:17 AM UTC Device • 17102013 7:59:14 PM Network Table 2: Summarised table of timestamp for outgoing text messages from iPhone 4 Samsung S III iPhone 4 Blackberry Torch Outgoing SMS Timestamp Incoming SMS Timestamp 16102013 3:57:28 AM UTC Device 17102013 3:57:49 AM UTC Network • 17102013 3:57:54 AM UTC Device • 17102013 7:57:50 PM Network Table 3: Summarised table of timestamp for outgoing text messages from Samsung S III Blackberry Torch iPhone 4 Samsung S III Outgoing SMS Timestamp Incoming SMS Timestamp 17102013 4:00:37 AM UTC Device 17102013 4:00:43 AM UTC Network 16102013 4:00:28 AM UTC Device Table 4: Summarized table of timestamp for outgoing text messages from Blackberry Torch e-Security | Vol: 36-12014 © CyberSecurity Malaysia 2014 - All Rights Reserved 70 Modern cryptography entails security and adheres to the following basic paradigms and principles: 1. Confidentiality – information that cannot be understood by anyone other than for whom it was intended for. Thus, protecting the information from disclosure to unauthorised parties. 2. Integrity – the information cannot be altered in storage or transit between sender and intended receiver with such alterations being detected. 3. Non-Repudiation- the creator sender of the information will not be able to deny at a later stage of hisher intentions in the creation or transmission of the information 4. Authentication – the sender and receiver can verify each other’s identity and the origindestination of the information. ￭ CRYPTOGRAPHY In staying secure and safe, reliable encryption remains the foundation on which the trillion-dollar ediice of global e-commerce is built on. WHAT IS CRYPTOGRAPHY? The science of making codes and encoding information and transforming private data into an unreadable format in preventing parties with hostile interests from obtaining them WHERE IS CRYPTOGRAPHY? • Government • Spies • Financial Institutions • Security Agencies • and YOU WHY CRYPTOGRAPHY? Cryptography is an essential part of modern life. It allows users to protect the integrity of communications and the confidence of data without being held to ransom. WHO USES CRYPTOGRAPHY? Any type of business that are using computers will surely have data to protect By | Liyana Chew Nizam Chew