Title: Forensics of a rogue base transceiver station

Authors: Ahmed Landry Sankara; Ramya Shah; Digvijaysinh Rathod

Addresses: School of Cyber Security and Digital Forensics, National Forensic Sciences University, Gandhinagar, Gujarat, India ' School of Cyber Security and Digital Forensics, National Forensic Sciences University, Gandhinagar, Gujarat, India ' School of Cyber Security and Digital Forensics, National Forensic Sciences University, Gandhinagar, Gujarat, India

Abstract: Mobile communication systems have become an integral part of daily life, and GSM networks are the most widely used telecommunication technology among mobile users in many nations. In recent years, the incidence of attacks with rogue BTS has risen unexpectedly, primarily in nations where GSM remains the primary telecommunications infrastructure. Using YateBTS as the BTS software, we simulated an attack scenario with IMSI catcher, calls/SMS spoofing and calls/SMS interception. Using forensic software such as EnCase and FTK, we examined Raspberry OS (a Linux-based operating system) and YateBTS. We gathered and recovered important artefacts related to user activity, user authentication activity, system calls messages from Blade RF, call logs, internet traffic log, custom SMS and BTS configurations that would be useful in a court of law. We can reconstruct the truth of the crime using the artefacts recovered. Law enforcement, computer forensic investigators, and the digital forensics research community will benefit greatly from the findings of this study.

Keywords: GSM; rogue BTS; SDR; YateBTS; BladeRF; BTS forensics; digital forensics; IMSI catcher; SMS spoofing; FTK; EnCase.

DOI: 10.1504/IJESDF.2023.129272

International Journal of Electronic Security and Digital Forensics, 2023 Vol.15 No.2, pp.124 - 142

Received: 05 Jan 2022
Accepted: 23 Mar 2022

Published online: 02 Mar 2023 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article