IPDR

a
 Definition: Internet Protocol Detail Record (IPDR) Analysis is a forensic

gm
technique to examine metadata of internet-based communications and
data sessions for investigative leads in cybercrimes, fraud, and other
criminal cases.

tt@
 Purpose: Tracks online activities, identifies suspects, establishes digital
timelines, and corroborates evidence in investigations involving internet
usage.

go
What is IPDR

an
up
hn
 Internet Protocol Detail Record: A record generated by Internet Service
jis

Providers (ISPs) or telecom operators documenting details of internet-

based activities (e.g., browsing, VoIP calls, app usage) from devices like
CMTS, OLT, or OLT EMS.

Key Components

 Subscriber Details: IP address, subscriber name, or account ID.

 Timestamp: Date, time, and duration of data session.
 Source/Destination: IP addresses or domain names of connected
servers/devices.
 Protocol: Type of internet protocol (e.g., HTTP, HTTPS, VoIP, FTP).
 Data Volume: Amount of data transferred (uplink/downlink, in bytes).
 Port Numbers: Identifies applications/services (e.g., Port 80 for HTTP,
5060 for SIP).
 Application Type: Indicates services used (e.g., WhatsApp, YouTube).
 Device Identifiers: IMEI (device) or IMSI (SIM) for mobile data sessions.

Source Devices

 CMTS (Cable Modem Termination System): Manages cable modem

connections for high-speed internet in cable networks.
 OLT (Optical Line Terminal): Endpoint in passive optical networks (PON)
for fiber-optic broadband, converting electrical signals to fiber-optic
signals.
  OLT EMS (Optical Line Terminal Element Management System):
Software for managing OLTs, collecting network performance data,
including IPDRs.

a
 Data Format: CSV, JSON, or proprietary formats (e.g., Cisco IPDR

gm
format).

Legal Framework in India

tt@
Governing Laws:

 Information Technology Act, 2000 (Amended 2008): Section 69 allows

go
monitoring of internet traffic; Section 69A for blocking content.
 Indian Telegraph Act, 1885: Section 5 permits interception with
government approval.

an
 Code of Criminal Procedure (CrPC), 1973: Section 92 for summoning
IPDRs.

up
 Privacy Protections: PUCL vs. Union of India (1997) and Justice K.S.
Puttaswamy vs. Union of India (2017) mandate oversight; IPDR access
requires magistrate or senior police officer approval (SP rank or above).
hn
 Court Admissibility: Certified under Section 65B of the Indian Evidence
Act, 1872, with ISP authentication.
jis

Types of IPDR Analysis

Session-Based Analysis:
 Examines individual data sessions (e.g., browsing, VoIP) for timestamps
and endpoints.
 Used to identify specific online activities or connections.

Location-Based Analysis:
 Maps IP addresses to geolocation using ISP or databases (e.g., MaxMind
GeoIP).
 Tracks user location via mobile data or Wi-Fi access points.

Application-Based Analysis:
 Identifies apps/services (e.g., WhatsApp) via port numbers or domain
names.
 Critical for cybercrimes involving OTT platforms.

Traffic Analysis:
 Analyses data volume and patterns without content.
 Detects anomalies (e.g., large data transfers indicating hacking).

Network Analysis:
 Maps connections between IP addresses to identify associates or
servers.
 Uses graph-based visualization for relationships.
Content Correlation:
 Cross-references IPDR with other evidence (e.g., server logs).
 Limited by encryption in apps like Signal.

a
gm
Major Techniques in IPDR Analysis

IP Address Geolocation:

tt@
 Process: Maps IP addresses to locations using databases.
 Accuracy: City-level for static IPs, less precise for mobile data.
 Tools: MaxMind GeoIP, IP2Location.

go
Protocol Analysis:
 Identifies protocols (e.g., TCP, UDP, SIP) to determine service type.
 Example: SIP (Port 5060) indicates VoIP calls.

an
Traffic Pattern Recognition:

up
 Detects unusual patterns (e.g., high data usage at odd hours).
 Uses statistical models or machine learning.
hn
Deep Packet Inspection (DPI):
 Examines packet headers to classify traffic (e.g., streaming vs.
browsing).
jis

 Limited by encryption; focuses on metadata.

Link Analysis:
 Maps IP address/domain connections to identify networks.
 Metrics: Frequency, centrality of nodes.

Temporal Analysis:
 Analyses timestamps to create activity timelines.
 Example: Correlating login times with cyberattack incidents.

Methods of IPDR Analysis

Manual Analysis:
 Process: Reviewing raw IPDR data in CSV/JSON using Excel or text
editors.
 Use Case: Small datasets or initial investigations.
 Limitation: Inefficient for large volumes.

Automated Analysis:
 Process: Uses forensic software to parse, filter, and visualize data.
 Tools: Wireshark, NetFlow Analyzer, Cellebrite Pathfinder.
 Advantage: Processes millions of records quickly.

Geospatial Analysis:
 Maps IP addresses or access points to locations.
  Tools: ArcGIS, QGIS.

Statistical Analysis:

a
 Applies metrics (e.g., data usage, session frequency) to detect outliers.

gm
 Tools: Python (Pandas, NumPy), R.

Machine Learning-Based Analysis:

tt@
 Uses algorithms to identify patterns or predict connections.
 Example: Clustering related IP addresses.
 Tools: Scikit-learn, TensorFlow.

go
Tools for IPDR analysis

Commercial Forensic Tools:

an
 Cellebrite Pathfinder: Integrates IPDR with CDR and device data.
 AccessData FTK: Analyzes IPDR for cybercrime investigations.

up
 Splunk: Processes large IPDR datasets with search and visualization.

Network Analysis Tools:

hn
 Wireshark: Captures packet-level data for protocol details.
 Maltego: Visualizes IP networks and relationships.
 NetFlow Analyzer: Monitors traffic patterns from CMTS/OLT.
jis

Open-Source Tools:
 Python Libraries: Pandas for parsing, Matplotlib for visualization.
 Tshark: Command-line Wireshark for scripted analysis.
 Gephi: Graph visualization for network analysis.

ISP Portals:
 Operator-specific platforms (e.g., Jio, BSNL) for law enforcement access.
 Secured with authentication and audit logs.

Geolocation Tools:
 MaxMind GeoIP: Maps IP addresses to locations.
 IP2Location: Provides city-level geolocation data.

Process of IPDR analysis

Data Acquisition:
 Requested from ISPs or devices (CMTS, OLT, OLT EMS) via Section 92
CrPC.
 Formats: CSV, JSON, or proprietary (e.g., Cisco IPDR format).

Data Normalization:
 Standardizes fields (e.g., IP formats, timestamps).
 Tools: Python scripts, Excel.
Data Filtering:
 Extracts relevant records (e.g., sessions during a cybercrime
timeframe).

a
 Uses SQL queries or software filters.

gm
Analysis and Visualization:
 Generates session logs, network graphs, or geolocation maps.

tt@
 Tools: Splunk, Maltego, Tableau.

Interpretation:
 Correlates IPDR findings with case details (e.g., IP linked to phishing

go
server).
 Validates with secondary evidence (e.g., server logs).

an
Reporting:
 Produces court-admissible reports certified under Section 65B, Indian
Evidence Act.

up
 Includes visualizations (e.g., traffic graphs, location maps).
hn
Advanced Technical Concepts

IP Address Types:
jis

 Static IP: Fixed address, easier to trace (e.g., servers).

 Dynamic IP: Assigned via DHCP(Dynamic host configuration protocol),
requires ISP logs for tracking.
 IPv4(32-bit) vs. IPv6: IPv6 (128-bit) complicates analysis due to larger
address space.

Network Address Translation (NAT):

 Challenge: Multiple devices share one public IP, obscuring users.
 Solution: ISP logs map private IPs to public IPs with timestamps.

Port Scanning and Enumeration:

 Identifies open ports/services (e.g., Port 3389 for RDP in hacking cases).
 Tools: Nmap, Wireshark.

Applications of IPDR Analysis

 Cybercrime: Tracks phishing, ransomware, or hacking via IP addresses

(e.g., 2022 Kerala bank phishing case).
 Fraud: Identifies scams by analysing data patterns (e.g., connections to
fraudulent servers).
 Terrorism: Maps VoIP or app-based coordination networks.
 Illegal Streaming: Detects unauthorized content via high data usage.
 Digital Forensics: Correlates IPDR with device data (e.g., browser
history).
Challenges

a
 Encryption: HTTPS and OTT apps obscure content, limiting analysis to
metadata.

gm
 Dynamic IPs: Frequent changes complicate tracking without ISP logs.
 Data Volume: Terabytes of data require advanced tools.
 Anonymization: VPNs or Tor mask IPs, needing traceback techniques.

tt@
 Legal Delays: Obtaining IPDRs involves bureaucratic approvals.
 Device Complexity: CMTS, OLT, and OLT EMS data formats vary,
requiring specialized parsing.

go
Recent Development

an
Questions

Q1. IPDR analysis is used for

A.
B.
Network performance monitoring
up
Identifying unauthorized network access or abnormal usage patterns
hn
C. Network traffic monitoring
D. d) All of the above
jis

Q2.Which statement about Internet Protocol Detail Record (IPDR) Analysis is

correct?

A. IPDR Analysis tracks voice call metadata, similar to CDR Analysis.

B. IPDR records include source and destination IP addresses for data
sessions.
C. IPDR Analysis can access the content of encrypted WhatsApp
messages.
D. IPDR data is generated only by mobile devices, not fixed-line networks.

Q3.Which device generates IPDR data in cable internet networks?

A. Optical Line Terminal (OLT)

B. Home Location Register (HLR)
C. Cable Modem Termination System (CMTS)
D. Equipment Identity Register (EIR)

Q4.Which tool is commonly used for geolocation mapping in IPDR Analysis?

A. Cellebrite UFED
B. MaxMind GeoIP
C. i2 Analyst’s Notebook
D. Wireshark
Q5. Which technique in IPDR Analysis identifies the type of application used
in a data session?

a
A. Temporal Analysis

gm
B. Protocol Analysis
C. Link Analysis
D. Geospatial Analysis

tt@
Q6.Which statement about the challenges of IPDR Analysis is true?

A. IPDR Analysis is unaffected by encrypted traffic.

go
B. Dynamic IP addresses complicate tracking in IPDR Analysis.
C. IPDR data is always stored in a standardized global format.
D. IPDR Analysis does not require legal approval in India.

an
IMEI Number

up
 Definition: The International Mobile Equipment Identity (IMEI) Number
is a unique 15-digit identifier assigned to every mobile device (e.g.,
hn
smartphones, tablets, modems) to distinguish it on cellular networks.
 Purpose: Enables device authentication, tracking, and forensic analysis
in investigations involving cybercrimes, theft, or terrorism.
jis

Structure of IMEI Number

 Format: 15 digits in four parts: TAC-FAC-SNR-CD.

 TAC (Type Allocation Code, 8 digits): Identifies device model and
manufacturer (e.g., 35-123456 for a specific model).
 FAC (Final Assembly Code, 2 digits): Indicates manufacturing facility
(optional, phased out in newer devices).
 SNR (Serial Number, 6 digits): Unique serial for the device.
 CD (Check Digit, 1 digit): Verifies number integrity using Luhn
algorithm.
 Example: 35123456-78-901234-5 (TAC: 35123456, FAC: 78, SNR:
901234, CD: 5).
 Variants:
 IMEISV (IMEI Software Version, 16 digits): Includes software version for
tracking updates.
 Dual SIM Devices: Two IMEIs, one per SIM slot.
 Storage: Embedded in device firmware; persists across SIM changes or
resets.
Technical Aspects

a
Device Authentication:
 IMEI sent to Equipment Identity Register (EIR) during network

gm
registration.
 EIR checks IMEI against whitelists (valid devices) or blacklists
(stolen/lost).

tt@
 Process: Device sends IMEI; EIR validates status.

Integration with CDR/IPDR:

 IMEI appears in Call Detail Records (CDR) for calls/SMS and Internet

go
Protocol Detail Records (IPDR) for data sessions.
 Links device to activities (e.g., call timestamps, data usage, cell tower
locations).

an
Device Binding:

up
 Tied to device hardware, not SIM (unlike IMSI); tracks device across SIM
changes.
 Example: IMEI remains constant when SIM is swapped.
hn
Verification:
 Luhn Algorithm validates IMEI (e.g., computes check digit).
jis

 Example: For 35123456789012, Luhn computes check digit (5).

Blacklisting:
 CEIR(Central equipment identity register) blocks IMEI of stolen/lost
devices, preventing network access.
 Process: User reports IMEI to police; DoT updates CEIR.

Tracking Capability

Active Device Tracking:

 IMEI links to cell tower data (Cell ID, LAC) in CDR/IPDR for location via
triangulation (50-200 meters urban, 1-5 km rural).
 Requires device to be powered on and connected.

Switched-Off Devices:
 No real-time tracking; no network connection.
 Historical Data: Last known location/timestamp in EIR or CDR/IPDR.
 Forensic Recovery: IMEI extracted from device memory post-seizure.

Passive Tracking:
 Network logs store IMEI activity (e.g., last registration) for
weeks/months.
 Example: Last cell tower connection before device was switched off.
Sources of IMEI

a
Device:
 Accessed via *#06#, device settings (About Phone), or packaging.

gm
 Stored in firmware; retrievable without SIM.

Telecom Records:

tt@
 Obtained via CDR/IPDR under Section 92 CrPC.
 Linked to subscriber activities.

Forensic Extraction:

go
 Retrieved from device memory using forensic tools.

Tools for IMEI Analysis

an
Forensic Tools:

up
 Cellebrite UFED: Extracts IMEI from device memory
 MSAB XRY: Retrieves IMEI and device data for forensic reports.
 Oxygen Forensics: Integrates IMEI with call logs and app data.
hn
Network Analysis Tools:
jis

 Maltego: Visualizes IMEI-linked communication networks.

 i2 Analyst’s Notebook: Maps device connections.

Open-Source Tools:
 Python Pandas: Parses IMEI in CDR/IPDR datasets.
 SQLite: Queries telecom records for IMEI.

Telecom Portals:
 Operator platforms (e.g., Airtel, Jio) provide IMEI via CDR/IPDR; law
enforcement access only.

CEIR Portal:
DoT’s CEIR verifies IMEI status for theft tracking.

Legal framework

Laws:
 Information Technology Act, 2000: Section 69 for device tracking.
 Indian Telegraph Act, 1885: Section 5 for interception.
 Code of Criminal Procedure (CrPC), 1973: Section 92 for IMEI records.
 Regulation: DoT mandates IMEI registration; CEIR blocks stolen
devices.
 Admissibility: IMEI evidence admissible under Section 65B, Indian
Evidence Act, 1872, with certification.
 Privatization: PUCL vs. Union of India (1997) and Justice K.S.
Puttaswamy vs. Union of India (2017) require magistrate/SP approval.
Challenges

a
 IMEI Spoofing: Criminals alter IMEI using software; illegal under DoT
rules.

gm
 Cloned Devices: Duplicate IMEIs confuse tracking; requires CDR/IPDR
cross-checking.
 Unregistered IMEIs: Imported phones evade CEIR.

tt@
 Legal Delays: Telecom record access involves bureaucracy.

Questions

go
Q1. If a person’s phone is lost, it is being used by another person with a new
sim. Which number is more useful to identify the phone

an
A) 12 digit IMEI number
B) 12 digit IMSI number

up
C) 15 digit IMEI number
D) 15 digit IMSI number
hn
Q2 What is meant by IMEI Number ?

A) International Mobile Equipment Identity

jis

B) Internet Monitoring Enabling Identifier

C) Initial machine Edited Image
D) Initial mobile Equipment Image

Q3.Which statement about the structure of an IMEI Number is correct?

A) IMEI consists of 15 digits divided into MCC, MNC, and MSIN.

B) The Type Allocation Code (TAC) in IMEI identifies the network operator.
C) IMEI includes a check digit verified using the Luhn algorithm.
D) Dual SIM devices have a single IMEI number for both SIM slots.

Q4.Which entity regulates IMEI registration in India?

A) Telecom Regulatory Authority of India (TRAI)

B) Department of Telecommunications (DoT)
C) Central Bureau of Investigation (CBI)
D) Indian Computer Emergency Response Team (CERT-In)

Q5.Which tool is primarily used to extract IMEI numbers from mobile devices
in forensic investigations?

A) MaxMind GeoIP
B) Cellebrite UFED
C) Wireshark
D) Splunk
Q6.Which statement about IMEI tracking capabilities is true?

A) IMEI can track a switched-off device in real-time.

a
B) IMEI is used to identify subscribers via KYC records.

gm
C) IMEI tracking is unaffected by device cloning.
D) IMEI links to cell tower data for location triangulation in CDR/IPDR

tt@
Q7. Where is the IMEI number stored on a mobile device?

A) SIM card
B) Memory card

go
C) Device firmware
D) Cloud storage

an
IMSI Number

 Definition: The International Mobile Subscriber Identity (IMSI) Number

up
is a unique 15-digit identifier stored in a SIM card to authenticate a
subscriber on a mobile network.
hn
 Purpose: Facilitates network authentication, subscriber identification,
and tracking in forensic investigations for cybercrimes, theft, or
terrorism.
jis

Structure of IMSI Number

 Format: 15 digits in three parts: MCC-MNC-MSIN.

 MCC (Mobile Country Code, 3 digits): Identifies country (e.g., 404 for
India).
 MNC (Mobile Network Code, 2-3 digits): Identifies operator (e.g., 10 for
Airtel, 862 for Jio).
 MSIN (Mobile Subscriber Identification Number, 9-10 digits): Unique
subscriber ID.
 Example: 404-10-1234567890 (MCC: 404, MNC: 10, MSIN:
1234567890).
 Storage: Embedded in SIM card’s secure integrated circuit; persists
across devices.
 Variants: Temporary IMSI (T-IMSI) for roaming; eSIMs use
programmable IMSIs for 5G/IoT.

Technical Aspects

Network Authentication:
 IMSI sent to Home Location Register (HLR) or Visitor Location Register
(VLR) during network registration.
 Authentication Centre (AuC) verifies IMSI using secret key (Ki) via
A3/A8 (GSM) or AES (4G/5G) algorithms.
  Process: Device sends IMSI; AuC generates triplet (RAND, SRES, Kc) for
validation.

a
Privacy Protection:

gm
 Temporary Mobile Subscriber Identity (TMSI) masks IMSI post-
authentication to prevent eavesdropping.
 TMSI changes frequently; IMSI used only at initial registration.

tt@
Integration with CDR/IPDR:
 IMSI appears in Call Detail Records (CDR) for calls/SMS and Internet
Protocol Detail Records (IPDR) for data sessions.

go
 Links subscriber to activities (e.g., call times, data usage, cell tower
locations).

an
eSIM and 5G:
 eSIMs store programmable IMSIs
 5G uses IMSI with Subscription Permanent Identifier (SUPI) for faster

up
authentication via NG-RAN(next generation radio access network)
 (IMSI) → SUPI → SUCI → NG-RAN → Network → (IMSI)
hn
SIM Binding:
 Tied to SIM card, not device (unlike IMEI); tracks subscriber across
jis

devices.
 Example: IMSI remains constant when SIM is moved to new phone.

Tracking Capability

Active Device Tracking:

 IMSI links to cell tower data (Cell ID, LAC) in CDR/IPDR for location via
triangulation (50-200 meters urban, 1-5 km rural).
 Requires device to be powered on and network-connected.

Switched-Off Devices:
 No real-time IMSI tracking when device is off; no network connection.
 Historical Data: Last known location/timestamp
 Forensic Recovery: IMSI extracted from SIM post-seizure, even if device
was off.

Passive Tracking:
 Network logs store IMSI activity (e.g., last registration) for
weeks/months.
 Example: Last cell tower connection before device was switched off.

Challenges

 SIM Cloning: Duplicated IMSIs cause network conflicts; detectable via

operator logs.
  Prepaid SIMs: Pre-2018 anonymous SIMs lack KYC, hindering
identification.


a
Encryption: OTT apps obscure content; IMSI limited to metadata.
 Roaming: T-IMSI obscures permanent IMSI; needs international

gm
cooperation.
 Legal Delays: Telecom record access involves bureaucratic processes.

tt@
Forensic Applications

 Subscriber Identification: Links IMSI to user via KYC for

cybercrime/fraud (e.g., 2022 Kerala bank phishing case).

go
 Location Tracking: Maps IMSI to cell towers for movement timelines.
 Network Analysis: Identifies associates via IMSI contacts in CDR/IPDR.

an
 Theft Recovery: Correlates IMSI with IMEI in Central Equipment
Identity Register (CEIR).
 Terrorism: Tracks SIM usage in terror networks (e.g., 26/11 Mumbai

up
attacks).

Tools for IMSI Number

hn
Forensic Tools:
jis

 Cellebrite UFED: Extracts IMSI from SIM cards; correlates with

CDR/IPDR for subscriber tracking.
 MSAB XRY: Retrieves IMSI and device data (e.g., call logs) for forensic
reports.
 Oxygen Forensics: Integrates IMSI with app data and location records.

Network Logs:
 HLR/VLR logs IMSI during registration; accessed with DoT approval.
 Device Extraction:
 Forensic tools retrieve IMSI from device memory if SIM is unavailable.

IMSI Catchers:
 Capture IMSI from active devices; used by law enforcement with
authorization.

Network Analysis Tools:

 Maltego: Visualizes IMSI-linked communication networks (e.g., call
patterns).
 i2 Analyst’s Notebook: Maps subscriber connections for complex cases.

Open-Source Tools:
 Python Pandas: Parses IMSI in CDR/IPDR datasets for analysis.
 SQLite: Queries telecom records for IMSI data.
Telecom Portals:
 Operator platforms (e.g., Jio, BSNL) provide IMSI via CDR/IPDR; law
enforcement access only.

a
gm
CEIR Portal:
 DoT’s CEIR links IMSI with IMEI for stolen device tracking.

tt@
IMSI Catchers:
 Devices like Stingrays capture IMSI from active devices; used sparingly
due to legal restrictions.

go
Sources of IMSI Number

SIM Card:

an
 Stored in secure memory; extracted via forensic tools.

up
Telecom Records:

 Obtained from operators (e.g., Airtel, Jio) via CDR/IPDR under Section
hn
92 CrPC.
 Linked to KYC details (name, address).
jis

Legal Framework

Laws:
 Information Technology Act, 2000: Section 69 for subscriber tracking.
 Indian Telegraph Act, 1885: Section 5 for interception.
 Code of Criminal Procedure (CrPC), 1973: Section 92 for IMSI records.
 Regulation: DoT mandates KYC for SIM registration, linking IMSI to
user identity.
 Admissibility: IMSI evidence admissible under Section 65B, Indian
Evidence Act, 1872, with certification.
 Privacy: PUCL vs. Union of India (1997) and Justice K.S. Puttaswamy
vs. Union of India (2017) require magistrate/SP approval.
 Difference between IMEI and IMSI

IMEI:
 Identifies: Physical device (e.g., smartphone, tablet).
 Storage: Device firmware.
 Structure: 15 digits (TAC-FAC-SNR-CD, e.g., 35123456-78-901234-5).
 Purpose: Device authentication, tracking, theft prevention.
 Persistence: Remains with device; unchanged by SIM swap.
 Forensic Role: Tracks device location, links to activities via CDR/IPDR.
 Example: Identifies phone used in 2022 Kerala phishing case.

IMSI:
 Identifies: Subscriber (SIM card).
  Storage: SIM card’s secure memory.
 Structure: 15 digits (MCC-MNC-MSIN, e.g., 404-10-1234567890).

a
 Purpose: Subscriber authentication, network access.
 Persistence: Tied to SIM; changes with SIM swap.

gm
 Forensic Role: Links subscriber to activities, identifies user via KYC.
 Example: Tracks user identity in terrorism cases.

tt@
Key Differences:
 “IMEI identifies the device, while IMSI identifies the subscriber.” (True:
Device vs. SIM-based.)
 “IMEI is used for subscriber KYC in India.” (False: IMSI links to KYC.)

go
 “IMSI persists across device changes, but IMEI does not.” (True: IMSI
tied to SIM.)
 “Both IMEI and IMSI appear in CDR/IPDR.” (True: For device and

an
subscriber tracking.)

up
Question

Q1. Which of these is not a part of IMSI Number ?

hn
A) MSN
B) MCC
jis

C) MNC
D) MIR

Q2.Which statement about the structure of an IMSI Number is correct?

A) IMSI consists of 15 digits divided into TAC, FAC, SNR, and CD.
B) The Mobile Country Code (MCC) in IMSI identifies the network
operator.
C) IMSI includes a 3-digit Mobile Network Code (MNC) for all operators.
D) The Mobile Subscriber Identification Number (MSIN) is unique to the
subscriber.

Q3. Which entity in a mobile network uses the IMSI for subscriber
authentication?

A) Equipment Identity Register (EIR)

B) Home Location Register (HLR)
C) Cable Modem Termination System (CMTS)
D) Optical Line Terminal (OLT)

Q4. Which statement about IMSI tracking capabilities is true?

A) IMSI can track a switched-off device in real-time.

B) IMSI links to cell tower data for location triangulation in CDR/IPDR.
C) IMSI is used to blacklist stolen devices in CEIR.
D) IMSI tracking is unaffected by SIM cloning.
Q5. Which statement about the difference between IMSI and IMEI is true?

A) IMSI identifies the device, while IMEI identifies the subscriber.

a
B) Both IMSI and IMEI are stored in the device firmware.

gm
C) IMSI persists across SIM changes, while IMEI does not.
D) IMSI links to subscriber KYC details, while IMEI does not.

tt@
Q6.Which statement about the challenges of IMSI Analysis is correct?

A) IMSI Analysis is unaffected by SIM cloning.

B) Temporary IMSI (T-IMSI) simplifies tracking in roaming scenarios.

go
C) Prepaid SIMs with KYC registration cannot be tracked using IMSI.
D) SIM cloning creates network conflicts detectable in IMSI Analysis.

an
up
hn
jis