XBOX 360 Forensics

A Digital Forensics Guide to Examining Artifacts

By

  • Steven Bolt, is a Computer Forensics Leader, and Instructor at the Defence Cyber Investigations Training Academy. He provides instruction and guidance to support the criminal investigators of the DoD and other federal investigators.

Game consoles have evolved to become complex computer systems that may contain evidence to assist in a criminal investigation. From networking capabilities to chat, voicemail, streaming video and email, the game consoles of today are unrecognizable from complex computer systems. With over 10 million XBOX 360s sold in the United States the likelihood that a criminal investigator encounters an XBOX 360 is a certainty. The digital forensics community has already begun to receive game consoles for examination, but there is no map for them to follow as there may be with other digital media. XBOX 360 Forensics provides that map and present the information for the examiners in an easy to read, easy to read format.
View full description

Audience

Computer forensic and incident response professionals. This includes LE, federal government, commercial/private sector contractors, consultants, etc.

 

Book information

  • Published: January 2011
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-623-0

Reviews

"A very timely reference for forensic examiners, with a wealth of tools and processes for all aspects of the Xbox console. The author takes a unique approach of not just relaying details, but guiding the reader along a forensic adventure to explore the Xbox 360."--Brian Baskin, Senior Consultant, cmdLabs

"Xbox 360 Forensics is a handy reference and a good introduction…. [T]his book is not a simple step-by-step walkthrough but a very good starting point for the reader’s own forensic investigations."--Computers and Security




Table of Contents

Chapter 1 The XBOX 360: Why We Need to be Concerned

Introduction

The XBOX 360

Criminal Uses of the XBOX 360

Poor Man’s Virtual Reality Simulator

Summary

References

Chapter 2 XBOX 360 Hardware

Getting Started with the XBOX 360

Technical Specifications

Hard Drive Disassembly

Summary

References

Chapter 3 XBOX LIVE

Introduction

What is XBOX Live?

Creating an XBOX Live Account and Getting Connected

Summary

References

Chapter 4 Configuration of the Console

Introduction

Getting Started

Network Configuration and Gamertag Recovery

Tour of the Dashboard, Profile Creation, and Gamertag Configuration

Connecting to XBOX Live

Joining XBOX Live

Summary

Chapter 5 Initial Forensic Acquisition and Examination

Imaging the Console Hard Drive

A First Look at the Contents of the Drive

Additional Information Located on the Drive

Summary

References

Chapter 6 Xbox 360 - Specific File Types

XBOX Content

Summary

References

Chapter 7 XBOX 360 Hard Drive

Initial Differences

Examination of the Post-System Updated Drive

PIRS Files After the Initial System Update

CON and LIVE File Examination

New Images Added After the System Update

Other Artifacts

Summary

Chapter 8 Post-System Update Drive Artifacts

Examining the XBOX 360 Hard Drive Using Xplorer360

Getting Started

Xplorer360 and the Post-System Update Drive

Cache Folder

Content Folder

Mindex folder

Summary

References

Chapter 9 XBOX Live Redemption Code and Facebook

XBOX Live

Redeeming the Prepaid Card

Facebook

XBOX Live Facebook Artifacts

Xplorer360 and Facebook

Summary

References

Chapter 10 Game Play

Gaming

Game Artifacts

Xplorer 360 and Game Artifacts

Cache Folder Analysis

XBOX Live Friends

Other Cache Files

Content Folder Changes

Summary

Chapter 11 Additional Files and Research Techniques

Introduction

Additional files, "player_configuration_cache.dat" and "preferences.dat"

Network Traffic Examination

Network Capture Box

Decompiling XEX Files

Additional Tools Available for Analysis

Summary

References

Appendix A Tools Used in this Research

Appendix B List of Products Used to Construct the Off the Shelf Capture Box

Appendix C Removal of the Hard Drive from the New XBOX 360 Slim and Artifacts Pertaining to Data Migration from One Drive to Another

Appendix D Other Publications