XBOX 360 Forensics
A Digital Forensics Guide to Examining Artifacts
By- Steven Bolt, is a Computer Forensics Leader, and Instructor at the Defence Cyber Investigations Training Academy. He provides instruction and guidance to support the criminal investigators of the DoD and other federal investigators.
Game consoles have evolved to become complex computer systems that may contain evidence to assist in a criminal investigation. From networking capabilities to chat, voicemail, streaming video and email, the game consoles of today are unrecognizable from complex computer systems. With over 10 million XBOX 360s sold in the United States the likelihood that a criminal investigator encounters an XBOX 360 is a certainty. The digital forensics community has already begun to receive game consoles for examination, but there is no map for them to follow as there may be with other digital media. XBOX 360 Forensics provides that map and present the information for the examiners in an easy to read, easy to read format.
Paperback, 304 Pages
Published: January 2011
Imprint: Syngress
ISBN: 978-1-59749-623-0
Reviews
-
"A very timely reference for forensic examiners, with a wealth of tools and processes for all aspects of the Xbox console. The author takes a unique approach of not just relaying details, but guiding the reader along a forensic adventure to explore the Xbox 360." --Brian Baskin, Senior Consultant, cmdLabs"Xbox 360 Forensics is a handy reference and a good introduction . [T]his book is not a simple step-by-step walkthrough but a very good starting point for the readers own forensic investigations."-- Computers and Security
Contents
Chapter 1 The XBOX 360: Why We Need to be Concerned
Introduction
The XBOX 360
Criminal Uses of the XBOX 360Poor Mans Virtual Reality Simulator
SummaryReferences
Chapter 2 XBOX 360 HardwareGetting Started with the XBOX 360
Technical SpecificationsHard Drive Disassembly
SummaryReferences
Chapter 3 XBOX LIVEIntroduction
What is XBOX Live?Creating an XBOX Live Account and Getting Connected
SummaryReferences
Chapter 4 Configuration of the ConsoleIntroduction
Getting StartedNetwork Configuration and Gamertag Recovery
Tour of the Dashboard, Profile Creation, and Gamertag ConfigurationConnecting to XBOX Live
Joining XBOX LiveSummary
Chapter 5 Initial Forensic Acquisition and ExaminationImaging the Console Hard Drive
A First Look at the Contents of the DriveAdditional Information Located on the Drive
SummaryReferences
Chapter 6 Xbox 360 - Specific File TypesXBOX Content
SummaryReferences
Chapter 7 XBOX 360 Hard DriveInitial Differences
Examination of the Post-System Updated DrivePIRS Files After the Initial System Update
CON and LIVE File ExaminationNew Images Added After the System Update
Other ArtifactsSummary
Chapter 8 Post-System Update Drive ArtifactsExamining the XBOX 360 Hard Drive Using Xplorer360
Getting StartedXplorer360 and the Post-System Update Drive
Cache FolderContent Folder
Mindex folderSummary
ReferencesChapter 9 XBOX Live Redemption Code and Facebook
XBOX LiveRedeeming the Prepaid Card
FacebookXBOX Live Facebook Artifacts
Xplorer360 and FacebookSummary
ReferencesChapter 10 Game Play
GamingGame Artifacts
Xplorer 360 and Game ArtifactsCache Folder Analysis
XBOX Live FriendsOther Cache Files
Content Folder ChangesSummary
Chapter 11 Additional Files and Research TechniquesIntroduction
Additional files, "player_configuration_cache.dat" and "preferences.dat"Network Traffic Examination
Network Capture BoxDecompiling XEX Files
Additional Tools Available for AnalysisSummary
ReferencesAppendix A Tools Used in this Research
Appendix B List of Products Used to Construct the Off the Shelf Capture BoxAppendix C Removal of the Hard Drive from the New XBOX 360 Slim and Artifacts Pertaining to Data Migration from One Drive to Another
Appendix D Other Publications
