ebook img

XBOX 360 Forensics: A Digital Forensics Guide to Examining Artifacts PDF

305 Pages·2011·4.66 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview XBOX 360 Forensics: A Digital Forensics Guide to Examining Artifacts

XBOX 360 Forensics This page intentionally left blank XBOX 360 Forensics XBOX 360 Forensics A Digital Forensics Guide to Examining Artifacts Steven Bolt Samuel Liles Technical Editor AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Syngress is an imprint of Elsevier Acquiring Editor: Angelina Ward Development Editor: Heather Scherer Project Manager: Sarah Binns Designer: Kristen Davis Syngress is an imprint of Elsevier 30 Corporate Drive, Suite 400, Burlington, MA 01803, USA © 2011 Elsevier, Inc. All rights reserved. XBOX 360 is a registered trademark of Microsoft. Xbox 360 Forensics is an independent publication and is not affiliated with, nor has it been authorized, sponsored, or otherwise approved by Microsoft Corporation. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: 978-1-59749-623-0 Printed in the United States of America 11 12 13 14 15 10 9 8 7 6 5 4 3 2 1 Typeset by: diacriTech, India For information on all Syngress publications visit our website at www.syngress.com I would like to dedicate this work to my wife, for believing in me and pushing me to follow my dreams, and to our children, who bring so much joy to our lives. Looking into my children’s eyes stirs such wondrous emotions, only a parent would understand the desire to protect that innocence and wonder. I would do anything to protect my family. And I know that same passion is shared within the law enforcement community. As a former law enforcement official, I was taught that I should strive to make my part of the world better than the way I received it. My hope is that with this book, I am placing the tools and information into the hands of the officials who continue the fight and continue to strive to improve their part of the world and protect the most innocent, the children. This page intentionally left blank Contents Acknowledgments .....................................................................................................xi About the Author ....................................................................................................xiii Chapter 1 the XBOX 360: Why We Need to Be Concerned ������������������������1 Introduction .....................................................................................1 The XBOX 360 ...............................................................................1 Criminal Uses of the XBOX 360 ....................................................4 Known Criminal Uses of Video Games .....................................4 Ways the XBOX 360 Is Used by Criminals ...............................5 Covert Channel of Communication ............................................6 Poor Man’s Virtual Reality Simulator .............................................7 Summary .........................................................................................7 References .......................................................................................7 Chapter 2 XBOX 360 hardware ���������������������������������������������������������������9 Getting Started with the XBOX 360 ...............................................9 Technical Specifications ................................................................12 Hard Drive Disassembly ...............................................................16 Summary .......................................................................................21 References .....................................................................................21 Chapter 3 XBOX Live ����������������������������������������������������������������������������23 Introduction ...................................................................................23 What Is XBOX Live? ....................................................................24 Creating an XBOX Live Account and Getting Connected ...........27 Creating a Live Account ...............................................................29 Summary .......................................................................................32 References .....................................................................................32 Chapter 4 Configuration of the Console ��������������������������������������������������35 Introduction ...................................................................................35 Getting Started ..............................................................................35 Network Configuration and Gamertag Recovery ..........................39 Tour of the Dashboard, Profile Creation, and Gamertag Configuration ............................................................................48 Connecting to XBOX Live ............................................................49 Joining XBOX Live .......................................................................55 Summary .......................................................................................60 vii vviiiiii Contents Chapter 5 Initial Forensic acquisition and examination ��������������������������61 Imaging the Console Hard Drive ..................................................61 A First Look at the Contents of the Drive .....................................67 Additional Information Located on the Drive ...............................82 Summary .......................................................................................90 References .....................................................................................90 Chapter 6 XBOX 360–Specific File types �����������������������������������������������91 XBOX Content ..............................................................................91 CON Files .................................................................................91 PIRS and LIVE Files ................................................................95 Recap of the XBOX 360–Specific File Types ........................100 Summary .....................................................................................103 References ...................................................................................103 Chapter 7 XBOX 360 hard Drive ����������������������������������������������������������105 Initial Differences ........................................................................105 Examination of the Post–System Updated Drive ........................106 PIRS Files After the Initial System Update ................................114 CON and LIVE File Examination ...............................................120 New Images Added After the System Update ............................129 Other Artifacts .............................................................................134 Summary .....................................................................................134 Chapter 8 post–System Update Drive artifacts �������������������������������������135 Examining the XBOX 360 Hard Drive Using Xplorer360 .........135 Getting Started ............................................................................136 Xplorer360 and the Post–System Update Drive .........................148 Cache Folder ...............................................................................161 Content Folder .............................................................................169 Mindex Folder .............................................................................184 Summary .....................................................................................185 References ...................................................................................186 Chapter 9 XBOX Live redemption Code and Facebook ��������������������������187 XBOX Live .................................................................................187 Redeeming the Prepaid Card .......................................................188 Facebook .....................................................................................190 XBOX Live Facebook Artifacts ..................................................196 Xplorer360 and Facebook ...........................................................203 Summary .....................................................................................215 Reference.....................................................................................215 Contents ix Chapter 10 Game play ��������������������������������������������������������������������������217 Gaming ........................................................................................217 Game Artifacts ............................................................................219 Xplorer360 and Game Artifacts ..................................................222 Cache Folder Analysis ................................................................224 XBOX Live Friends ....................................................................231 Other Cache Files ........................................................................232 Content Folder Changes ..............................................................234 Summary .....................................................................................243 Chapter 11 additional Files and research techniques ���������������������������245 Introduction .................................................................................245 Additional Files “player_configuration_cache.dat” and “preferences.dat” ....................................................................245 Network Traffic Examination ......................................................248 Network Capture Box .................................................................254 Decompiling XEX Files ..............................................................255 Additional Tools Available for Analysis .....................................263 Summary .....................................................................................268 Reference.....................................................................................268 appeNDIX a tools Used in this research �����������������������������������������������269 Guidance Software’s EnCase v. 6.16.2 (Forensic Application) ............................................................269 IDA Pro v. 6 (Used for Decompiling Files and Debugging) .......269 X-Ways Forensic v. 15.5 SR 4 (Forensic Application) ...............270 Wiebetech Write Blockers...........................................................270 Access Data’s Forensic Tool Kit v. 1.70.1 (Forensic Application) ............................................................270 wxPIRS (Used to Uncompress PIRS Files) ................................271 Xplorer360 ..................................................................................271 appeNDIX B List of products Used to Construct the Off-the-Shelf Capture Box ����������������������������������������������������273 appeNDIX C removal of the hard Drive from the New XBOX 360 Slim and artifacts pertaining to Data Migration from One Drive to another �����������������������������������������������������������275 Data Migration from One Drive to Another, a Short Note..........279 appeNDIX D Other publications ��������������������������������������������������������������281 Index ����������������������������������������������������������������������������������������������������������283

Description:
Game consoles have evolved to become complex computer systems that may contain evidence to assist in a criminal investigation. From networking capabilities to chat, voicemail, streaming video and email, the game consoles of today are unrecognizable from complex computer systems. With over 10 million
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.