Forensic Analysis of Xbox Consoles

  • Paul Burke
  • Philip Craiger
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 242)

Abstract

Microsoft’s Xbox game console can be modified to run additional operating systems, enabling it to store gigabytes of non-game related files and run various computer services. Little has been published, however, on procedures for determining whether or not an Xbox console has been modified, for creating a forensic duplicate, and for conducting a forensic investigation. Given the growing popularity of Xbox systems, it is important to understand how to identify, image and examine these devices while reducing the potential of corrupting the media. This paper discusses Xbox forensics and provides a set of forensically-sound procedures for analyzing Xbox consoles.

Keywords

Xbox consoles forensic analysis 

References

  1. [1]
    H. Bögeholz, At your disservice: How ATA security functions jeopardize your data (http://www.heise.de/ct/english/05/08/172/), 2005.
  2. [2]
    P. Burke and P. Craiger, Xbox media MD5 hash list, National Center for Forensic Science, Orlando, Florida (http://www.ncfs.org/burke.craiger-xbox-media-hashlist.md5), 2006.
  3. [3]
    B. Carrier, The Sleuth Kit (http://www.sleuthkit.org).
  4. [4]
    P. Craiger, Recovering evidence from Linux systems, in Advances in Digital Forensics, M. Pollitt and S. Shenoi (Eds.), Springer, New York, pp. 233–244, 2005.Google Scholar
  5. [5]
    D. Dementiev, Defeating Xbox (utilizing DOS and Windows tools), unpublished manuscript (personal communication), 2006.Google Scholar
  6. [6]
    A. de Quincey and L. Murray-Pitts, Xbox partitioning and file system details (http://www.xbox-linux.org/wiki/Xbox_Partitioning_and_Filesystem_Details), 2006.
  7. [7]
    Microsoft Corporation, Gamers catch their breath as Xbox 360 and Xbox Live reinvent next-generation gaming (http://www.xbox.com/zh-SG/community/news/2006/20060510.htm), May 10, 2006.
  8. [8]
    B. Moolenaar, Vim (http://www.vim.org).
  9. [9]
    Samba.org, The Samba Project (http://www.samba.org).
  10. [10]
    SourceForge.net, Foremost version 1.4 (foremost.sourceforge.net).Google Scholar
  11. [11]
    SourceForge.net, The Xbox Linux Project (sourceforge.net/projects /xbox-linux).Google Scholar
  12. [12] SpeedBump, Xbox hard drive locking mechanism (http://www.xbox-linux.org/wiki/Xbox_Hard_Drive_LockingJVIechanism), 2002.
  13. [13]
    M. Steil, Differences between Xbox FATX and MS-DOS FAT (http://www.xbox-linux.org/wiki/Differences_betweenJXbox_FATX_andJVIS-DOS.FAT), 2003.
  14. [14]
    M. Steil, 17 mistakes Microsoft made in the Xbox security system (http://www.xbox-linux.org/wiki/17-Mistakes.MicrosoftJVIade_in_theJCbox_Security_System), 2005.
  15. [15]
    USB Implementers Forum, Universal Serial Bus Mass Storage Class Specification Overview (Revision 1.2) (http://www.usb.org/developers/devclass-docs/usbjnsc-overview-l.2.pdf), 2003.
  16. [16]
    C. Vaughan, Xbox security issues and forensic recovery methodology (utilizing Linux), Digital Investigation, vol. 1(3), pp. 165–172, 2004.CrossRefGoogle Scholar
  17. [17] Xbox Linux Project, Clock loop problem HOWTO (http://www.xboxlinux.org/wiki/Clock_Loop_ProblemHOWTO), 2006.
  18. [18] Xbox Linux Project, Xbox Linux boot CD/DVD burning HOWTO (http://www.xbox-linux.org/wiki/Xbox_Linux_Boot-CD/DVDJ3urning_HOWTO), 2006.
  19. [19] Xbox Linux Project, Xebian (http://www.xbox-linux.org/wiki/Xebian), 2006.

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Paul Burke
    • 1
  • Philip Craiger
    • 2
    • 3
  1. 1.National Center for Forensic ScienceUniversity of Central FloridaOrlando
  2. 2.Engineering TechnologyUSA
  3. 3.Digital Evidence at the National Center for Forensic ScienceUniversity of Central FloridaOrlando

Personalised recommendations