Abstract
Microsoft’s Xbox game console can be modified to run additional operating systems, enabling it to store gigabytes of non-game related files and run various computer services. Little has been published, however, on procedures for determining whether or not an Xbox console has been modified, for creating a forensic duplicate, and for conducting a forensic investigation. Given the growing popularity of Xbox systems, it is important to understand how to identify, image and examine these devices while reducing the potential of corrupting the media. This paper discusses Xbox forensics and provides a set of forensically-sound procedures for analyzing Xbox consoles.
Chapter PDF
Similar content being viewed by others
Keywords
References
H. Bögeholz, At your disservice: How ATA security functions jeopardize your data (http://www.heise.de/ct/english/05/08/172/), 2005.
P. Burke and P. Craiger, Xbox media MD5 hash list, National Center for Forensic Science, Orlando, Florida (http://www.ncfs.org/burke.craiger-xbox-media-hashlist.md5), 2006.
B. Carrier, The Sleuth Kit (http://www.sleuthkit.org).
P. Craiger, Recovering evidence from Linux systems, in Advances in Digital Forensics, M. Pollitt and S. Shenoi (Eds.), Springer, New York, pp. 233–244, 2005.
D. Dementiev, Defeating Xbox (utilizing DOS and Windows tools), unpublished manuscript (personal communication), 2006.
A. de Quincey and L. Murray-Pitts, Xbox partitioning and file system details (http://www.xbox-linux.org/wiki/Xbox_Partitioning_and_Filesystem_Details), 2006.
Microsoft Corporation, Gamers catch their breath as Xbox 360 and Xbox Live reinvent next-generation gaming (http://www.xbox.com/zh-SG/community/news/2006/20060510.htm), May 10, 2006.
B. Moolenaar, Vim (http://www.vim.org).
Samba.org, The Samba Project (http://www.samba.org).
SourceForge.net, Foremost version 1.4 (foremost.sourceforge.net).
SourceForge.net, The Xbox Linux Project (sourceforge.net/projects /xbox-linux).
[12] SpeedBump, Xbox hard drive locking mechanism (http://www.xbox-linux.org/wiki/Xbox_Hard_Drive_LockingJVIechanism), 2002.
M. Steil, Differences between Xbox FATX and MS-DOS FAT (http://www.xbox-linux.org/wiki/Differences_betweenJXbox_FATX_andJVIS-DOS.FAT), 2003.
M. Steil, 17 mistakes Microsoft made in the Xbox security system (http://www.xbox-linux.org/wiki/17-Mistakes.MicrosoftJVIade_in_theJCbox_Security_System), 2005.
USB Implementers Forum, Universal Serial Bus Mass Storage Class Specification Overview (Revision 1.2) (http://www.usb.org/developers/devclass-docs/usbjnsc-overview-l.2.pdf), 2003.
C. Vaughan, Xbox security issues and forensic recovery methodology (utilizing Linux), Digital Investigation, vol. 1(3), pp. 165–172, 2004.
[17] Xbox Linux Project, Clock loop problem HOWTO (http://www.xboxlinux.org/wiki/Clock_Loop_ProblemHOWTO), 2006.
[18] Xbox Linux Project, Xbox Linux boot CD/DVD burning HOWTO (http://www.xbox-linux.org/wiki/Xbox_Linux_Boot-CD/DVDJ3urning_HOWTO), 2006.
[19] Xbox Linux Project, Xebian (http://www.xbox-linux.org/wiki/Xebian), 2006.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Burke, P., Craiger, P. (2007). Forensic Analysis of Xbox Consoles. In: Craiger, P., Shenoi, S. (eds) Advances in Digital Forensics III. DigitalForensics 2007. IFIP — The International Federation for Information Processing, vol 242. Springer, New York, NY. https://doi.org/10.1007/978-0-387-73742-3_19
Download citation
DOI: https://doi.org/10.1007/978-0-387-73742-3_19
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-73741-6
Online ISBN: 978-0-387-73742-3
eBook Packages: Computer ScienceComputer Science (R0)