XBOX 360 Forensics offers a fairly in-depth introduction into the world of Games Console Forensics and the tools and techniques required to carry out investigations into Next-Generation Games Consoles.
As popular gaming platforms become more and more sophisticated, using their own operating systems and accessing the Internet for various types of transactions, the potential for illegal and malicious activity is dramatically increasing.
Bolt starts the book with a detailed description of the XBOX 360 system, the setup process and how to sign up, and connect to, the social aspects of the XBOX 360 gaming experience: XBOX Live. It is this social outlet that is the main cause of concern for the population with news reports about paedophilia and child abuse stemming from meetings organised using the mail and chat functions inbuilt into the online portal.
Bolt does not provide much information on other crimes that can be committed using the console such as malicious activity as the result of installing a secondary operating system (for example, Linux), but the emphasis of the malicious potential is made quite clear and the need for a set method of investigating consoles is prominent.
With very little documentation on the investigation of consoles available to the investigator, Bolt has provided the perfect starter guide for forensic investigation all the way from acquisition through to analysis. Rather than just provide the tools and techniques, however, Bolt takes the reader along the journey of investigation and provides a very detailed walkthrough of the baseline contents of the XBOX 360 Hard Drive, explaining the various different file types (such as PIRS, LIVE and CON files) and sector locations of valuable information.
The guide describes the use of only a few tools but within this provides an in-depth and efficient investigation method to analyse the Hard Disk Drive. The tool that takes the spotlight in the investigation, Xplorer 360, is not strictly a Forensic tool but more of a console management tool used to connect the XBOX 360 to a Computer via the network and interact with it. it is interesting that this piece of software should provide a solution to the investigator to find artifacts previously unfound by the standard Forensic tools such as Guidance Software’s EnCase and AccessData’s Forensic Toolkit Imager. A criticism of the guide is that its main focus is on the Hard Disk Drive, which, while holding some of the user information and game saves, does not contain information of the operating system or memory stack. Bolt mentions that this information is held within specific hardware inside the console itself and it would seem prudent to provide methods to investigate these artifacts, especially when the need for Live Analysis is increasing.
The book does seem quite basic throughout, providing technical details that most investigators would probably be able to figure out for themselves, however, it is an easy read and one that would prove interesting to most who do not know much about the investigation of games consoles.
Book Title: XBOX 360 Forensics
Book Subtitle: A Digital Forensic Guide to Examining Artifacts
Author(s): Steven Bolt (Samuel Liles – Technical Editor)
Date of Publishing: 7th February 2011
Price: £36.99 (UK), $59.95 (USA) (423)