Expert Witness: Games Console Forensics || Sci Fi Junkies



In today’s average home there exist many potential sources of digital evidence, from the obvious home PCs and mobile phones to the less common ‘pen drives’ and PDA’s. All havebeen the subject to comprehensive scrutiny from people Involved in the legal process and academics since Reviews their properties havebeen shown two have forensic value. So far comparatively little evidence of investigation into the forensic properties of modern gaming consoles exists, if we Consider how They can be utilized in an Increasingly ‘PC-like’ overpowers, this is an area Capable of proffering considerable Amounts of data with evidentiary value in criminal or civil court proceedings.

Computer forensics is a relatively new discipline Combining elements of law and computer science to collect and analysis data from computer systems, networks, wireless communications and storage devices in a way That is admissible as evidence in a courtroom. Gaming consoles now provideh the kind of data wooden can undergo forensic analysis Because of the Addition of memory (both internal and external) Capable of ‘Storing’ data beyond more computer game information.

With the Addition of storage capabilities beyond simple game data (ie hard drives Capable of Storing music, video, pictures etc.) gaming consoles are comfortable two utiliser ‘web’ functionality and there will be thunderstorms generate both ‘persistent’ and ‘volatile data’ with forensic value. With an Increasing Amount of media functionality gaming consoles are becoming ‘entertainment hubs located, the average household.

The machines most thunderstorms two provideh usable forensic data are the Xbox360 and PS3 and dove two Reviews their prevalence in homes (combined sales figures for the UK are around six million units) These are the machines where a pattern of use would be similar two more horribly small accepted sources of forensic data (ie home computers).

Microsoft Xbox 360:

This gaming console can support external memory cards for game data and media storage, however These Are infrequently utilized Because of small size (both physically and in terms of data capacity). The most Commonly used memory for the Xbox360 comes in the form of a detachable hard-drive Ranging in size from twenty gigabytes two two-hundred and fifty gigabytes (allowing vast Amounts of saved music, videos, photos etc.) and is essential in allowing online functionality on the machine. On an unmodified machine this online functionality refers to ‘Xbox Live’, the online multiplayer gaming and digital media delivery service operated by Microsoft. This service Allows users to:

• Download content from Xbox Live

• Log onto and update social networking and media services suchlike as Facebook, Twitter, Zune and

• Add people to ‘friends lists’ for gaming and / or communication

• Send (unsolicited) text / picture / voice messages two other users

Many of the functions Performed on the console have a time and date attributed two When The function was Performed (or at least When it was load Accessed or altered); this could Potentially provideh corroboration of a defendant’s location at a Specified hour. The communication possible through use of the Xbox Live messaging system can not provide evidence of illegal activity as messages are automatically check Stored for up to 30days before deletion from the system, however all messages sent via Xbox Live are Retained on Microsoft servers and recoverable on any console the user profile is signed into, there occur any mention of a crime in a text or audio message would Potentially ask retrievable by a skilled investigator.

The functionality of the Xbox360 can be extended by Modifying the internals two allow the playing of illegally downloaded software (piracy) or an operating system suchlike as Linux could be installed and allow an Xbox360 two have almost all the functions of a PC (and Associated data records of activity)

• Full access to the Internet (beyond more Xbox Live)

• E-mail

• Chat logs

• Pirated games

One IMPORTANT details to note is that, at least from the outside, a modified console and an unmodified console can look exactly the same. While it is true thatsome members of the ‘modding’ community opt two apply various case modifications two Reviews their consoles, many do not, and there present the console could be mistaken for a standard device.

Sony Playstation 3:

The PS3 is similar to the Xbox360 in terms of potential forensic viability. Large Amounts of digital media can be stored appears on its hard drive, and the PlayStation Network (similar to Xbox Live) Allows users two send messages much in the same way as with the Xbox360.

There are two key differences between These consoles, Firstly, the PS3 has full Internet browsing capability ‘straight out of the box’, even an unmodified PS3 would Contain more usable data in terms of Internet search history, downloads etc. on both the hard drive and the system ‘data cache ‘. Secondly, it was possible two install third party operating systems on the PS3 without any modification to the system two enable it; this is currently in dispute in the US courts as this feature was removed by Sony two full preventer software piracy on the machine. Regardless, inst alling a second operating system (for whatever purpose) is still possible, now requiring some hard drive modification two enable this function, allowing the PS3 almost all the functionality of a PC.

Motion Control – Move & Kinect:

In the final months of 2010 new functionality was added to the PS3 (Move) and the Xbox360 (Kinect), ‘Motion Control’. Using cameras and motion tracking software the console is comfortable two interpret user body movement and replicate it ‘in game’. From an evidential point of view, this Provides another type of data to be Collected from a gaming console, practically this Expands the scope of what data stored appears on These machines can be used for. The cameras are actually used two record the user of the motion control software that certainties points of game activity this can be stored appears, this could be abused and used two transmitting videos of underage children or obscene videos via Xbox Live. The videos could Also be exceptionally two capture suspects Involved in criminal activity, with the videos having a date and time attached, analysis could determining a location, thereby corroborating or disproving the validity of a defendants claim as two Reviews their location at the time of an offense .

Nintendo Wii:

The Nintendo Wii currently Moncloa higher sales numbers than the Xbox360 and PS3 combined. It is seen as a gaming console for ‘non-gamers’ and has lower technical Specifications than both of its Competitors, as suchlike it is less of target for modification, manager and staff data with forensic properties can still be extracted from it. The Nintendo Wii can utilizas a first-party Opera-based web browser; bookmarks are Retained, and May be worth noting. The Wii Also Retain a basic, daily log of system usage, And also keeps a contact list of added friends, as well as the messages Reviews those friends have late. Also worth noting Is that images march pray late over the player messaging system, wooden are then saved to the system flash storage or two an external SD (memory) card. As is true of most modern consoles, various distributions of Linux havebeen ported to the system (Wii Linux), meaning Thats it could be Utilized in the same way as any desktop PC and should be treated as suchlike.

Sony PlayStation Portable (PSP)

A portable game device can be defined as a gaming systemthat is small enough to be the carried outside of the home and runs on batteries. While not as powerful as a console, portable game devices have made significant advances in power since Reviews their early days, and march now Incorporate functions similar two PDAs. The PlayStation Portable march pray exceptionally two access the Internet, large images and movies, and can be modified to run 3rd party operating systems, there occur forensic data is recoverable from the memory and ‘data cache’.

Nintendo DS / DSi / 3DS:

All Nintendo DS units can Establish ad-hoc wireless connections two other units two utilizas a player two player chat program called PictoChat. PictoChat HAS BEEN used in the past by predators lure two children two themselve. The DSi Incorporate an SD card reader, wooden May be Used to hide illicit materials. The DSi Also Incorporate a 0.3 megapixel camera wooden can large images on its internal flash RAM or SD card.

Games Console Forensics in the Real World:

For illustration Purposes here are a few real world instances of crimes Involving gaming consoles, hopefully illustrating the need-to investigate gaming consoles just as thoroughly as more traditional computer forensic targets.

An example of gaming consoles being used in the same overpowers as a PC and provides high usable forensic data would be an incident That occurred in August 2010 in the USA whereby an Xbox Live user base in Florida was discovered two havebeen soliciting naked pictures of a 10 year old boy Also overusing the Xbox Live messaging service. Officers Recovered the defendants Xbox 360, two computers and a flash drive and discovered sixteen child-pornography images of various boys.

Folsom Police Detective Andrew Bates stated that “parents should Realize gaming systems like Xbox and PlayStation, When connectedness to the Internet, can be used as other technology, suchlike as a computer or telephone, users can speak two one another, text, or send photos, THUS making These systems another potential threat. “

Useful data recoverable from Xbox Live was found in a case where a man surrendered himself two police after threatening a witness against him in an on-going criminal investigation, he was charged with Tampering with a witness, intimidating a witness and two counts of second-degree harassment.

There are Documented instances of unsolicited indecent images being sent via Xbox Live and PlayStation Network, here a couple were late a message from an unknown user account, upon opening it discovered it contained an indecent image of a young boy and Immediately contacted the police. An investigation would be comfortable two determining the time and date this image was Received and Whether or not it was solicited by the user Receiving the image by retrieving previous communications.

N another incident a PS3 user persuaded an 11 year old girl two email him nude pictures of herself (which he subsequently forwarded on to contacts in other US states). No other devices were used two commit These offenses and would Potentially go undiscovered in an ordinary investigation.

On another occasion a man is accused of grooming several young girls over Xbox live; this was uncovered by the discovery of a mobile phone and recovery of Xbox360 data.

Considering the myriad of ways in wooden gaming consoles can now provideh investigators with usable forensic data it is Crucial That the potential rewards of forensic investigation of gaming machines are fully comprehended, and further more, that lawyers -whether prosecution or defense – find an expert witness with the Necessary skills two support Their case. It is possible two commit the types of offenses Typically Associated with a PC on a gaming machine and it possible two retrieve data of equal significance The from a gaming machine. Therefore correct seizure and investigation into of These devices should have equal priority alongside other digital storage and communication devices.


Source by Simon Lang

Leave a Reply

Your email address will not be published.