Xbox360
Forensics Toolkit
Name: John O'Brien
Course: M.Sc. in Security and Forensic Computing
ID: 59211931
Date: July 03rd 2012
Abstract
Revenue growth in the gaming
industry has grown exponentially in the last 10 years. As of January 18, 2010
sales of Modern Warfare 2 alone had reached over $1 billion. On November 11th
2011 Modern Warfare 3 (MW3) broke all previous sales records. In the US and UK
alone it sold 6.5 million copies in the first 24 hours after launch. It reached
$1bn in sales within 16 days of release. To put this in context, the movie Avatar
took 17 days to take $1bn at the box office. This makes MW3 the fastest selling
entertainment product of all time.
Due to the massive revenue
streams that are generated, the security of games consoles has become ever more
important to the industry. In order to prevent copyright infringement, piracy
and ensure that games consoles are used strictly for the purposes they were
designed; the security of the gaming system has become a high priority cog in
the revenue generating wheel.
On April 22nd 2011 Sony announced
that “An external intrusion on our system has affected our PlayStation Network (PSN)
and Qriocity services”. This was a very
serious security breach due to level of personal information stored on this
network. The network contained Name,
Address and in some cases credit card information of the games who use the
network. Sony did release a statement that “While there is no evidence at this
time that credit card data was taken, we cannot rule out the possibility”.
In
order to play games like MW3 and go online to the PSN or XBOX Live a user will
need a games console. While many security experts have focused on investigating
the game console’s anti piracy security this practicum will focus more on the
consoles hard disk drive.
Proposal
The Xbox360 console is little
more than is a standard PC with a proprietary operating system. They are traded
to shops and upgraded on a regular basis. The drives themselves are
"formatted" by the operating system whereby all data is deleted. From
observation the process of formatting is completed in too quick a time to
completely and securely wipe and zero the hard drive.
This project proposal is to build
a toolkit for the Xbox360 file system. This application will retrieve information
from the Microsoft Xbox360 Hard drive image. This will include information
about the drive, partitions and files that are contained within. In order to
build the module I will need to map out the Xbox360 file system. This involves identifying
file types, artefacts, sector and partition sizes. The toolkit will retrieve
data from the file system where possible. The ultimate goal is to identify if
information such as Social Network account details, video and picture files that
are located on the drive, XBOX Live account data (such as username, password
and credit card info where possible) and any other sensitive information about
the previous owner such as name and address. Once this information and
artefacts have been identified the toolkit file carving functionality can be
used to extract and gather this information and present it to the forensic
examiner.
Deliverables
This
thesis will contribute a new template for the 010 Editor to read the XFAT file
system as well as a toolkit for examination of the Xbox360 drive. It will then
use this module to attempt to address the following question: Are there any inherent
weaknesses in the formatting utility of the XBOX 360, what information is
stored locally on the drive and how is it secured?
The
thesis will present the 010 template and toolkit, the source code for both and documentation
on how to use them. Finally the thesis will present the research conclusions on
the Xbox360 file system and its security, based on a forensic examination.
No comments:
Post a Comment