Stage 0. Base Drive
This is the base image file as obtained out of the box.Stage 1. Drive Formatted using XBox 360 Formatting Utility
This image was created after the XBox360 format utility was run.Stage 2. Live Profile Downloaded
XBox Live profile was downloaded and configured. Gamer tag was setup as well as an Avatar.Stage 3. Games and Video Downloaded from Live, Game Installed from DVD
2 XBox Live Arcade games were downloaded. These were- Doom2
- Street Fighter 2
A third game was installed to the local hard drive from the game DVD. This game was called
- Fable 3
A game video was downloaded from the Marketplace called
- Halo4
Stage 4. Facebook and Twitter Application downloaded and Installed
Stage 5. Fable 3 Played and Save Game Created
- Facebook Logged in
- Twitter Logged in
Stage 6. Game Played and Save Game Created
Fable 3 was loaded, played and a save game was createdLogged into Messenger and a conversation was created
Forensic Examination Process
The process of examining the effect each of these steps have on the XBox drive is calculate by comparing the drive at each of the 7 intervals discussed above. In order to do this we will extract each of the partitions from the Drive Image for each of the 7 stages. To do this we will.- We will compare each of the partitions from each sequential image and note any changes.
- Do string searches for particular items in each image and note the number of instances recorded
- Check SHA1 Hash Values of each of the string searches to identify if the hash values are stored. This is of particular interest for Passwords. We will attempt to discover if the passwords that are hashed were done so with a SALT value.
- We will compare the files and folders identified from the toolkit to identify what are added with each iteration.
- Finally we will check the Josh and Security Sector Between each iteration for any differences that can be found.
No comments:
Post a Comment