XBox Forensics


Original idea came from Jason Bermas @

APPROVED questions and answers regarding Military Hacking of game consoles

These responses are from Associate Professor Simson Garfinkel, Department of Computer Science, Naval Postgraduate School

1. What is the role of DHS and NPS in this project? Where did it originate and who is funding it? The contract award says the deliverables are for DHS S&T. NPS isn’t mentioned anywhere.

In 2008, DHS S&T was contacted by law enforcement agencies in the US for assistance in providing a tool that could be used to analyze video game systems. Today’s gaming systems are increasingly being used by criminals as a primary tool in exploiting children and, as a result, are being recovered by US law enforcement organizations during court-authorized searches.

NPS was chosen to execute this contract on behalf of DHS because of my [Professor Garfinkel’s] previous experience in computer forensics.

2. Does the project have a specific name?

“Gaming Systems Monitoring and Analysis Project”

What is its goal?

To improve the current state-of-the-art of computer forensics by developing new tools for extracting information from popular game systems, and by building a corpus of data from second-hand game system that can be used to further the development of computer forensic tools.

3. How will the results be used? What practical applications might they provide?

We hope to provide to DHS tools for assisting law enforcement in analyzing video game systems that are recovered during the course of law enforcement operations.

4. What challenges do you face in conducting this research?

Video game systems are designed with copyright protection systems that make it difficult to extract data.

5. Why does overseas consoles being sought?

We do not wish to work with data regarding US persons due to Privacy Act considerations.

6. Can consoles purchased overseas contain data on U.S. citizens? How are privacy concerns being addressed?

If we find data on US citizens in consoles purchased overseas, we remove the data from our corpus.

7. To your knowledge, have there been any previous attempts governments or private parties to obtain data from consoles?

Yes. There is a tool that is sold on the market. See:

Is this pioneering research?

That is a question Professor Garfinkel cannot answer himself.

8. Are the console manufacturers aware of this project? Are they cooperating with your effort?

These questions should be directed to the manufacturers.


XBox Forensics

ScienceDaily (Apr. 30, 2009) — A forensics toolkit for the Xbox gaming console is described by US researchers in the International Journal of Electronic Security and Digital Forensics. The toolkit could allow law enforcement agencies to scour the inbuilt hard disk of such devices and find illicit hidden materials easily.

Computer scientist David Collins has probably spent more time messing around with the Microsoft XBox, other gaming consoles, and PDAs in the name of forensic science than anyone else. He is a digital forensics expert at Sam Houston State University, and is working hard to replicate “mods” – both hardware and software for the Xbox and other devices.

Criminals often hide illicit data on the XBox in the hope that a gaming console will not be seen as a likely evidence target especially when conventional personal computers are present in the same premises, for instance. The toolkit developed by Collins will allow police and other investigators the chance to lay bare the contents of XBox hard disks.

Cell phones, smart phones, PDAs, game consoles and other devices provide a convenient means to store data of all kinds, including images, video, audio and text files. But they also provide a simple way for criminals to possess and hide illegal material too.

Collins’ XFT utility can mount an image of the FATX file system used by the XBox, allowing the user to explore in detail the directory structure. Collins points out that unlike the standard FAT32, NTFS, and similar systems used by the hard disks in personal computers, there is little documentation on the proprietary FATX system. However, it is possible nevertheless to acquire an image of a FATX hard disk and to mount it on another device.

“Once the Xbox file system is mounted, the analyst can use shell commands to browse the directory tree, open files, view files in hex editor mode, list the contents of the current directory in short or long mode and expand the current directory to list all associated subdirectories and files,” explains Collins.

Importantly, from the legal perspective, XFT can also record such investigative sessions for playback in a court of law, which protects the defendant from falsified as well as providing more solid evidence for the prosecution.

Collins explains how future work on XFT will involve making the toolkit into a fully functional forensic operating system (OS). This OS will be packaged as both a bootable operating system from a hard disk and a “live” bootable compact disk. “This implementation will be open source, verbosely commented and designed from the ground up as a forensic OS,” says Collins, “This will remove any and all proprietary operating system dependencies, making the forensic process as transparent as possible.”

Sourced Form




2 Responses to “XBox Forensics”

  1. Hi there it’s me, I am also visiting this web site regularly, this web page is in fact pleasant and the visitors are really sharing pleasant thoughts.

  2. Hello, nice article. Im 15 many years outdated I weigh
    160 im a freshman football participant and i want to
    weigh 220 lbs, how am i able to do that and just how quickly would you believe i’m able to do that?! Thank you for reading through.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: