Figure 3 - uploaded by Knut Bellin
Content may be subject to copyright.
Download
View publication

Source publication
Figure 1: 
Figure 2: 
Figure 3: 
Figure 5: 
+2 Figure 6: 
Remarks on forensically interesting Microsoft XBox 360 console features
Conference Paper
Full-text available
  • Feb 2012
This paper deals with forensically interesting features of the Microsoft Xbox 360 game console. The construction and the internal structure are analysed more precisely. One of the main aspects of the study is to analyse the used file system which was examined for forensic features. Possible difficulties that might be of importance to the forensic i...
Cite
Download full-text

Contexts in source publication

Context 1
... xex, pak, png and other file types. All data are shown in the container structure (see figure 3) and the found entries can be extracted by the user. This program is used to view files of Xbox 360 themes, which are stored during use of Xbox LIVE. ...
Context 2
... are still some other file formats which the assignment and the purpose couldn’t determined unambigu- ously, e.g. files with the ending .lex or .xtf. The table 2 shows some of the found file types of a Xbox 360 with a short description. Forensic software for an analysis of the Xbox 360 is quite difficult to find. Creating a forensic duplicate of the hard drive can be made with different programs and methods as long as the program/computer recognizes the hard drive. A better way is to use separate technical equipment like the Tableau Forensic Duplicator Model TD1 or similar. However the FATX data format is not supported by the most programs. FTK and XWays, which are professional forensic programs, for example can’t extract much information out of an image. They found only a few pictures in the image. These pictures could be connected to some Xbox games which where played or installed on the Xbox 360. In the internet can be found a few freeware programs which could be helpful in investigations. They are immature and have only restricted access on the file structure (partitions) or files. In the following some programs are introduced and described. Except of the program XTF all programs can be found in the internet and downloaded for free. XTF (2.0) is a quite new forensic software which is a special development for Xbox forensics. The software should be in the position to integrate backup files of the Xbox 5 and can interpret the FATX format with the individual partitions and their content (files). Currently the program couldn’t be tested and information about the program are rare. Some information can be found on the website † of the publisher with some details. There are some programs which are coded by Gael360 . Some of theses programs give detailed insights in certain data types of the Xbox. Among them are: wxPirs: This program can open PIRS, LIVE or CON files, which are generic container files of the Xbox 9 . In these containers are different data files like e.g. xexp, xex, pak, png and other file types. All data are shown in the container structure (see figure 3) and the found entries can be extracted by the ...