Expert Witness: Games Console Forensics

In today’s average home there exist many potential sources of digital evidence, from the obvious home PCs and mobile phones to the less common ‘pen-drives’ and PDA’s. All have been subject to comprehensive scrutiny from people involved in the legal process and academics since their properties have been shown to have forensic value. So far comparatively little evidence of investigation into the forensic properties F95ZONE of modern gaming consoles exists, if we consider how they can be utilised in an increasingly ‘PC-like’ manner, this is an area capable of proffering considerable amounts of data with evidentiary value in criminal or civil court proceedings.

Computer forensics is a relatively new discipline combining elements of law and computer science to collect and analyse data from computer systems, networks, wireless communications and storage devices in a way that is admissible as evidence in a courtroom. Gaming consoles now provide the kind of data which can undergo forensic analysis because of the addition of memory (both internal and external) capable of ‘storing’ data beyond mere computer game information.

With the addition of storage capabilities beyond simple game data (i.e. hard drives capable of storing music, video, pictures etc.) gaming consoles are able to utilise ‘web’ functionality and therefore will likely generate both ‘persistent’ and ‘volatile data’ with forensic value. With an increasing amount of media functionality gaming consoles are becoming ‘entertainment hubs’ within the average household.

The machines most likely to provide usable forensic data are the Xbox360 and PS3 and due to their prevalence in homes (combined sales figures for the UK are around six million units) these are the machines where a pattern of use would be similar to more readily accepted sources of forensic data (i.e. home computers).

Microsoft Xbox 360:

This gaming console can support external memory cards for game data and media storage, however these are infrequently utilised because of small size (both physically and in terms of data capacity). The most commonly used memory for the Xbox360 comes in the form of a detachable hard-drive ranging in size from twenty gigabytes to two-hundred and fifty gigabytes (allowing vast amounts of saved music, videos, photos etc.) and is essential in allowing online functionality on the machine. On an unmodified machine this online functionality refers to ‘Xbox live’, the online multiplayer gaming and digital media delivery service operated by Microsoft. This service allows users to:

Many of the functions performed on the console have a time and date attributed to when the function was performed (or at least when it was last accessed or altered); this could potentially provide corroboration of a defendant’s location at a specified time. The communication possible through use of the Xbox live messaging system can provide evidence of illegal activity as messages are automatically stored for up to 30 days before deletion from the system, however all messages sent via Xbox live are retained on Microsoft servers and recoverable on any console the user profile is signed into, therefore any mention of a crime in a text or audio message would potentially be retrievable by a skilled investigator.Intense Mobile Gaming on the Samsung Galaxy S2

Leave a comment

Your email address will not be published. Required fields are marked *