Forensics toolkit cracks open the Xbox gaming console

Those who think the Xbox game console may be the perfect place to hide illicit material from prying eyes – principally because it isn't seen as a regular-joe PC – had better think again. Computer scientist David Collins has developed a toolkit that allows police and other law-enforcement agencies to recover criminal data more easily from hard drives like the Xbox.

The problem for investigators lies in the FATX file system used by the Xbox. Unlike the standard FAT32, NTFS and similar systems used by regular PC hard disks, there is little documentation on the proprietary FATX system. Collins' XFT utility, however, mounts an image of the FATX file system, allowing investigators to explore in detail the directory structure. An analyst can use shell commands to browse the directory tree, open files, view files in hex editor mode, list the contents of the current directory, in short or long mode, and expand the current directory to list all associated subdirectories and files. Importantly, from a legal perspective, XFT can also record such investigative sessions to play back in court, if required.

At the moment the XFT toolkit is limited to cracking open the data on an Xbox, but Collins hopes to extend the utility into a fully functional forensic operating system, which will be packaged as both a bootable operating system from a hard disk and a "live" bootable compact disc. "This implementation will be open source, verbosely commented and designed from the ground up as a forensic OS," says Collins.

So the message for any one thinking of using their Xbox for anything nefarious: stick to virtual crime, like Grand Theft Auto 3.

More detailed information about the XFT forensics toolkit is available in volume 2, issue 2, 2009 of the International Journal of Electronic Security and Digital Forensics.

Darren Quick