Xbox 360 Investigat...
 
Notifications
Clear all

Xbox 360 Investigation

7 Posts
5 Users
0 Likes
834 Views
(@rach123)
Posts: 2
New Member
Topic starter
 

I'm currently doing an investigation on the Xbox 360 to see the data that can be retrieved from Facebook. I've used Internet Evidence Finder, EnCase (not compatible with Xbox file system FATX). The main tool which has proved benefical is Xplorer360 which presented the partitions on the hard drive. I'm having some trouble understanding some files found .xtf, .pkg and .tdbx. I understand that the tdbx is the database. There are also some files in the cache TK, VC, XT, LD, SU and QH. Is anyone aware what these files are and possible ways of viewing these?

 
Posted : 29/01/2013 8:07 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Some brief Googling found the following

http//www.digitalforensicanalyst.com/computer-forensics-expert-florida-miami-palm-beach-lauderdale-dave-kleiman-forensic-training-files/Xbox-Forensics_Burke_Craiger.pdf

You might consider contacting the author(s) to seek assistance. An alternative location is
https://www2.cecs.ucf.edu/acadaffairs/SACSFacultyCVDatabase/Publications/4c1e8b3b-948d-41ea-ad15-bba12584542f.pdf

Here's another resource
http//allfreedl.com/2013/01/10/xbox-360-forensics-a-digital-forensics-guide-to-examining-artifacts.html#.UQf1j2e6Ras

HTH

 
Posted : 29/01/2013 9:25 pm
(@angrybadger)
Posts: 164
Estimable Member
 

Some brief Googling found the following

Here's another resource
http//allfreedl.com/2013/01/10/xbox-360-forensics-a-digital-forensics-guide-to-examining-artifacts.html#.UQf1j2e6Ras

HTH

is that a legit link? its 35 quid on amazon, free there.

(and the same publisher as your book as well roll )

 
Posted : 29/01/2013 9:34 pm
(@rach123)
Posts: 2
New Member
Topic starter
 

Thank you for the links.

I have been using the book as a reference through my investigation however Bolt was unable to identify what these files represented.
I've done some googling and read quite a few papers on an xbox investigation but not been able to find anything specifically relating to these files.

As mentioned it may be good to contact the authors.

 
Posted : 29/01/2013 10:32 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

As mentioned it may be good to contact the authors.

Agreed. You never know what research and development continued after the book went to the printer….

 
Posted : 29/01/2013 10:43 pm
(@randomaccess)
Posts: 385
Reputable Member
 

Some brief Googling found the following

Here's another resource
http//allfreedl.com/2013/01/10/xbox-360-forensics-a-digital-forensics-guide-to-examining-artifacts.html#.UQf1j2e6Ras

HTH

is that a legit link? its 35 quid on amazon, free there.

(and the same publisher as your book as well roll )

i would suggest buying it then….
only get the digital download if you have paid for the contents in some way

 
Posted : 30/01/2013 2:50 am
(@chris55728)
Posts: 49
Eminent Member
 

I've found Party Buffalo a very useful utility, moreso than Xplorer360 in my opinion. Might be worth giving that a go to see how it compares.

I've not done any specific research on Facebook artifacts but the general structure of Internet Explorer history on the 360 appears to be identical to the structure that you'd see in an INDEX.DAT file other than the header of each entry is reversed.

In other words, in an INDEX.DAT it's URL whereas on a 360 it's LRU. This is also the same for REDR and LEAK entries (RDER and KAEL on a 360).

I'll try to do a bit of testing over the weekend by visiting the same site on a PC and a 360 and comparing the structure of the respective URL entries.

Cheers,

Chris

 
Posted : 01/02/2013 2:42 pm
Share: