±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 7
Overall: 27509
Visitors: 80

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Xbox 360 Investigation

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Xbox 360 Investigation

Post Posted: Tue Jan 29, 2013 9:07 am

I'm currently doing an investigation on the Xbox 360 to see the data that can be retrieved from Facebook. I've used Internet Evidence Finder, EnCase (not compatible with Xbox file system FATX). The main tool which has proved benefical is Xplorer360 which presented the partitions on the hard drive. I'm having some trouble understanding some files found: .xtf, .pkg and .tdbx. I understand that the tdbx is the database. There are also some files in the cache: TK, VC, XT, LD, SU and QH. Is anyone aware what these files are and possible ways of viewing these?  

Rach123
Newbie
 
 
  

Re: Xbox 360 Investigation

Post Posted: Tue Jan 29, 2013 10:25 am

Some brief Googling found the following:

www.digitalforensicana...raiger.pdf

You might consider contacting the author(s) to seek assistance. An alternative location is:
www2.cecs.ucf.edu/acad...84542f.pdf

Here's another resource:
allfreedl.com/2013/01/...Qf1j2e6Ras

HTH  

keydet89
Senior Member
 
 
  

Re: Xbox 360 Investigation

Post Posted: Tue Jan 29, 2013 10:34 am

- keydet89
Some brief Googling found the following:


Here's another resource:
allfreedl.com/2013/01/...Qf1j2e6Ras

HTH


is that a legit link? its 35 quid on amazon, free there.

(and the same publisher as your book as well Rolling Eyes )  

hmorgan
Senior Member
 
 
  

Re: Xbox 360 Investigation

Post Posted: Tue Jan 29, 2013 11:32 am

Thank you for the links.

I have been using the book as a reference through my investigation however Bolt was unable to identify what these files represented.
I've done some googling and read quite a few papers on an xbox investigation but not been able to find anything specifically relating to these files.

As mentioned it may be good to contact the authors.  

Rach123
Newbie
 
 
  

Re: Xbox 360 Investigation

Post Posted: Tue Jan 29, 2013 11:43 am

- Rach123

As mentioned it may be good to contact the authors.


Agreed. You never know what research and development continued after the book went to the printer....  

keydet89
Senior Member
 
 
  

Re: Xbox 360 Investigation

Post Posted: Tue Jan 29, 2013 3:50 pm

- hmorgan
- keydet89
Some brief Googling found the following:


Here's another resource:
allfreedl.com/2013/01/...Qf1j2e6Ras

HTH


is that a legit link? its 35 quid on amazon, free there.

(and the same publisher as your book as well Rolling Eyes )


i would suggest buying it then....
only get the digital download if you have paid for the contents in some way  

randomaccess
Senior Member
 
 
  

Re: Xbox 360 Investigation

Post Posted: Fri Feb 01, 2013 3:42 am

I've found Party Buffalo a very useful utility, moreso than Xplorer360 in my opinion. Might be worth giving that a go to see how it compares.

I've not done any specific research on Facebook artifacts but the general structure of Internet Explorer history on the 360 appears to be identical to the structure that you'd see in an INDEX.DAT file other than the header of each entry is reversed.

In other words, in an INDEX.DAT it's URL whereas on a 360 it's LRU. This is also the same for REDR and LEAK entries (RDER and KAEL on a 360).

I'll try to do a bit of testing over the weekend by visiting the same site on a PC and a 360 and comparing the structure of the respective URL entries.

Cheers,

Chris  

Chris55728
Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 1