Notifications
Clear all

embedded forensics  

  RSS
sebastianorossi
(@sebastianorossi)
Member

I have to examine an "internet point". It is based on windows xp embedded.
Have you got any suggestions? I have got no more information about the system. I am studying the case in advance
thanks

Quote
Posted : 20/01/2012 2:31 pm
jim.borwick
(@jim-borwick)
New Member

Hi

By internetpoint do you mean an Internet Cafe?

Jim

ReplyQuote
Posted : 23/01/2012 4:09 pm
Passmark
(@passmark)
Active Member

I am thinking he means a public computer sitting in a mall or an airport. They are normally locked down so that nothing but the browser is available.

Like a Kiosk of some sort.
http//en.wikipedia.org/wiki/Self-service_kiosk

Windows embedded is a cut down version of XP. The developer of the system would have used embedded in order to reduce the footprint of the operating system. This is done by selecting just the components of the operating system that are required.

Because the full O/S is not available, some tools that you might normally use on a live system might not run. Depends on what parts of the O/S were installed.

But you should be able to image the disk and investigate as a normal Windows machine. Also check what apps are being used to provide the "internet point" functionality. It is possible they keep their own logs, in additional to any normal Windows stuff.

ReplyQuote
Posted : 24/01/2012 3:15 am
sebastianorossi
(@sebastianorossi)
Member

Hi

By internetpoint do you mean an Internet Cafe?

Jim

No I am meaming something like a Kiosk. It's a public pc, in a design case. You can use it for play or browser the web.

ReplyQuote
Posted : 24/01/2012 7:28 pm
sebastianorossi
(@sebastianorossi)
Member

I am thinking he means a public computer sitting in a mall or an airport. They are normally locked down so that nothing but the browser is available.

Like a Kiosk of some sort.
http//en.wikipedia.org/wiki/Self-service_kiosk

Windows embedded is a cut down version of XP. The developer of the system would have used embedded in order to reduce the footprint of the operating system. This is done by selecting just the components of the operating system that are required.

Because the full O/S is not available, some tools that you might normally use on a live system might not run. Depends on what parts of the O/S were installed.

But you should be able to image the disk and investigate as a normal Windows machine. Also check what apps are being used to provide the "internet point" functionality. It is possible they keep their own logs, in additional to any normal Windows stuff.

Thank you for your answer. In the next day, I will receive more details about the system.
My job is to write a correct summary oh the PC. It was thinked to put it in to hotels, station etc. Someone sold it to pub. They activate games. And they start to do money bet. In Italy without permissions is illegal. Police come and confiscate PC. My summary will be shown to police to avoid confiscation.

ReplyQuote
Posted : 24/01/2012 7:33 pm
Share: