Coming up to Christmas, at the behest of my children, I have been looking at new games consoles. In the process, I've noticed far more that many have the capability to support Linux as an alternate OS, either by "hacking" ( XBox ) or by design ( PS3 ). I'm sure that the act of processing one forensically would be little different to that of an ordinary Linux PC, my question is more
(a) is anyone actively looking for such devices during raids ? Are consoles seized as a matter of course ?
(b) has anyone actually found any that _are_ pertinent to the case in question ?
If you have, are there any significant differences to the processing of ordinary Linux installations ?
Thanks in advance for indulging my curiosity -)
Hi Azrael,
We certainly do seize game consoles although not routintely. We have had a few that have been modified in some way and have contained evidence that was of interest. We have also seen a few that took up many hours of lab time only for us to decide there wasn't anything to find.
Another consideration on computer forensics now is also Sky boxes or Tivo's and hard drive based recorders. Some of these items can carry masses of data, which does not have to have been creaetd using the device in which they are installed.
As for Linux on other devices. I have seen a PDA or two but so far not a games console running Linux.
Steve
Thanks Steve -)
Could I please pick your brains a bit more ?
We certainly do seize game consoles although not routintely. We have had a few that have been modified in some way and have contained evidence that was of interest.
If they haven't been modified to run Linux, how have they been modified ?
I know that some have the capability to run as web browsers by default (e.g. without modification), so in that respect, I assume that they can contain similar evidential items as a PC - but I would have thought in a different format ?
We have also seen a few that took up many hours of lab time only for us to decide there wasn't anything to find.
I assume that they were siezed initially because there was some suspicion that something was there, seeing as you said it wasn't routine. Do you know what criteria has been used to justify where to or not to sieze ?
Another consideration on computer forensics now is also Sky boxes or Tivo's and hard drive based recorders. Some of these items can carry masses of data, which does not have to have been creaetd using the device in which they are installed.
Good point …
Sky+ boxes, to the best of my knoweldge, can't accept data ( to use on the box … ) that isn't recorded on it. If anyone one knows different, please let me know, because I've been trying to do it ! But there are many and varied guides on how to upgrade your Sky+ disk to one of a larger capacity, I'm sure that there is a chance that residual evidence from a 2nd hand disk might be remaining …
As for Linux on other devices. I have seen a PDA or two but so far not a games console running Linux.
Interesting - it seems that you can install Linux onto pretty much anything with a processor 😉 I've got an iPod that I'm about to Linux-ify, and, seeing as the kids are going to get a new console, I think that the old XBox might head that way as well ….
Azrael,
As yet I have seen my colleagues 'get all the luck' and have to examine the games consoles. I am aware of upgraded sized hard drives, second hard drives and various bits of soldered on circuit board that a colleague or two refered to but alas now cannot remember what they said it was.
We've seen games consoles plugged into a switch with the router and the computers of course. This isn't anything particularly unusual but I think this is a scenario in which it is more likely the console will be seized. I vaguely remember a case where a suspect had an xbox but had no games for it. When asked why he had it he stuttered out some implausable reason, which suggested if it's not for games it might be of interest to us.
Steve
Thanks Steve, most enlightening -)