Games Console Forensics

I think this is what you are after

http//www.voomtech.com/content/shadow-3

Regards

Shadow Voom. We were close. That sounds like it from the vague description I was given.

Good find. Thanks a million!

Interesting.. so would you connect the "Shadow 3" between the ps3 and the ps3 hdd? And it would then operate as normal, but all writes are redirected to the device, not the hdd?

Our current solution is to clone the drive, boot the clone and record the interaction - but using the "Shadow 3" could be considerably quicker, if it works as advertised.

It has to be seen if that thingy is specifically as "transparent" as needed, an ordinary writeblocker won' t work seemingly
http//www.computerforensicexaminer.com/computer-forensics-expert-florida-miami-palm-beach-lauderdale-dave-kleiman-forensic-training-files/Forensic_Analysis_of_a_Sony_Play_Station_3_PS3_Gaming_Console.pdf

jaclaz

We have been using the voom for a while now with game consoles and it works a treat. U take the HDD out of the console connect it to the voom and connect the voom to the HDD port on the console power on the voom and console and off u go HDD is write protected and u can do what u need to do on the the console. We also use it for laptops and PC, when we are virtualising to see if there is anything on the devices in order to determine if we should image or not. I say this is worth having in your toolkit.

Regards

MPF

There are also possible programs to install; on a clone HDD dependent of the Firmware Version/Revision of the console.

I've had great success in FTP'ing a logical stream of the partitions of a PS3 for testing (my own), while running particular firmware revisions.

The catch is that they are older FW's now, typically a normal user wouldn't be running these version.

I haven't visited it in a while though, I would imagine that current *tools* for end users to circumvent Sony's Operating System for 'extra' features could also be a boon for us (forensic investigators). Allowing for the further extraction and examination of data to Forensic software packages.

Originally I was able to obtain a fare amount of info from my test unit; internet web histories, operations dates and times and some cached pictures. All of which were run through X-Ways from the Logical FTP extraction.

They are just one of those systems though that might not give enough information following the above suggest ways over using the Voom Shadow 3 and manipulation of the OS directly.

__LEO__

(Slightly OT)

Additionally; XBOX360 has a GREAT amount of information that can be obtained when importing into various Forensic Software packages.

Once again; dependent of a few caveats, ie If they subscribe to paid service 'GOLD', the users Facebook, Twitter and Internet Histories are available for processing and review.

Ive found X-Ways capable of carving out some data; Facebook dates and times in cached data, and then Internet Evidence Finder running the .dd for the internet & facebook histories.

All from an imaged HDD running *CURRENT* OS and Firmware, no limitation yet found.

___LEO____

Wanted to chime in and let you know when I was playing around with pulling data from an XBOX 360 Drive I found that using some underground Xbox Modding programs gave me better results then using some Forensic tools. This was some time ago so the forensic tools may have gotten better.

I modded my 360 console and the underground has quite a few tools to read saved game files and or alter them, see how many achievements were on a game and even alter and read user accounts etc..

Just something to think about….

G'Day csalm1337,

Ahhh - see I *ahem* worked over my PS3 for this research - but left the XB true and proper.
Good to know that the ability is there also.

Now to learn/research more on the newies.

FYI does anyone know the name
Kazuya Skakiharan
or
Kazuyaa Kakihara

Its come up in researching on the new model; #4.

THX!