The practical analysis towards developing a guideline for the Xbox 360 forensic

Abstract

The advancement of the technology has built the Xbox 360 with the powerful hardware. It comes with a cheap price and affordable to everybody. Moreover, it's becoming a networked media platform to perform flexible connectivity through the internet. These features has made the Xbox 360 as an ideal tool to perform a cyber crime by utilizing it capabilities to the maximum. Since there is no proper guideline on conducting the investigation procedure on the Xbox 360 forensic, it is difficult to determine whether the Xbox 360 has been used as a crime tool. The immediate objective of this study is to investigate the physical modification of the Xbox 360 as well as to examine the best imaging technique for the Xbox 360 data storage. Then a new guideline was developed based on the result of the study. Several experiments had been conducted which involved several techniques and procedures for dismantling and imaging the Xbox 360's hard-disk. As the result, the best techniques and procedures for dismantling the Xbox 360's hard-disk had been determined. On the other hand, FTK Imager was chose after been compared with several imaging tools. Therefore, it had been used as an imaging tool for this purpose because it produced an image that's complies with the NIST standard for a forensic disk imaging tool. The guideline that was produced will give a great value and benefit to the forensic examiner community since there is no such research has been done before. Hence, this study can be a basis for the retrieving potential evidence techniques as well as developing a complete SOP for the Xbox 360 forensic in the future.