1.17.2012

Video Game Systems and Crime

Over the last several years home game consoles, namely the Sony PlayStation 3, the Nintendo Wii, and the X-Box 360 from Microsoft have sold in the tens of millions. Today's game consoles are computers, with many of the same capabilities as a laptop or PC. As such, they can also be used by criminals for a variety of crimes just like regular computers.
Uses by Criminals
One of the biggest selling points of modern consoles is the ability to connect and play games with others. This makes for use of a console by criminals to find victims especially children. Pedophiles can pose as other gamers to find victims. Other uses include gaining intelligence on a potential victim of a wide range of crime from bullying to burglary to far worse. It is simple to see that consoles can be of considerable interest to law enforcement when investigating a crime or a suspect.
Consoles can be used to:

  • Send and receive email and instant messages between criminals (conspiracy).
  • Surf the web for information, including social sites like Facebook.
  • Share information on making/selling drugs, laundering money, or counterintelligence against the police.
  • Play video games which while innocent can be used as a vehicle for fraud, gambling, or training/instruction in techniques.
  • Can be used to store and move illicit materials like child pornography and can even be used to stream video live to others.

Forensics and the Xbox 360
The author has a 360 and is more familiar with it and its file system so that will be the focus. First it is important whenever dealing with computers of any type to know the hardware. The Xbox 360 comes in several different iterations namely the Arcade (256 meg internal hard drive, 512 meg hard drive, network card, or memory card), the Pro
(with a 20 gig drive and later 60 gig and higher, network card). The Elite has a 120 gig internal and 250 gig external drive as does the Slim which only has a 4 gig internal drive. The Xbox 360 has an advanced ATI Graphics card. There are three USB ports, and two for
Memory Cards, an Ethernet port, AV port, HDMI port, power in, and IR receiver.
The drives are all SATA 2.5 inch drives like those found in laptops. However, they are in a custom case and interface (Bolt, 2011).
Xbox Live
Xbox Live is the online system which can be linked through the Xbox hardware and also PCs and Windows smartphones. Xbox Live lets gamers download new games, add-ons for current games, music, videos, movies, and chat. Users can also connect to Facebook, Netflix, and other services.
Once the drive is removed from the case it can be imaged like any other drive. Guidance Software's Encase and Access Data's FTK Imager both work to make a forensic image of the drive. Files loaded by Mocrosoft include pictures for gamer IDs, themes, freebie demo games, and videos introducing the Xbox 360 and its features. These files vary some from version to version of the Xbox 360. Files on the Xbox include CON, PIRS, and LIVE. CON files CON files include the saved games, profiles of users, and cache. PIRS have to do with the preinstalled games and networking. LIVE files perform the Xbox Live service. Of interest in the files are the gamertags used online since this is tracked by Microsoft which records LIVE log ons and can be traced.

The Playstation 3
Sony's Playstation 3 was introduced in November 2006 and has since sold upwards of 100 million units. The PS3 is Sony's entry into the video game console market to compete with Microsoft's Xbox 360 and Nintendo's Wii. Like the Xbox 360 the PS3 shares many abilities of the home computer with internal storage over 100 gigabytes, multi-media capable, and easily connected to the internet
and home networks. In 2009 Anthony Oshea of Kentucky was arrested for possession of child pornography after being found by Houston,
Texas investigators. Oshea had photos of a nude 11-year-old girl emailed to him by the girl after he persuaded her to take and send them. He committed the entire crime with his PS3.
In essence the Xbox 360 and PS3 are very similar, however the PS3 contains more advanced security and infrastructure so any Xbox 360 forensic methods are useless. Game consoles, unlike their older PC and laptop cousins, differ in their parts and software.
The PS3 is availabel in several different models, mainly due to hard drive size. As opposed to the 360 the PS3 includes a Blu-ray drive, a very powerful CPU, and an Nvidia RSA graphics card. Users are also able to partition the drive and install a second operating system (OS), often a form of Linux.
Problems with a forensic analysis of the PS3 include the system's OS and file system are owned by Sony and will probably never be publicly released due to piracy issues. There are also security features to further inhibit copying of the system, namely the encryption of the hard drives of each individual PS3. Such a system is very difficult to crack from a forensic standpoint.
However, there is a ray of light: the secondary OS (if it has one) is not encrypted by the PS3. Forensic software that works on Linux systems could possibly work on this OS. In the PS3 Slim Sony disabled support for a second OS. Tests of time stamps showed that
at the beginning of the drive there are several files changed. When running a drive blocker the PS3 would start but not boot up. A test of the browser showed that the PS3 OS remembers the last 100 websites visited with the most recent at the top (Conrad, Dorn, Craiger, 2009).
But if a site is repeatedly visited it will merely move up the list.
In June 2011 hackers cracked the encryption used by Sony and published the cypher keys. With the keys it is possible to sign any PS3 file as if it were a Sony file. The result is the ability to create applications for the PS3 and piracy. New games such as Batman Arkham City can be de-crypted with the key and re-encrypted with the new one so it can be played on PS3s running older firmware (Darkmirage). Another result is the ability to hide files among the PS3's operating system and files.

The Nintendo Wii
The Nintendo Wii is currently the best selling of the game consoles. The biggest difference between the Wii and is competitors is that the Wii lacks a hard drive and does not have their power. With no hard drive there is no need for write blocker software and forensic copying and analysis is impossible and integrity cannot be assured. However, no hard drive does not mean no storage of data or use by criminals. The Wii can still be used for its wireless networking, email messaging, web browsing, online shopping, and automated logging of its usage. The wireless uses a USB to Ethernet and is necessary to eliminate the MAC address from the local network. The email system is another avenue for communications. The Internet Channel on the Wii is a browser and is one of the main reasons for looking at a Wii forensically. The online shopping is a functioning retail system and the cards associated with purchasing Wii software, games, add-ons, etc. can be used in lieu of cash as can cards for the 360 and PS3. A unique feature of the Wii is its logging of the length of time the machine has been played. This information is in the mail system and cannot be deleted or changed by users. This information can be used to confirm or refute an alibi or other evidence.
Encase and other tools are unusuable for the Wii but all data in the system can be extracted by using a bootable Wii disc. However, such a disc does not exist. Another way is to de-solder and remove the onboard memory of the Wii and custom build an interface to a PC workstation. While more sound it requires a skilled investigator. The Wii can show whether or not it is or has been connected to the internet. One can also check the email system and address book and the web browser (Turnbull, 2008).

References

PS3 Completely Cracked - Ramblings of DarkMirage. (n.d.). Ramblings of DarkMirage - Anime, Games, J-Pop and Whatever Else. Retrieved January 17, 2012, from http://www.darkmirage.com/2011/01/06/ps3-completely-cracked/

Bolt, S., & Liles, S. (2011). Xbox 360 forensics a digital forensics guide to examining artifacts. Amsterdam: Elsevier ;.

Conrad, S., Dorn, G., & Craiger, J. (2009). Forensic Analysis of the Sony Playstation 3 Gaming Console. Paper for the 6th Annual Conference of the International Federation of Information Processing, 1(1), 1-18.

Turnbull, B. (2008). Forensic Investigation of the Nintendo Wii: A First Glance. Small Scale Digital Device Forensics Journal, 2(1), 25-39.

This is

0 comments:

Post a Comment

All comments and feedback appreciated!

Criminology & Justice Headline Animator

Psychology

Law Books

Corrections

Sociology

Crime

Serial Killers

Criminology

LinkWithin

Related Posts Plugin for WordPress, Blogger...