Chapter 5. Initial Forensic Acquisition and Examination
This chapter will discuss the forensic tools used and the process by which the research was conducted. Because there is no mainstream forensic utility that can read the file system of the XBOX 360 console, the process that was decided upon was somewhat straightforward. In order to determine where artifacts are stored, each feature of the console was tested and then the hard drive was imaged. This created several issues, not the least of which was storage.
Keywords
FTK, EnCase, X-Ways, EnScript, Write Blocker

Imaging the Console Hard Drive

The steps for ...

Get XBOX 360 Forensics now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.