Xbox 360 Forensics (part 2)

Lately my blogging energies have been redirected into my study, namely a communications plan and a research proposal.

The communication plan was for a persuasive communications class and the aim was to be able to devise a plan that could realistically alter the attitudes (and hopefully the behaviour) of an audience, it was a fascinating exercise that I don't plan on repeating any time soon. It turns out that I'm not much of a public relations hand and while I think I grasped the theory writing up a viable strategy for a hypothetical situation was harder than I expected.

More relevantly the research proposal is for my upcoming final project (dissertation?) and it involves creating a tool to automate the extraction of useful information from an Xbox 360. Seriously I didn't come up with the topic —my supervisor suggested it— isn't that awesome? So I've been spending a lot of my time reading xbox modding forums and reading the few bits and pieces in academia on the topic.

Things that I learnt:

• The xbox 360 is easier to access than the original due to a lack of ATA security lock down
• There is an xbox file system that is mostly just a clean up of FAT
• The xbox 360 uses a big-endian version of this operating system due to its PowerPC architecture
• People go to great lengths to install homebrew operating systems and play pirated games
• There is a lot of information that might be accessible via someone's xbox
• Most Windows users use a defunct program called Xplorer360 to read/write to xbox 360 file systems
• For Linux the choices are a BSD example implementation uxtaf.c or x360 a GPLv3 FUSE driver
• Actually there's a kernel driver available too if you're into that kind of thing