# Forensics Analysis of Xbox One Game Console

**Authors:** Ali M. Al-Haj

arXiv: 1904.00734 · 2019-04-02

## TL;DR

This paper investigates the forensic potential of the Xbox One console by analyzing physical and logical data sources, providing insights and best practices for forensic examinations of this gaming device.

## Contribution

It introduces a dual approach to Xbox One forensics, combining physical hard drive analysis with logical GUI examination, and offers best practices for data collection.

## Key findings

- Identification of valuable timestamp data on the hard drive
- Logical examination reveals user activity traces
- Guidelines for forensically sound data collection

## Abstract

Games console devices have been designed to be an entertainment system. However, the 8th generation games console have new features that can support criminal activities and investigators need to be aware of them. This paper highlights the forensics value of the Microsoft game console Xbox One, the latest version of their Xbox series. The Xbox One game console provides many features including web browsing, social networking, and chat functionality. From a forensic perspective, all those features will be a place of interest in forensic examinations. However, the available published literature focused on examining the physical hard drive artefacts, which are encrypted and cannot provide deep analysis of the user's usage of the console. In this paper, we carried out an investigation of the Xbox One games console by using two approaches: a physical investigation of the hard drive to identify the valuable file timestamp information and logical examination via the graphical user interface. Furthermore, this paper identifies potential valuable forensic data sources within the Xbox One and provides best practices guidance for collecting data in a forensically sound manner.

---
Source: https://tomesphere.com/paper/1904.00734