Forensic Analysis Of A Playstation 3 Console Information Technology Essay

Forensic abridgment Of A Playstation 3 ease Information Technology Essayresearching all told the breeding that is avail adequate to(p) to me about the playstation 3 gaming clay, from what the soothe connects to, the file structure of the surd record book, what features the dust has e.g. net in line up, chat, email, online gaming. The deliverable that bequeath be present at the supplant of this would be detailed research about the gaming musical arrangement with everything that is take uped to k flat to progress with the calculate.2.2 summary the objective that I submit for my analysis is to perform all the designates that I go through talked about (playing online games etc) and and so after each of these coiffes entrust indeed make an chassis of the enceinte disc of the dust and port at the image in FTK to turn everyplace if any changes have been made to the platter after the task has been realized. To illustrate an example of this would be to star t a chat message with someone, whence turn rancid the arranging remove the hard dish antenna, image the hard disk, thusly load the image into FTK and look to see if any traces of the chat atomic number 18 present on the hard disk (date/time stamps). When writing up the visualizeings of the investigation a document bequeath be presented with all the processes went through, what hammers used. The deliverable that I expect to have at the end of this objective would be disk images of the various tasks with a detailed report of my findings and a document showing all processes and tools used, and similarly a set of guidelines of how I give the evidence on the system. If no evidence pitchation be put on the HDD of the soothe table then otherwise atomic number 18as of analysis will have to be explored from apply contrastive tools such as scalpel and photorec and withal using different types of hardware wish well spate Doctor.2.3 Evaluation the objective for the eval uation is to rhetoricalally wipe the hard disk to the Playstation 3 system that was used, then giving this along with my guidelines and tasks completed to a nonher person. The other person will go ahead and complete the series of tasks that were priorly performed on the system, keep up the guidelines and see if the they dissolve find the aforementioned(prenominal) evidence as previously found, if the person can find the evidence that is in my guidelines then this proves that the guidelines growd are correct. The deliverable at the end of this objective would be the test info of the other person which will then be written up, to show whether my guidelines are correct/incorrect.3. Why gaming systems are an issue.In the recent geezerhood games systems have evolved immensely allowing the gamer to experience more realistic artwork and sound quality. This is because the systems have been modifyd to such a high standard some of what deal a standalone calculating machine, giving the user a lot more gigabyte/terabyte storage space, because of this the user has more room to store selective information on the disk whether it be images, videos or music. In apprisal to this the old Ps3 systems that were first released had the option to contribute a nonher OS (operating system) on the hard shoot so you could have Linux running on the system this authority that the system can be used as a normal machine, Sony have no disabled this feature on the most electric current microcode of the console. A new-fashioneds report that was found on the ABC news web rate (http//abcnews.go.com/technology/story?id=7009977page=1) describes of how a user used his Playstation 3 system to get a young girl aged 11 to send dirty photos of herself from her Playstation to his. It also says how the reprehensible threw his computer out as he didnt hire it anymore. Using this example that has been found shows how criminals are adapting to the new technology and using it to their ad vantage to commit crimes. The growth of these gaming consoles means that they are more like a standalone computer coming standard with massive hard moils and encryption on the disks meaning that as forensics examiners it makes it harder to retrieve info from some of these devices and takes longer for the imaging process to complete.In regard to a forensic examiner the game systems are a big problem because the development of the consoles have evolved oer the years and now contain multiple CPUs and graphics cards, and with the onboard storage that the same of a desktop computer users are able to save their pictures, music and video to these devices. Also using the features of the console from downloading and install the most current firmware and streaming media from a different network location. With the Playstation 3 you create a user/s for use with machine, so when the system is turned on it asks which user you would like to sign in as.With relation to the Xbox 360 console where hacking communities have found loopholes which allow the Xbox console to run unsigned code which means that the Linux OS can be commissioned up onto the machine allowing this console to be used exactly like a desktop PC. If Linux can be bursting chargeed up onto the machine then this means it could be used for illegal usage example (file storage), although the first release of the Playstation 3 allowed this feature Sony have now stopped the boot of Linux and other Operating systems on its machines, but if a hack or loophole was found in their security then this would mean that this system could be used for malicious shipway just like and Xbox or standalone PC. A post from January 26th, 2010 explains how hacker George Hotz has hacked the PS3 he revealed on his blog that he has achieved pack/ keep open attack to the entire system memory and HV level access to the processor. If this is true then this means that the playstation can be used to run unsigned code and other operating systems can be compressed onto the device, meaning that full desktop usage can be applied storing all kinds of information on the system. Also the Jailbreak that was leaked online was able to fool the system into thinking that a game was universe played from a Blu-ray disc, but it was actually playing from the HDD, this could only be the start, people are qualification small but beneficial steps into fully hacking the Playstation 3 console.4. Research4.1 About the Playstation 3 The project that will be created will be about the analysis of the hard disk take away of a Playstation 3 console which is the most up to date console alongside the Xbox 360 and the Nintendo Wii. The Sony Playstation which is the next step in the gaming world provides the gamer with a new console to experience the most up to date graphics and high definition games and movies with the help of the consoles Blu ray drive. Since the console release in November 2006 the unit has sold over 38.1 million worldwi de according to (http//www.eurogamer.net/articles/ps3-has-sold-38-1m-units-worldwide). Since the release of the console at that place have been umpteen different models of the system from USB ports, Flash card readers and hard drive support, this means that the system and its components are always changing.All the games and movies that the console play are in the format of Blu ray this mean that the content that you are playing or watching are in the high definition format giving a more crystal clear picture and sound.4.2 Online gaming.DSCI0056.JPGFIGURE 1 Picture of Playstation Store menu.The Playstaion 3 system offers the use of the internet whether it is a wired or wireless connection, because of this it is giving the user full access to the World replete(p) Web meaning they can access all the information that they would access on a standalone computer from social networking sites, videos, pictures etc. While playing games on the console you have the option on many games to play online this gives the user the capability to play the game of choice with other users of the game all over the world. To be able to do this you need to have a multi pseudo capable of online game play, you must also have a Playstation network distinguish which will give you access to other users and also need the Playstation to be connected to the wired/wireless internet. You can also create a Playstation network account where users are able to play online games with any person/s all over the world, they can bring buddies and stay in close contact with the people they meet online either by email or chat. Because of the email and chat facilities available on the console it is just like a social networking site where people are able to exchange information with each other and possible pictures and other bits of genuine that can be deemed as illegal or offensive. The console also comes with full internet access via the browser the user can access any website that he/she wishes f rom the console and even downloading images, videos to the consoles hard disk drive.4.3 The Hard disk.The hard disk in the Playstation 3 can come in various sizes from 40gb all the way up to a massive 320gb (factory), but there is an option to easily remove and interchange the hard disk of the system, this can be done by purchasing a 2.5 5400rpm SATA hard drive which is the same hard disk used in laptop computers. To replace the hard drive of the system photocopies of the instruction manual are below.img013.jpgimg014.jpgimg015.jpgAfter these steps have been completed you then have a new HDD in your system whether it is a higher or lower capacity. Because the hard disk of the console is the same as the ones that they store in laptop computers the capacity of these disks can be great allowing a great deal of information such as images, videos or music to be stored on the disk to view with the console. A website was found (http//dcemu.co.uk/psgroove-payload-released-that-decrypts-firm ware-files-by-graf_chokolo-346424.html) Where Graf_Chokolo has released a version of PSGroove payload, this allows the developers to see full details of the PS3 system firmware complete with decrypted table of contents. Graf_Chokolo goes onto to explain how to put the source code onto the system, he goes onto explain that my payload has two stages. The inaugural stage is actually a PSGroove payload, which initializes the gelic device and allocates memory needed for the 2nd stage. Compile the 1st stage binary, convert it to C expletive array and replace the PSGroove payload. (Appendix 16)Graf_Chokolo goes on to explain the second stage, this stage decrypts the CORE_OS_PACKAGE.pkg from a PUP file, it then runs some isolated SPU module or dumps FLASH, the binary of the file is then sent over the Ethernet with sendfile. The 1st stage receives the selective information and then stores it in a memory portion of size 64kb, after the upload is complete, the 1st stage code jumps to the 2n d stage code and executes it. (Appendix 16)a nonher(prenominal) piece of information from this website is to be able to decrypt packages from a PUP file, first you need to take away a revoke list for the packages from PUP file 3.41 e.g. (RL_FOR_PACKAGE.pkg), then extract it convert it to C hex array and paste it into rvk_pkg_341.c. (Appendix 16)4.4 Playstation 3 system updatesWith the use of the internet in the Playstation there is an option to march on the software of the system up to date this will provide you with the latest security updates, parental controls and the pompousness options. By updating to the latest update you will enhance what the console is capable of.If you would like to find out the current software that your system is currently running you go to the settings category and then from there select system settings then system information within this the current system software will be displayed.You can update the current software of the system in a number of way s this is shown by the following systems.System update if the ps3 is connected to the internet got to settings then system update then click update via the internet the console will then check to see if there is an update available for the console if there is an update available it will download and install the update for you. in that location is also another option to update via the pc this is done by visiting the website eu.playstation.com you then follow the on screen instructions to download to the pc. After the download has finished you will then need to save the update to a ps3 compatible device either a memory stick/duo, USB drive or even a PSP console. Before putting the update into the system you will have to create a folder called PS3 then a folder called UPDATE once it has then been connected to the system you then navigate to system update then update via storage media.By allowing or pass judgment the system update new security can be put in place on the system, becau se Sony regularly release new firmware updates for the console the security of the device is constantly being updated.4.5 Specifications under are the specifications of the Playstation console.CPUCell Broadband EngineGPURSXAudio OutputLPCM 7.1ch, Dolby Digital, Dolby Digital Plus, Dolby True HD, DTS, DTS-HD, AAC depot256MB XDR Main RAM,256MB GDDR3 VRAMHard disk 2.5 serial ATA320GBInputs/OutputsHi-speed USB, USB 2.0NetworkingEthernet (10BASE-T, 100BASE-TX, 100BASE-T) x 1IEEE 802.11 b/gBluetooth 2.0 (EDR)Controller receiving set controller BluetoothResolution1080p, 1080i, 720p, 576p, 576iHDMI OUT connector1AV MILTI OUT connector1digital OUT connector1BD/DVD/CD drive Read rateBD x 2 (BD-ROM)DVD x 8 (DVD-ROM)CD x 24 (CD-ROM)PowerAC 200 -240 v, 50 / 60 HHHHzPower consumptionApprox 230wExternal DimensionsApprox 290 x 65 x 290mmMassApprox 3.0kgOperating temperature5 35 degreesThe Playstation 3 Console also includes RSA BSAFE Cryptographic software from RSA security Inc.RSA BSAFE software provides the security functionality essential to allow developers to meet the stringent FIPS 140 and Suite Requirements for offering products to the U.S. government agencies. (Appendix 18)Many leading companies including Adobe, Oracle, Hypercom, Skyworks, Sony and Nintendo blaspheme on RSA BSAFE software to provide the foundational security functionality by their respective software and device applications. (Appendix 18)RSA security protects the legality and confidentiality of information throughout his lifecycle, RSA offers industry leading solutions in identity assurance and access control, encryption pigment management, compliance and security information management and fraud protection. (Appendix 18)http//www.rsa.com/node.aspx?id=12044.6 File SharingThe Playstation 3 console also allows the ability for you to share files via the console and your desktop computer, to be able to do this you need to make sealed that both your computer and console are connected to the same netw ork. If you would like to stream all the media from your windows media player like music, videos and pictures. You can do this by button into tools and options of windows media player and selecting library, then configure sharing you then check the box that says share my media to and your Playstation 3 will be in the list. In the settings tab of this you can then select which media that you wish to share music, pictures, video you then click ok. If you then turn on the console you will then see thumbnails of the compatible media that can be played on the system.http//www.wirelesshdadapter.com/wp-content/uploads/Media%20Server%20Ps3%20Software_2.jpg (Appendix 17)4.7 previous workWhile completing research to find out if any other analysis of the Playstation console was carried out a topic was found published by the University of Central Florida where they conducted a Forensic Analysis of a Sony Playstation 3 Console, where they conducted a number of tests on the machine to see if an y of the data could be extracted from the console. The tests that they completed where the followingAn encryption test this test was to determine if it was possible to locate a picture once it had been copied to the console. The steps they took in completing this were to copy a image to a removable media, then plug this into the console and copy the image to the hard drive of the system, shut the console down and the image the hard drive. The next stage was to analyse the hard drive in FTK using its use of a data carving feature to see if the picture could be carved out of the image, although stated that FTK was unfulfilled in recognizeing files and folders on the partition (Appendix 6), even though only one tool was used date completing this task if other tools were used then maybe a different outcome would be found the tools that could be used alongside FTK to find the image could be scalpel or Photorec which are both data carving tools.The paper also talks about a write bloc ker test, where the hard drive was placed behind a write blocker before connecting the hard disk to the console, the consoles hard disk was then removed then placed behind a write blocker, then out of use(p) into the console, the console was then turned on and they found that the console would power up but not boot up, by replacing the write blocker with a bridge the console was to power and boot up as normal. (Appendix 6) The test result then explains that the console must be able to write to the hard drive before it will boot up, though it also shows that the hard drive does not have to be directly connected to the console (Appendix 6) regarding the result of this test a write blocker cannot be placed amongst the hard drive and the console or the console will not boot up.Although many other tests were performed on the console all the test results were inconclusive or controvert form this paper, they concluded in the end that Sony has successfully locked-down the PS3By using oth er tools that are an alternative to FTK, these tools might be able to identify something that FTK is unable to do thus providing more information to data on the HDD of the console.Another paper called Xbox 360 A digital forensic investigation of the hard disk drive (Appendix 4) was written with details and findings of the hard disk drive of the Xbox 360, where a USB drive was plugged into the machine and using Bus Doctor to analyse what was being written between the Xbox console are the hard disk drive. And states that it is seamless and not as intrusive as mod chipping or installing other operating systems (Appendix 4). This method could be applied to the Playstation 3 console to see what is being written between the console and the hard disk drive of the Sony console.4.8 Playstation 3 security architectureA pdf file was found that detailed the security architecture of the Playstation console, http//www.ps3news.com/PS3-Dev/playstation-3-security-architecture-pdf-released/ , the pa per details that the system controller for the console if CXD2973GB and this is the hardware that is amenable for powering up the CBEA processor and it is directly connected via BIO/IF hardware bus. The console also contains a secure boot the secure boot of the CBEA includes random selected SPE in order to avoid sniffing per boot, a fake encryption/decoding state in all other SPE during secure boot to add fake sequence, a subside line which is used to then decrypt the cite vault and or the boot code (Appendix 15).The key vault of the Playstation 3 is an encrypted file containing all the keys to trust devices and processes, hard disk AES keys (Appendix 15).5. SummaryThe research that has interpreted place shows all the relevant information about the Playstation 3 console, explaining what the machine allows you to do and how to update the firmware of the system. Although the system seems to be very secure, the images taken will be analysed to see if any relevant data can be taken from the disk these will be the objectives previously proposed, failing finding anything on the images of the HDD the console will be connected up to Bus Doctor a protocol analyzer to see what is happening when the system is booted up and what data can be captured. Although a paper has been written on the analysis of the Playstation 3 console (appendix 6) new hardware and software have come to market since the paper was written in 2009, the PS3 Jailbreak has made its way by being able to run unsigned code on the console and giving the user power to copy games to the hard drive of the console.6. Future Work/Where nextAfter and image of the Playstation HDD was taken, it was then loaded into FTK forensic toolkit where the contents of the disk was looked at. After loading it into the software immediately it could be noticed that the hard disk was encrypted, searches were completed to see if any string of text and data carved items could be found on the disk the result was negative.More images of the hard disk will be taken when performing tasks then loaded into the FTK toolkit program if no strings of text can be found another approach will have to take place, the use of other programs that are available Scalpel and Photorec can be used to identify any interesting information on the HDD of the console. Another approach would be to try and capture what is going on with the system when it is booted up because the encryption must be deactivated when the system is booted up to allow the system access to the hard disk.The other data carving tools that could be used in combination with FTK will be scalpel and photorec. Scalpel which reads the database of the header and the footer definitions and extracts matching files from a set of image files or raw device. Scalpel will carve files from FATx, NTFS, ext2/3 or raw partitions. (Appendix 12)Photorec which is a data recovery tool to recover lost files on hard disks and other media, Photorec ignores the file system of the media and goes after the underlying data, so the software will still work if the medias file system has been severely damaged or reformatted.(Appendix 13).Bus Doctor which allows to capture what is being called/written to the hard disk when the console has been turned on this can provide good information to find out what is happening when the console is turned on.during the research a website was found that describes how the psjailbreak now supports 3.42 and 3.50, which allows the user to run unapproved content on the system (pirated games), and also allows for the running of the Linux OS on the system. They sister site of this company (www.psdowngrade.com) allows the downgrading of the firmware of the system, if the psjailbreak is applied to the console maybe the decryption key can be found and then lead to the decryption of the HDD of the system. This could be done by plugging in the psjailbreak and finding out what calls it makes to the system and possibly the decryption can be f ound from this method. Another method would be to connect the Playstation system up to a protocol analyser (busdoctor) this will capture what data is written when the system is booted up.