Authors: Gus Pessolano (Norwich University), Huw Read (Norwich University), Iain Sutherland (Noroff University College), and Konstantinos Xynos (Noroff University College)
DFRWS USA 2019
Games consoles present a particular challenge to the forensics investigator due to the nature of the hardware and the inaccessibility of the file system. Many protection measures are put in place to make it deliberately difficult to access raw data in order to protect intellectual property, enhance digital rights management of software and, ultimately, to protect against piracy. History has shown that many such protections on game consoles are circumvented with exploits leading to jailbreaking/rooting and allowing unauthorized software to be launched on the games system. This paper details methods that enable the investigator to extract system activity, deleted images, Internet history items, relevant friends list information, the console’s serial number and plaintext WiFi access point passwords. This is all possible with the use of publicly available, open-source security circumvention techniques that perform a non-invasive physical dump of the internal NAND storage of the Nintendo 3DS handheld device. It will also be shown that forensic integrity is maintained and a detailed analysis is possible without altering original evidence.