How Video Games Can Be Sources for Investigators
Video games can be fun, but who knew they also can be useful tools for IT forensic investigations?
To Brandon Nesbit, a security consultant at Trustwave, that Nintendo Wii or Sony Playstation 3 (PS3) some use for enjoyment can be a wealth of information. At the upcoming DEFCON security conference, Nesbit plans to offer insight into why video game consoles and games installed on a PC can be a boon to investigators who have traditionally overlooked them.
"For example, if someone is trying to prove that Suspect A was running an attack against a World of Warcraft server, there will be logs to indicate that fact within World of Warcraft," he explained. "Or if someone wants to defend themselves, they can say, 'whoa Mr. Investigator...check those logs, I was playing Team Fortress 2 at the time.' Keep in mind too, that logs are just a small piece of a very large pie. If an investigator wants to get a good idea as to the activities conducted on a system, this information is very important. "
"Moreover, if you have a video console it is important to keep in mind that this generation of video game consoles, and likely subsequent generations, is about controlling your living room," he added. "Meaning that a video game console no longer is just a toy that runs a game cartridge or CD/DVD. These devices now hook into your home network; allowing users to store everything from: files, pictures, movies, you name it...it can be stored. And where there's data, there is information that is of interest to a forensics investigator."
During his Aug. 1 presentation, Nesbit said he plans to focus on Wii, Microsoft Xbox 360, PS3 as well as some of the other more popular consoles and games being played today.
"The idea [is] that traditionally, in my experience at least, a forensics investigator will gloss over this type of evidence," he said. "I try to point out in the presentation that this should no longer happen as there's a wealth of information to be garnered, both on game consoles and PCs."