Something I’m Working On
One of the classes I’m taking (small scale digital device forensics) has two ways to get an A in the course:
- Show up to all of the classes and do excellent on all labs, quizzes, homeworks, and tests.
- Show up to all of the classes and take on a project to advance the field of SSDD forensics.
I’m trying for option 2 right now. My project is pretty simple: Find a way to expedite the process of retrieving digital evidence from a Nintendo Wii.
Right now, the established method is pretty lame - You basically have to sit there with a camera and take pictures of every screen. My method would be a lot quicker: Stick an SD card with a special program in the slot, execute the Twilight Hack, and pull all of the data off the system. My goal is to do that, and then develop a program that categorizes all of that data into relevant categories:
- Messages
- Photos
- Play logs
- Browser history?
- Friend lists
My thought is that the Wii is a very closed system with the ability to exchange pictures, meaning it’d be perfect for child pornographers to swap their illicit wares. That, and little Jimmy might make a new friend online, put his friend code into his console, and then receive all kinds of interesting messages. Basically, I want to make it easier for law enforcement officials to get relevant data from the Wii quickly and easily.
I’m in the final stages of planning the project right now. All I need to do at this point is figure out how to get an MD5 hash of the system before dumping the data, and then my procedure is off to the professor and then some guys in New York for review.
If you enjoyed this post, make sure you subscribe to my RSS feed!
It sounds like a cool little project.
I will say, though, that there’s usually only one of two possible excuses that are used to justify data snooping: pedophiles and terroism. I kinda sighed when you pulled the pedo card.
Just gotta give this another link, too. Those damn pedos always ruining it for us.
Well, the idea is that the console is seized as part of a police investigation, and pulling the data requires a search warrant.
Also, the pedo card is pulled out quite frequently in this class, especially considering the professor has worked on a huge number of pedo cases involving computers, cell phones, xboxes, etc.
make sure you use multiple proxies when you test-load your Wii with CP
In that case I concede. If it’s part of a legitimate investigation with a search warrent, then I could see its usefulness as another legitimate police tool.
But really, whenever someone gives “pedo” as an excuse to do some data mining it immediately makes me skeptical because it’s just so overused as a method to stop detractors.
“What do you mean it’ll destroy the world, it’ll stop pedos!”