While mainstream digital forensics usually targets common web browsers, messenger clients, and log files, how many people actually check gaming related applications? This presentation will cover the sometimes forgotten forensic artifacts left behind by in-game browsers, gaming chat application log files, and configuration files that store login credentials, and how they can be used to assist in a forensic investigation or a penetration test. Examination of these artifacts can sometimes lead to ways to make an investigation easier, or give new leads that will be useful for the investigation. Topics will include examples of weak password storage by gaming applications, in-game web browser forensics, and log files from gaming applications as a means of gathering more information for use in an investigation. This talk will also touch on exploiting some of these artifacts as a means of gaining additional information for use in a penetration test.
Demo code will be released for parsing of in-game browser cookies from select in-game browsers in the form of an addition to the Autopsy recent activity module, which will be submitted as a pull request to the main Autopsy Github repository.
Peter Clemenko III is a student at Wilmington University in Computer Network Security. He occasionally works on open source projects, and has developed an interest in forensic analysis of gaming applications and how they can be used to assist in a forensic investigation.