Forensics Analysis of an On-line Game over Steam Platform

  • Raquel Tabuyo-Benito
  • Hayretdin Bahsi
  • Pedro Peris-Lopez
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 259)


Currently on-line gaming represents a severe threat to the forensic community, as criminals have started to use on-line gaming as communication channels instead of traditional channels like WhatsApp or Facebook. In this paper, we describe a methodology developed after conducting an in-depth digital forensic analysis of the central artifacts of a popular video-game - Counter Strike Nexon Zombies video-game (Steam platform) - where valuable artifacts are those that related to the chatting features of the game. For our research we analyzed the network, volatile, and disk captures for two generated cases and focused on chat-feature inside and outside of the in-game rounds and the live chat done through YouTube Live Streaming. Our results provide the forensic community a complete guideline that can be used when dealing with a real criminal case in which there is a Steam video-game involved. Besides the forensic analysis, we found a security vulnerability (session hijacking) which was reported to the game manufacturer as soon it was discovered.


Digital forensics Network forensics Windows forensics Live forensics On-line gaming 



This work has been supported by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks) and by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV—Security mechanisms for fog computing: advanced security for devices).


  1. 1.
    Anglano, C.: Forensic analysis of whatsapp messenger on android smartphones. Digital Invest. 11(3), 201–213CrossRefGoogle Scholar
  2. 2.
    Bourne, W.: Youtube vs. twitch: how to make money live streaming (2018). Accessed 05 July 2018
  3. 3.
    Daniel, L.E.: Multiplayer game forensics (2018). Accessed 02 Feb 2018
  4. 4.
    Davies, M., Read, H., Xynos, K., Sutherland, I.: Forensic analysis of a sony playstation 4: a first look. Digital Invest. 12, 81–89CrossRefGoogle Scholar
  5. 5.
    Editor: Why online gaming is the new frontier for cybercrime (2015). Accessed 20 Jan 2018
  6. 6.
    Graff, G.M.: How a dorm room minecraft scam brought down the internet (2017). Accessed 20 Jan 2018
  7. 7.
    Grayson, N.: The counter-strike gambling scandal, explained. Accessed 20 Jan 2018
  8. 8.
    Jhala, G.J.: Whatsapp forensics: decryption of encrypted whatsapp databases on non rooted android devices. J. Inf. Technol. Software Eng. 5(2), 1 (2015)Google Scholar
  9. 9.
    Karpisek, F., Baggili, I., Breitinger, F.: Whatsapp network forensics: decrypting and understanding the whatsapp call signaling messages. Digital Invest. 15, 110–118 (2015)CrossRefGoogle Scholar
  10. 10.
    Khanji, S., Jabir, R., Iqbal, F., Marrington, A.: Forensic analysis of xbox one and playstation 4 gaming consoles. Digital Invest. 12, 81–89 (2016)Google Scholar
  11. 11.
    Lofgren, K.: Video game trends and statistics - who’s playing what and why? (2017). Accessed 20 Jan 2018
  12. 12.
    Mastroianni, B.: How terrorists could use video games to communicate undetected (2015). Accessed 20 Jan 2018
  13. 13.
    McKemmish, R.: What is Forensic Computing?. Australian Institute of Criminlogy, Canberra (1999). Art 118Google Scholar
  14. 14.
    McQuaid, J.: Skype Forensics: Analyzing Call and Chat Data from Computers and Mobile. MAGNET Forensics, Herndon (2014)Google Scholar
  15. 15.
    Moore, J., Baggili, I., Marrington, A., Rodrigues, A.: Preliminary forensic analysis of the xbox one. Digital Invest. 11, S57–S65 (2014)CrossRefGoogle Scholar
  16. 16.
    NETRESEC: Networkminer., Accessed 02 Feb 2018
  17. 17.
    NirSoft.: Chromecacheview. Accessed 02 May 2018
  18. 18.
    NirSoft: Jumplistview. Accessed 02 May 2018
  19. 19.
    Sgaras, C., Kechadi, M.-T., Le-Khac, N.-A.: Forensics acquisition and analysis of instant messaging and VoIP applications. In: Garain, U., Shafait, F. (eds.) IWCF 2012/2014. LNCS, vol. 8915, pp. 188–199. Springer, Cham (2015). Scholar
  20. 20.
    Smith, C.: 34 interesting steam statistics and facts (2018). Accessed 02 May 2018
  21. 21.
    Wireshark: About wireshark. Accessed 02 Feb 2018
  22. 22.
    Wong, K., Lai, A.C.T., Yeung, J.C.K., Lee, W.L., Chan, P.H.: Facebook Forensics, pp. 1–24. Valkyrie-X Security Research Group, Singapore (2013)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  • Raquel Tabuyo-Benito
    • 1
  • Hayretdin Bahsi
    • 1
  • Pedro Peris-Lopez
    • 2
  1. 1.Tallinn University of Technology, Center for Digital Forensics and Cyber SecurityTallinnEstonia
  2. 2.Universidad Carlos III de Madrid, COSEC LabGetafeSpain

Personalised recommendations