Authors: Maximilian Eichhorn, Janine Schneider, Gaston Pugliese
DFRWS EU 2024
Abstract
The video game industry has been experiencing consistent growth, accompanied by an increase in the number of players. After the remarkable success of the Nintendo Switch, it comes as no surprise that various other manufacturers have ventured into developing their own handheld gaming consoles. As a consequence, it is likely that these types of devices will be found more frequently in households in the near future and that they will start to play a more important role in forensic investigations. In light of this, we conducted a forensic examination of Valve’s recent Steam Deck console to assist forensic investigators in retrieving and interpreting digital evidence obtained from such devices. The Steam Deck console runs on SteamOS and ships with a custom version of Valve’s highly popular Steam gaming platform. Our examination encompasses exploring the console’s architecture, the SteamOS operating system, and the pre-installed cross-platform Steam client. Using differential forensic analysis, we systematically identify forensically relevant artifacts on the handheld console and report on their locations and contents. Based on our findings, we developed Autopsy plugins for the automated extraction of forensic artifacts from images taken of Steam Deck devices.