Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Cybercriminals Beware – Even Online Game Usage Leaves Evidence to be Found

April 4, 2019

The world of digital forensics encompasses a lot of digital media and devices, including gaming devices and video game data. Laura French of Forensic Magazine recently wrote an article about Minecraft forensics (to read the full article click here). The article talks about the use of online video games as a way for cyber criminals to conduct malicious deeds, and the forensic artifacts that can be potentially recovered by digital forensic examiners.

A study of what data can be found from the popular video game Minecraft was conducted by a team of researchers from the University of Salford, Manchester Metropolitan University and others. The researchers focused on what data could be retrieved from four different areas; the server-side data, the client data, data from live memory, and the network traffic from a computer as a means to play the video game. We were not entirely surprised by the amount of data that the researchers were able to find.

Evidentiary data found from the server included; the name of the Minecraft server, player’s username, login timestamps, and the server’s IP address, the user’s typed chats, the client’s IP address, a list of previous users connected to the specific server (containing their usernames and a server assigned identification number, “User Unique Identification Numbers” (UUIDs), for the users connecting to the server).

Data from the client that was obtained included items such as UUIDs, user email address and display name, user account number, full chat logs, IP address connected to, port number, the server’s IP address and name.

An examination of live memory was conducted by the researchers and they were able to find server IP address, the message of the day, the last chat communication from the client, additional chat communications by the client and corresponding timestamps, the client IP address, and the username and password used to login to the server.

By analyzing network traffic, the researchers were able to retrieve chat messages from the client, the message of the day, gameplay information was encoded as observed by the researchers.

This article details the wealth of digital evidence that may exist no matter what users do online, including online gaming. The study shows promising results, and information that may be critical to cybercrime investigations. And we all can agree, cybercriminals are not going to stop using online gaming platforms as a mechanism for their illegal activity anytime soon.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/