Give Me Steam: A Systematic Approach for Handling Stripped Symbols in Memory Forensics of the Steam Deck

Authors

Ruba Alsmadi, LSU College of Engineering
Taha Gharaibeh, LSU College of Engineering
Andrew Webb, LSU College of Engineering
Ibrahim Baggili, LSU College of Engineering

Document Type

Conference Proceeding

Publication Date

7-30-2024

Abstract

The Steam Deck, developed by Valve, combines handheld gaming with desktop functionality, creating unique challenges for digital forensics due to its Linux-based SteamOS and its stripped symbol tables. This research addresses how to conduct reliable memory forensics on the Steam Deck. Employing the Linux Memory Extractor (LiME) and Volatility 3, we acquire and analyze volatile memory, a process complicated by Steam's stripped symbol table that obscures forensic reconstruction of memory structures. Our approach reconstructs these symbols and adapts forensic tools to the Steam Deck's architecture. Our results include the successful generation and validation of symbol tables and the patching of profiles to align with system configurations. During gameplay, we observed a significant increase in platform-related and game-related processes, highlighting the system's dynamic operation while gaming. These findings contribute to improving forensic methodologies for similar Linux-based devices, enhancing our capability to extract valuable forensic data from modern gaming consoles.

Publication Source (Journal or Book title)

ACM International Conference Proceeding Series

Recommended Citation

Alsmadi, R., Gharaibeh, T., Webb, A., & Baggili, I. (2024). Give Me Steam: A Systematic Approach for Handling Stripped Symbols in Memory Forensics of the Steam Deck. ACM International Conference Proceeding Series https://doi.org/10.1145/3664476.3670903