Give Me Steam: A Systematic Approach for Handling Stripped Symbols in Memory Forensics of the Steam Deck

Give Me Steam: A Systematic Approach for Handling Stripped Symbols in Memory Forensics of the Steam Deck

연구 분야: Safety

학회: ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security

The Steam Deck, developed by Valve, combines handheld gaming with desktop functionality, creating unique challenges for digital forensics due to its Linux-based SteamOS and its stripped symbol tables. This research addresses how to conduct reliable memory forensics on the Steam Deck. Employing the Linux Memory Extractor (LiME) and Volatility 3, we acquire and analyze volatile memory, a process complicated by Steam’s stripped symbol table that obscures forensic reconstruction of memory structures. Our approach reconstructs these symbols and adapts forensic tools to the Steam Deck’s architecture. Our results include the successful generation and validation of symbol tables and the patching of profiles to align with system configurations. During gameplay, we observed a significant increase in platform-related and game-related processes, highlighting the system’s dynamic operation while gaming. These findings contribute to improving forensic methodologies for similar Linux-based devices, enhancing our capability to extract valuable forensic data from modern gaming consoles.