Digital Forensic Investigation of the ChatGPT Windows Application

• URL: http://arxiv.org/abs/2505.23938v1
• Date: Thu, 29 May 2025 18:41:13 GMT
• Title: Digital Forensic Investigation of the ChatGPT Windows Application
• Authors: Malithi Wanniarachchi Kankanamge, Nick McKenna, Santiago Carmona, Syed Mhamudul Hasan, Abdur R. Shahid, Ahmed Imteaj,
• Abstract summary: This study focuses on identifying and recovering digital artifacts for investigative purposes.<n>This research explores different methods to extract and analyze cache, chat logs, metadata, and network traffic from the application.<n>Our key findings also demonstrate the history of the application's chat, user interactions, and system-level traces that can be recovered even after deletion.
• Score: 0.037698262166557465
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The ChatGPT Windows application offers better user interaction in the Windows operating system (OS) by enhancing productivity and streamlining the workflow of ChatGPT's utilization. However, there are potential misuses associated with this application that require rigorous forensic analysis. This study presents a holistic forensic analysis of the ChatGPT Windows application, focusing on identifying and recovering digital artifacts for investigative purposes. With the use of widely popular and openly available digital forensics tools such as Autopsy, FTK Imager, Magnet RAM Capture, Wireshark, and Hex Workshop, this research explores different methods to extract and analyze cache, chat logs, metadata, and network traffic from the application. Our key findings also demonstrate the history of the application's chat, user interactions, and system-level traces that can be recovered even after deletion, providing critical insights into the crime investigation and, thus, documenting and outlining a potential misuse report for digital forensics.

Related papers

• First Steps, Lasting Impact: Platform-Aware Forensics for the Next Generation of Analysts [0.0]
  Disk and memory forensic acquisition techniques across samples representing Windows and Linux systems.<n>Windows typically supports reliable disk imaging and analysis through established tools such as FTK Imager and Autopsy/Sleuth Kit.<n> Linux environments, which rely on file systems like ext4 and XFS, generally offer greater transparency.<n>Memory analysis on Linux systems benefits from tools like LiME, snapshot utilities, and dd for memory acquisition.
  arXiv  Detail & Related papers  (2026-01-29T19:43:46Z)
• An Identity and Interaction Based Network Forensic Analysis [0.7957417670045067]
  This paper presents experiments designed to create a novel NFAT approach that can identify users and understand how they are using network based applications.<n>The experiments profiled across 27 users, has yielded an average 93.3% True Positive Identification Rate (TPIR)<n>Skype, Wikipedia and Hotmail services achieved a notably high level of recognition performance.
  arXiv  Detail & Related papers  (2025-03-24T10:52:23Z)
• Forensic Video Analytic Software [1.55172825097051]
  Law enforcement officials heavily depend on Forensic Video Analytic (FVA) Software in their evidence extraction process. The term forensic pertains the application of scientific methods to the investigation of crime through post-processing, whereas surveillance is the close monitoring of real-time feeds. This project has resulted in three research outcomes Moving Object Based Collision Free Video Synopsis, Forensic and Surveillance Analytic Tool Architecture and Tampering Detection Inter-Frame Forgery.
  arXiv  Detail & Related papers  (2023-09-17T18:02:43Z)
• Detecting Relevant Information in High-Volume Chat Logs: Keyphrase Extraction for Grooming and Drug Dealing Forensic Analysis [2.1638802483603987]
  This paper presents a supervised keyphrase extraction approach to detect relevant information in high-volume chat logs involving grooming and drug dealing. The proposed method, JointKPE++, builds upon the JointKPE keyphrase extractor by employing improvements to handle longer texts effectively.
  arXiv  Detail & Related papers  (2023-09-15T03:18:31Z)
• ChatGPT for Digital Forensic Investigation: The Good, The Bad, and The Unknown [0.36748639131154304]
  This paper assesses the impact and potential impact of ChatGPT on the field of digital forensics. A series of experiments are conducted to assess its capability across several digital forensic use cases. Overall this paper concludes that while there are some potential low-risk applications of ChatGPT within digital forensics, many are either unsuitable at present.
  arXiv  Detail & Related papers  (2023-07-10T20:07:30Z)
• PyRCA: A Library for Metric-based Root Cause Analysis [66.72542200701807]
  PyRCA is an open-source machine learning library of Root Cause Analysis (RCA) for Artificial Intelligence for IT Operations (AIOps) It provides a holistic framework to uncover the complicated metric causal dependencies and automatically locate root causes of incidents.
  arXiv  Detail & Related papers  (2023-06-20T09:55:10Z)
• To ChatGPT, or not to ChatGPT: That is the question! [78.407861566006]
  This study provides a comprehensive and contemporary assessment of the most recent techniques in ChatGPT detection. We have curated a benchmark dataset consisting of prompts from ChatGPT and humans, including diverse questions from medical, open Q&A, and finance domains. Our evaluation results demonstrate that none of the existing methods can effectively detect ChatGPT-generated content.
  arXiv  Detail & Related papers  (2023-04-04T03:04:28Z)
• Finding Facial Forgery Artifacts with Parts-Based Detectors [73.08584805913813]
  We design a series of forgery detection systems that each focus on one individual part of the face. We use these detectors to perform detailed empirical analysis on the FaceForensics++, Celeb-DF, and Facebook Deepfake Detection Challenge datasets.
  arXiv  Detail & Related papers  (2021-09-21T16:18:45Z)
• Relational Graph Neural Networks for Fraud Detection in a Super-App environment [53.561797148529664]
  We propose a framework of relational graph convolutional networks methods for fraudulent behaviour prevention in the financial services of a Super-App. We use an interpretability algorithm for graph neural networks to determine the most important relations to the classification task of the users. Our results show that there is an added value when considering models that take advantage of the alternative data of the Super-App and the interactions found in their high connectivity.
  arXiv  Detail & Related papers  (2021-07-29T00:02:06Z)
• Automated Artefact Relevancy Determination from Artefact Metadata and Associated Timeline Events [7.219077740523683]
  Case-hindering, multi-year digital forensic evidence backlogs have become commonplace in law enforcement agencies throughout the world. This is due to an ever-growing number of cases requiring digital forensic investigation coupled with the growing volume of data to be processed per case. Leveraging previously processed digital forensic cases and their component artefact relevancy classifications can facilitate an opportunity for training automated artificial intelligence based evidence processing systems.
  arXiv  Detail & Related papers  (2020-12-02T14:14:26Z)
• Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
  adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
  arXiv  Detail & Related papers  (2020-08-17T07:16:57Z)
• Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process [63.75363908696257]
  We review the methods that have been applied to network data with the purpose of developing an intrusion detector. We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods. As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
  arXiv  Detail & Related papers  (2020-01-27T11:21:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.