MMORPGs are a combination of RPGs and MMOGs in which millions of players worldwide play simultaneously. MMORPG is the most popular genre of gaming among millions of people. Many crimes are taking place due to MMORPGs such as homicides, sexual offences, theft, fraud, hacking etc. A study was conducted in order to detect information which is left by the MMORPGs in computer systems, which can also be used as corroborating evidence or real evidence connecting the suspect to the crime in cybercrime investigations. Eight games were selected (4 browser based, 4 client based) as samples, downloaded, installed and certain number of sessions were played. The hard disk which contained the sample was analyzed using Access Data’s FTK Imager for game information and chat histories. The client based games were uninstalled and analyzed as well. We found that browser based MMORPGs did not leave any traces of chat history but it had traces of important information such as URLs and timestamps. Client based MMORPGs left a lot of vital information as well as chat history. After uninstallation, the client based MMORPGs had yielded the same data as before uninstallation, but as deleted files. Thus, from this study we could prove that MMORPGs data can be detected and obtained from suspect hard disks and also can be used as corroborating evidence or real digital evidence which links the suspect directly to the crime in cybercrime investigations.

Context: In the field of digital forensics and cybercrime, determining the information left behind by various applications is a necessity. MMORPGs are one type of such applications that require in depth analysis as to the type of information that can be retrieved from the computer system that is being used by the games. This will further help forensic examiners to proceed in the right direction and create a protocol for analysis of such games.

Aim: To determine the information that can be retrieved from MMORPGs in a computer system.

Settings and Design: Experimental study conducted on a system with eight MMORPGs. The games were used and various activities including chatting was conducted on it and then information was searched for in the computer system.

Methods and Material: Eight games were selected (4 browser based, 4 client based) as samples, downloaded, installed and certain number of sessions were played. The hard disk which contained the sample was analyzed using Access Data’s FTK Imager for game information and chat histories. The client based games were uninstalled and analyzed as well.

Statistical Analysis Used:

Results: We found that browser-based MMORPGs did not leave any traces of chat history but it had traces of important information such as URLs and time stamps. Client-based MMORPGs left a lot of vital information as well as chat history. After uninstallation, the client[1] based MMORPGs had yielded the same data as before uninstallation, but as deleted files.

Conclusions: This study we could prove that MMORPGs data can be detected and obtained from suspect hard disks and also can be used as corroborating evidence or real digital evidence which links the suspect directly to the crime in cybercrime investigations.