The ChatGPT Windows application offers better user interaction in the Windows operating system (OS) by enhancing productivity and streamlining the workflow of ChatGPT's utilization. However, there are potential misuses associated with this application that require rigorous forensic analysis. This study presents a holistic forensic analysis of the ChatGPT Windows application, focusing on identifying and recovering digital artifacts for investigative purposes. With the use of widely popular and openly available digital forensics tools such as Autopsy, FTK Imager, Magnet RAM Capture, Wireshark, and Hex Workshop, this research explores different methods to extract and analyze cache, chat logs, metadata, and network traffic from the application. Our key findings also demonstrate the history of the application's chat, user interactions, and system-level traces that can be recovered even after deletion, providing critical insights into the crime investigation and, thus, documenting and outlining a potential misuse report for digital forensics.
View on arXiv@article{kankanamge2025_2505.23938,
title={ Digital Forensic Investigation of the ChatGPT Windows Application },
author={ Malithi Wanniarachchi Kankanamge and Nick McKenna and Santiago Carmona and Syed Mhamudul Hasan and Abdur R.Shahid and Ahmed Imteaj },
journal={arXiv preprint arXiv:2505.23938},
year={ 2025 }
}