Ubuntu Artifacts Generated by the Gnome Desktop Environment

This research identifies Gnome Desktop Environment (GDE) artifacts and demonstrates their utility in Linux forensic examinations. The classic Linux forensic examination is tailored to computer intrusions of victim servers because the enterprise's critical Linux systems are typically web servers, mail servers, and database servers. However, the emphasis on intrusions and servers has two shortcomings. First, in addition to network intrusions, digital forensic labs examine specimens from various investigations: e.g., child exploitation, homicide, and financial crimes, to name a few. Second, the majority of Linux users run GUI-based desktop versions rather than command-line server versions. In these cases, the GDE may be used to install applications, run applications, open files, join Wi-Fi networks, and upload files. These point-and-click actions have been overlooked in the classic Linux examination; therefore, they will be explored in this research. Lastly, the importance of these GDE artifacts will be demonstrated in three practical scenarios.