Forensic Implications of Localized AI: Artifact Analysis of Ollama, LM Studio, and llama.cpp
Shariq Murtuza
TL;DR
This study systematically analyzes artifacts left by local LLM applications like Ollama, LM Studio, and llama.cpp on Windows and Linux, revealing key forensic evidence and implications for privacy and legal proceedings.
Contribution
It provides the first comprehensive forensic artifact analysis of popular local LLM clients, detailing evidence persistence, detection methods, and implications for digital investigations.
Findings
Recovered plaintext prompt histories in JSON files
Identified unique file signatures for detection
Documented differences in evidence persistence across applications
Abstract
The proliferation of local Large Language Model (LLM) runners, such as Ollama, LM Studio and llama.cpp, presents a new challenge for digital forensics investigators. These tools enable users to deploy powerful AI models in an offline manner, creating a potential evidentiary blind spot for investigators. This work presents a systematic, cross platform forensic analysis of these popular local LLM clients. Through controlled experiments on Windows and Linux operating systems, we acquired and analyzed disk and memory artifacts, documenting installation footprints, configuration files, model caches, prompt histories and network activity. Our experiments uncovered a rich set of previously undocumented artifacts for each software, revealing significant differences in evidence persistence and location based on application architecture. Key findings include the recovery of plaintext prompt…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDigital and Cyber Forensics · Personal Information Management and User Behavior · Cybercrime and Law Enforcement Studies