research-article

A Framework for a Forensically Sound Harvesting the Dark Web

Authors:

Jesper Bergman,

Christian ValassiAuthors Info & Claims

CECC 2018: Proceedings of the Central European Cybersecurity Conference 2018

Article No.: 13, Pages 1 - 7

https://doi.org/10.1145/3277570.3277584

Published: 15 November 2018 Publication History

Abstract

The generative and transformative nature of the Internet which has become a synonym for the infrastructure of the contemporary digital society, is also a place where there are unsavoury and illegal activities such as fraud, human trafficking, exchange of control substances, arms smuggling, extremism, and terrorism. The legitimate concerns such as anonymity and privacy are used for proliferation of nefarious deeds in parts of the Internet termed as a deep web and a dark web. The cryptographic and anonymity mechanisms employed by the dark web miscreants create serious problems for the law enforcement agencies and other legal institutions to monitor, control, investigate, prosecute, and prevent the range of criminal events which should not be part of the Internet, and the human society in general. The paper describes the research on developing a framework for identifying, collecting, analysing, and reporting information from the dark web in a forensically sound manner. The framework should provide the fundamentals for creating a real-life system that could be used as a tool by law enforcement institutions, digital forensics researchers and practitioners to explore and study illicit actions and their consequences on the dark web. The design science paradigms is used to develop the framework, while international security and forensic experts are behind the ex-ante evaluation of the basic components and their functionality, the architecture, and the organization of the system. Finally, we discuss the future work concerning the implementation of the framework along with the inducement of some intelligent modules that should empower the tool with adaptability, effectiveness, and efficiency.

References

[1]

J. H. Allen, S.Barnum, R. J. Ellison, G. McGraw, and Nancy R. Mead. 2008. Software Security Engineering. Addison-Wesley, Massachusetts, USA.

Digital Library

[2]

E. Bursztein, J. Aigrain, A. Moscicki, and J.C. Mitchell. 2014. The end is nigh: Generic solving of text-based captchas. USENIX, San Diego, CA, USA.

Digital Library

[3]

E. Casey. 2010. Digital forensics investigation and handbook. Elsevier Academic Press, USA.

Digital Library

[4]

H. Chen. 2012. Dark web: Exploring and data mining the dark side of the web. Springer-Verlag New York.

Digital Library

[5]

H. Chen, W. Chung, J. Quin, E. Reid, M. Sageman, and G. Weinmann. 2008. Uncovering the Dark Web: A Case Study of Jihad on the Web. Journal of the American Society for Information Science and Technology 59, 8 (2008).

Digital Library

[6]

H. Chen and J. Xu. 2008. The Topology of Dark Networks. Communication of the ACM 51, 10 (2008).

Digital Library

[7]

European Council. {n. d.}. REGULATION (EU) 2016/679 - Directive 95/46/EC (General Data Protection Regulation). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN Retrieved 04/03/2018.

[8]

J. Dalins, C. Wilson, and M. Carman. 2018. Criminal Motivation on the dark web: A Categorisation model for law enforcement. Digital Investigation 24, 1 (January 2018).

[9]

M. Denscombe. 2012. The good research guide for small-scale social research projects (fourth ed.). McGraw Hill, Glasgow, GB.

[10]

E. Nunes, A. Diab, A. Gunn, M. Ericsson, M. Vineet, V. Mishra, V. Paliath, J. Robertson, J. Shakarian, A. Thart and P. Shakarian. 2016. Darknet and Deepnet Mining for Proactive Cyber Treat Intelligence. Intelligence and Security Informatics (ISI) (2016), 7--12.

[11]

Europol. {n. d.}. Drugs and the darknet: Perspectives for enforcement, research and policy. https://www.europol.europa.eu/publications-documents/drugs-and-darknet-perspectives-for-enforcement-research-and-policy

[12]

T. Fu, A. Abbasi, and H. Chen. 2010. The Forensic Investigation of Android Private Browsing Sessions using Orweb. Journal of the American Society for Information Science and Technology 61, 6 (2010).

[13]

T. A. Ghaleb. 2015. Webiste Fingerprinting as a Cybercrime Investigation Model: Role and Challenges. In First International Conference on Anti-Cybercrime (ICACC). IEEE, 1--5.

[14]

S. Ghosh, A. Das, P. Porras, V. Yegneswaran, and A. Ghehani. 2017. Automated Categorization of Onion Sites for Analyzing the Darkweb Ecosystem. In KDD'17: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 1793--1802.

Digital Library

[15]

J. Hamill. {n. d.}. ISIS Encyclopedia of Terror: The secrets behind Islamic State's 'information Jihad' on the West revealed. https://www.mirror.co.uk/news/technology-science/technology/isis-encyclopedia-terror-secrets-behind-5528461 Retrieved 02/07/2018.

[16]

R. S. Ieong. 2012. FORZA - Digital forensics investigation framework that incorporate legal issues. Digital Investigation: The International Journal of Digital Forensics and Incident Response archive 3, Supplement (2012), 29--36.

Digital Library

[17]

ISO. 1998. Ergonomic requirements for office work with visual display terminals (VDTs). Web. Retrieved June 05, 2018 from https://www.iso.org/standard/16883.html

[18]

G. Kalpakis, T. Tsikrika, C. Iliou, T. Mironidis, S. Vrochidis, J. Middleton, U. Williamson, and Ioannis Kompatsiaris. 2016. Interactive Discovery and Retrieval of Web Resources Containing Home Made Explosive Recipes. In HAS 2016: Human Aspects of Information Security, Privacy, and Trust. Springer, 221--233.

[19]

K.Kent, S. Chevalier, T. Grance, and H. Dang. 2001. What Does Usability Mean: Looking Beyond Ease of Use. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.460.4258&rep=rep1&type=pdf Retrieved 02/06/2018.

[20]

K. Kent, S. Chevalier, T. Grance, and H. Dang. 2006. Guide to integrating forensic techniques into incident response. http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf Retrieved 22/6/2018.

[21]

K. Hazel Kwon, J. Hunter Priniski, S. Sakar, J. Shakarian, and P. Shakarian. 2017. Crisis and Collective Problem Solving in Dark Web: An Exploration of a Black Hat Forum. In Proceedings of the 8th International Conference on Social Media & Society Article No. 45. ACM, 1--5.

Digital Library

[22]

X. Liu, Q. Liu, X. Wang, and Z. Jia. 2016. Fingerprinting Web Browser for Tracing Anonymous Web Attackers. In First International Conference on Data Science in Cyberspace (DSC). 222--229.

[23]

M-H. Maras. 2015. Computer Forensics - Cybercriminals, Laws, and Evidence. Jones and Bartlett Learning, USA.

Digital Library

[24]

N. Mathewson. {n. d.}. Special Hostnames in Tor. "https://gitweb.torproject.org/torspec.git/tree/address-spec.txt" Retrieved 22/6/2018.

[25]

R. McKemmish. 2008. When is Digital Evidence Forensically Sound?. In IFIP International Conference on Digital Forensics. Springer Link, 3--15.

[26]

E. R. Mumba and H. S. Venter. 2014. Testing and Evaluating The Hamonised Digital Forensic Investigation Process in Post Mortem Digital Investigations. In Fourth International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST). ADFSL, 85--99.

[27]

J. Nielsen. {n. d.}. Usability 101: Introduction to Usability. https://www.nngroup.com/articles/usability-101-introduction-to-usability/ Retrieved 04/03/2018.

[28]

P. Owen, P. Thomas, and D. McPhee. 2010. An Analysis of the Digital Forensic Examination of Mobile Phones. In Fourth International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST). IEEE, 25--29.

Digital Library

[29]

E. Perjons and P. Johannesson. 2012. A Design Science Primer. CreateSpace Independent Publishing Platform.

[30]

V. Prevelakis and D. Spinellis. 2001. Sandboxing applications. USENIX, Boston, MA, USA, 119--126.

Digital Library

[31]

Tor Project. {n. d.}. Tor Project: Overview. https://www.torproject.org/about/overview.html.en

[32]

Tor Project. {n. d.}. Tor Rendezvous Specification - Version 3. "https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt" Retrieved 23/6/2018.

[33]

J.H Saltzer and M.H Schroeder. 1974. The Protection of Information in Computer Systems. 63, 9 (1974), 1278--1308.

[34]

H. Sharp, Y. Rogers, and J. Preece. 2007. Interaction Design - beyond human-computer interaction (2nd ed.). Wiley, Barcelona, Spain.

Digital Library

[35]

D. Shinder. 2001. SolutionBase: Strengthen network defenses by using a DMZ. http://www.techrepublic.com/article/solutionbasedstrengthen-network-defenses-by-using-a-dmz/5756029 Retrieved02/06/2018.

[36]

M. Spitters, F. Klaver, G. Koot, and M. van Staalduinen. 2015. Authorship Analysis on Dark Marketplace Forums. In European Intelligence and Security Informatics Conference. IEEE, 631--641.

Digital Library

[37]

A. Valjarevic and H. S. Venter. 2012. Harmonised Digital Forensic Investigation Process Model. In Information Security for South Africa (ISSA). IEEE, 1--10.

[38]

G. Weimann. 2015. Going Dark: Terrorism on the Dark Web. Informing Science Journal 39, 3 (2015), 195--206.

[39]

A. Zhang. 2013. Measurement and Analysis of Child Pornography Trafficking on P2P Networks. In World Wide Web Conference. ACM, 631--641.

Digital Library

[40]

M. Zhou, R. Zhang, W. Xie, W. Qian, and A. Zhou. 2010. Defining Digital Forensic Examination and Analysis tools using Abstraction Layers. In Security and privacy in cloud computing: A survey. In Semantics Knowledge and Grid (SKG), 2010 Sixth International. IEEE, 105--112.

Digital Library

Cited By

Ghanem MMulvihill POuazzane KDjemai RDunsin D(2023)D2WFP: A Novel Protocol for Forensically Identifying, Extracting, and Analysing Deep and Dark Web Browsing ActivitiesJournal of Cybersecurity and Privacy10.3390/jcp30400363:4(808-829)Online publication date: 15-Nov-2023
https://doi.org/10.3390/jcp3040036
Bergman JPopov O(2023)Exploring Dark Web Crawlers: A Systematic Literature Review of Dark Web Crawlers and Their ImplementationIEEE Access10.1109/ACCESS.2023.325516511(35914-35933)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3255165
Bergman JPopov O(2023)Recognition of tor malware and onion servicesJournal of Computer Virology and Hacking Techniques10.1007/s11416-023-00476-z20:2(261-275)Online publication date: 29-Apr-2023
https://doi.org/10.1007/s11416-023-00476-z
Show More Cited By

Index Terms

A Framework for a Forensically Sound Harvesting the Dark Web
1. Applied computing
  1. Computer forensics
    1. Evidence collection, storage and analysis

Recommendations

Classification of Illegal Activities on the Dark Web
ICISS '19: Proceedings of the 2nd International Conference on Information Science and Systems

The strong anonymity and hard-to-track mechanisms of the dark web provide shelter for illegal activities. The illegal content on the dark web is diverse and frequently updated. Traditional dark web classification uses large-scale web pages for ...
OCR Meets the Dark Web: Identifying the Content Type Regarding Illegal and Cybercrime
Information Security Applications
Abstract
The dark web provides features such as encryption and routing changes to ensure anonymity and make tracking difficult. Cybercrimes exploit the characteristics to gain revenue by distributing illegal and cybercrime content through the dark web and ...
Forensically ready digital identity management systems, issues of digital identity life cycle and context of usage

Collecting necessary digital and network forensics to prove the identity of an individual who is responsible for a crime, or suspected of a malicious attack, or has used a device during an incident, with minimum doubt to the court or other legitimate ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

CECC 2018: Proceedings of the Central European Cybersecurity Conference 2018

November 2018

109 pages

ISBN:9781450365154

DOI:10.1145/3277570

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

University of Maribor

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 November 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CECC 2018

CECC 2018: Central European Cybersecurity Conference 2018

November 15 - 16, 2018

Ljubljana, Slovenia

Acceptance Rates

CECC 2018 Paper Acceptance Rate 19 of 30 submissions, 63%;

Overall Acceptance Rate 38 of 65 submissions, 58%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
458
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)3

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ghanem MMulvihill POuazzane KDjemai RDunsin D(2023)D2WFP: A Novel Protocol for Forensically Identifying, Extracting, and Analysing Deep and Dark Web Browsing ActivitiesJournal of Cybersecurity and Privacy10.3390/jcp30400363:4(808-829)Online publication date: 15-Nov-2023
https://doi.org/10.3390/jcp3040036
Bergman JPopov O(2023)Exploring Dark Web Crawlers: A Systematic Literature Review of Dark Web Crawlers and Their ImplementationIEEE Access10.1109/ACCESS.2023.325516511(35914-35933)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3255165
Bergman JPopov O(2023)Recognition of tor malware and onion servicesJournal of Computer Virology and Hacking Techniques10.1007/s11416-023-00476-z20:2(261-275)Online publication date: 29-Apr-2023
https://doi.org/10.1007/s11416-023-00476-z
Ruiz Ródenas JPastor-Galindo JGómez Mármol F(2023)A general and modular framework for dark web analysisCluster Computing10.1007/s10586-023-04189-227:4(4687-4703)Online publication date: 6-Dec-2023
https://dl.acm.org/doi/10.1007/s10586-023-04189-2
Tazi FShrestha SDe La Cruz JDas S(2022)SoK: An Evaluation of the Secure End User Experience on the Dark Net through Systematic Literature ReviewJournal of Cybersecurity and Privacy10.3390/jcp20200182:2(329-357)Online publication date: 27-May-2022
https://doi.org/10.3390/jcp2020018
Uwasomba CLee YYusoff ZChin T(2022)Ontology-Based Methodology for Knowledge Acquisition from GroupwareApplied Sciences10.3390/app1203144812:3(1448)Online publication date: 29-Jan-2022
https://doi.org/10.3390/app12031448
Brinson RWimmer HChen L(2022)Dark Web Forensics: An Investigation of Tracking Dark Web Activity with Digital Forensics2022 Interdisciplinary Research in Technology and Management (IRTM)10.1109/IRTM54583.2022.9791646(1-8)Online publication date: 24-Feb-2022
https://doi.org/10.1109/IRTM54583.2022.9791646
Uwasomba CLee YYusoff ZMin C(2021)FHKG: A Framework to Harvest Knowledge from Groupware Raw Data for AI2021 IEEE International Conference on Computing (ICOCO)10.1109/ICOCO53166.2021.9673561(49-54)Online publication date: 17-Nov-2021
https://doi.org/10.1109/ICOCO53166.2021.9673561

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents