Oliver Popov
ABSTRACT
The generative and transformative nature of the Internet which has become a synonym for the infrastructure of the contemporary digital society, is also a place where there are unsavoury and illegal activities such as fraud, human trafficking, exchange of control substances, arms smuggling, extremism, and terrorism. The legitimate concerns such as anonymity and privacy are used for proliferation of nefarious deeds in parts of the Internet termed as a deep web and a dark web. The cryptographic and anonymity mechanisms employed by the dark web miscreants create serious problems for the law enforcement agencies and other legal institutions to monitor, control, investigate, prosecute, and prevent the range of criminal events which should not be part of the Internet, and the human society in general. The paper describes the research on developing a framework for identifying, collecting, analysing, and reporting information from the dark web in a forensically sound manner. The framework should provide the fundamentals for creating a real-life system that could be used as a tool by law enforcement institutions, digital forensics researchers and practitioners to explore and study illicit actions and their consequences on the dark web. The design science paradigms is used to develop the framework, while international security and forensic experts are behind the ex-ante evaluation of the basic components and their functionality, the architecture, and the organization of the system. Finally, we discuss the future work concerning the implementation of the framework along with the inducement of some intelligent modules that should empower the tool with adaptability, effectiveness, and efficiency.
- J. H. Allen, S.Barnum, R. J. Ellison, G. McGraw, and Nancy R. Mead. 2008. Software Security Engineering. Addison-Wesley, Massachusetts, USA. Google Scholar
Digital Library
- E. Bursztein, J. Aigrain, A. Moscicki, and J.C. Mitchell. 2014. The end is nigh: Generic solving of text-based captchas. USENIX, San Diego, CA, USA. Google ScholarDigital Library
- E. Casey. 2010. Digital forensics investigation and handbook. Elsevier Academic Press, USA. Google ScholarDigital Library
- H. Chen. 2012. Dark web: Exploring and data mining the dark side of the web. Springer-Verlag New York. Google ScholarDigital Library
- H. Chen, W. Chung, J. Quin, E. Reid, M. Sageman, and G. Weinmann. 2008. Uncovering the Dark Web: A Case Study of Jihad on the Web. Journal of the American Society for Information Science and Technology 59, 8 (2008). Google ScholarDigital Library
- H. Chen and J. Xu. 2008. The Topology of Dark Networks. Communication of the ACM 51, 10 (2008). Google ScholarDigital Library
- European Council. {n. d.}. REGULATION (EU) 2016/679 - Directive 95/46/EC (General Data Protection Regulation). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN Retrieved 04/03/2018.Google Scholar
- J. Dalins, C. Wilson, and M. Carman. 2018. Criminal Motivation on the dark web: A Categorisation model for law enforcement. Digital Investigation 24, 1 (January 2018).Google ScholarCross Ref
- M. Denscombe. 2012. The good research guide for small-scale social research projects (fourth ed.). McGraw Hill, Glasgow, GB.Google Scholar
- E. Nunes, A. Diab, A. Gunn, M. Ericsson, M. Vineet, V. Mishra, V. Paliath, J. Robertson, J. Shakarian, A. Thart and P. Shakarian. 2016. Darknet and Deepnet Mining for Proactive Cyber Treat Intelligence. Intelligence and Security Informatics (ISI) (2016), 7--12.Google Scholar
- Europol. {n. d.}. Drugs and the darknet: Perspectives for enforcement, research and policy. https://www.europol.europa.eu/publications-documents/drugs-and-darknet-perspectives-for-enforcement-research-and-policyGoogle Scholar
- T. Fu, A. Abbasi, and H. Chen. 2010. The Forensic Investigation of Android Private Browsing Sessions using Orweb. Journal of the American Society for Information Science and Technology 61, 6 (2010).Google Scholar
- T. A. Ghaleb. 2015. Webiste Fingerprinting as a Cybercrime Investigation Model: Role and Challenges. In First International Conference on Anti-Cybercrime (ICACC). IEEE, 1--5.Google ScholarCross Ref
- S. Ghosh, A. Das, P. Porras, V. Yegneswaran, and A. Ghehani. 2017. Automated Categorization of Onion Sites for Analyzing the Darkweb Ecosystem. In KDD'17: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 1793--1802. Google ScholarDigital Library
- J. Hamill. {n. d.}. ISIS Encyclopedia of Terror: The secrets behind Islamic State's 'information Jihad' on the West revealed. https://www.mirror.co.uk/news/technology-science/technology/isis-encyclopedia-terror-secrets-behind-5528461 Retrieved 02/07/2018.Google Scholar
- R. S. Ieong. 2012. FORZA - Digital forensics investigation framework that incorporate legal issues. Digital Investigation: The International Journal of Digital Forensics and Incident Response archive 3, Supplement (2012), 29--36. Google ScholarDigital Library
- ISO. 1998. Ergonomic requirements for office work with visual display terminals (VDTs). Web. Retrieved June 05, 2018 from https://www.iso.org/standard/16883.htmlGoogle Scholar
- G. Kalpakis, T. Tsikrika, C. Iliou, T. Mironidis, S. Vrochidis, J. Middleton, U. Williamson, and Ioannis Kompatsiaris. 2016. Interactive Discovery and Retrieval of Web Resources Containing Home Made Explosive Recipes. In HAS 2016: Human Aspects of Information Security, Privacy, and Trust. Springer, 221--233.Google Scholar
- K.Kent, S. Chevalier, T. Grance, and H. Dang. 2001. What Does Usability Mean: Looking Beyond Ease of Use. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.460.4258&rep=rep1&type=pdf Retrieved 02/06/2018.Google Scholar
- K. Kent, S. Chevalier, T. Grance, and H. Dang. 2006. Guide to integrating forensic techniques into incident response. http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf Retrieved 22/6/2018.Google Scholar
- K. Hazel Kwon, J. Hunter Priniski, S. Sakar, J. Shakarian, and P. Shakarian. 2017. Crisis and Collective Problem Solving in Dark Web: An Exploration of a Black Hat Forum. In Proceedings of the 8th International Conference on Social Media & Society Article No. 45. ACM, 1--5. Google ScholarDigital Library
- X. Liu, Q. Liu, X. Wang, and Z. Jia. 2016. Fingerprinting Web Browser for Tracing Anonymous Web Attackers. In First International Conference on Data Science in Cyberspace (DSC). 222--229.Google Scholar
- M-H. Maras. 2015. Computer Forensics - Cybercriminals, Laws, and Evidence. Jones and Bartlett Learning, USA. Google ScholarDigital Library
- N. Mathewson. {n. d.}. Special Hostnames in Tor. "https://gitweb.torproject.org/torspec.git/tree/address-spec.txt" Retrieved 22/6/2018.Google Scholar
- R. McKemmish. 2008. When is Digital Evidence Forensically Sound?. In IFIP International Conference on Digital Forensics. Springer Link, 3--15.Google ScholarCross Ref
- E. R. Mumba and H. S. Venter. 2014. Testing and Evaluating The Hamonised Digital Forensic Investigation Process in Post Mortem Digital Investigations. In Fourth International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST). ADFSL, 85--99.Google Scholar
- J. Nielsen. {n. d.}. Usability 101: Introduction to Usability. https://www.nngroup.com/articles/usability-101-introduction-to-usability/ Retrieved 04/03/2018.Google Scholar
- P. Owen, P. Thomas, and D. McPhee. 2010. An Analysis of the Digital Forensic Examination of Mobile Phones. In Fourth International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST). IEEE, 25--29. Google ScholarDigital Library
- E. Perjons and P. Johannesson. 2012. A Design Science Primer. CreateSpace Independent Publishing Platform.Google Scholar
- V. Prevelakis and D. Spinellis. 2001. Sandboxing applications. USENIX, Boston, MA, USA, 119--126. Google ScholarDigital Library
- Tor Project. {n. d.}. Tor Project: Overview. https://www.torproject.org/about/overview.html.enGoogle Scholar
- Tor Project. {n. d.}. Tor Rendezvous Specification - Version 3. "https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt" Retrieved 23/6/2018.Google Scholar
- J.H Saltzer and M.H Schroeder. 1974. The Protection of Information in Computer Systems. 63, 9 (1974), 1278--1308.Google Scholar
- H. Sharp, Y. Rogers, and J. Preece. 2007. Interaction Design - beyond human-computer interaction (2nd ed.). Wiley, Barcelona, Spain. Google ScholarDigital Library
- D. Shinder. 2001. SolutionBase: Strengthen network defenses by using a DMZ. http://www.techrepublic.com/article/solutionbasedstrengthen-network-defenses-by-using-a-dmz/5756029 Retrieved02/06/2018.Google Scholar
- M. Spitters, F. Klaver, G. Koot, and M. van Staalduinen. 2015. Authorship Analysis on Dark Marketplace Forums. In European Intelligence and Security Informatics Conference. IEEE, 631--641. Google ScholarDigital Library
- A. Valjarevic and H. S. Venter. 2012. Harmonised Digital Forensic Investigation Process Model. In Information Security for South Africa (ISSA). IEEE, 1--10.Google Scholar
- G. Weimann. 2015. Going Dark: Terrorism on the Dark Web. Informing Science Journal 39, 3 (2015), 195--206.Google Scholar
- A. Zhang. 2013. Measurement and Analysis of Child Pornography Trafficking on P2P Networks. In World Wide Web Conference. ACM, 631--641. Google ScholarDigital Library
- M. Zhou, R. Zhang, W. Xie, W. Qian, and A. Zhou. 2010. Defining Digital Forensic Examination and Analysis tools using Abstraction Layers. In Security and privacy in cloud computing: A survey. In Semantics Knowledge and Grid (SKG), 2010 Sixth International. IEEE, 105--112. Google ScholarDigital Library
Index Terms
- A Framework for a Forensically Sound Harvesting the Dark Web
Recommendations
Classification of Illegal Activities on the Dark Web
ICISS '19: Proceedings of the 2nd International Conference on Information Science and SystemsThe strong anonymity and hard-to-track mechanisms of the dark web provide shelter for illegal activities. The illegal content on the dark web is diverse and frequently updated. Traditional dark web classification uses large-scale web pages for ...
OCR Meets the Dark Web: Identifying the Content Type Regarding Illegal and Cybercrime
Information Security ApplicationsAbstractThe dark web provides features such as encryption and routing changes to ensure anonymity and make tracking difficult. Cybercrimes exploit the characteristics to gain revenue by distributing illegal and cybercrime content through the dark web and ...
Forensic investigation of the dark web on the Tor network: pathway toward the surface web
AbstractThe Dark Web is notorious for being a huge marketplace that promotes illegal products such as indecent images of children, drug, private data, and stolen financial data. To track criminals on the Dark Web, several challenges, arising from the Dark ...
Comments