SlideShare una empresa de Scribd logo

Dark Web Forensics

Deepak Kumar (D3)
Deepak Kumar (D3)

The concept of online anonymity refers to keeping the identity of communicators hidden. Online privacy is more than just encrypting and decrypting data; it also includes the concealment of identity. The Dark Web is a section of the Internet that achieves the highest levels of anonymity and security. Dark Web, which, unlike the normal web, requires specialized access procedures, is regarded as the "Evil Twin of the Internet" since more than 57 percent of its area is occupied with unlawful content.

Educación
1 de 38
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Image Credit: gifer.com
DISCLAIMER The views expressed in this presentation is for educational & research purposes only and may be controversial. Do not attempt to violate the law with anything contained here. of this material nor the else affiliated in any way is liable for your actions. The purpose of this presentation is to share, discuss, knowledge and experience happening in the cyber world. Thank You! DarkWeb Forensics : Overview
The Technology World Always has the Sharpest Brains... There are equally sharp minds, working against you… Src : Securus First D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
CYBER Of THINGS : EVERYTHING IS DIGITAL D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE C Factor and all are interrelated CYBER CRIME CYBER SECURITY CYBER TERRORISM DarkWeb Forensics : Overview
CYBER RELATED CRIMES D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE Online Financial Frauds Social Media Related Data Breaches Ransomwares Online Phishing Hacking, Sabotaging Eavesdroppin g & Surveillance Crypto- related/MLM Dark Web Related, Illegal Goods DarkWeb Forensics : Overview
Some Biggest Data Breaches (India/International) TARGET ICLOUD ANTHEM UBISOFT GAANA OPM ASHLEY MADISON • Personally Identiable Information (PII) and intellectual property (IP) are the top targets • 205 Avg. days to discover breach & most breaches are discovered by third parties D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview EBAY ADOBE
CRITICAL INFORMATION INFRASTRUCTURES (CII) EDUCATION WATER DEFENCE TELECOMMUNICATION FINANCIAL GOVERNMENT HOSPITAL INDUSTRY ENERGY TRANSPORTATION Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and economy. Most commonly associated with the term are facilities for: • Amateurs hack systems, professionals hack people. — Bruce Schneier • Don’t assume that you’re not a target. Draw up battle plans. Learn from the mistakes of others D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
KNOW THE WEB D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
Understand the Masala under Cyber Market According to the research results from TorStatus, TechRepublic, WIRED, Intelliagg report, SecureWorks Reports, BBCiWonder the record of activities has been discovered under the dark web : File Sharing - 29% Leaked Data selling - 28% Financial Fraud - 12% News and Media - 10% Promotion of Illegal items- 6% Discussion Forums - 5% Drugs selling - 4% Internet and computing by Dark Web visitors(Except criminals who are random or occasional visitors just) - 3% Hacking - 3% Selling of Weapons - 0.3%-- D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
Cyber-Crime Tools Used • The operators in the Deep Web and Dark Web use tools which ensure the anonymity of their identity, location, transactions, and payments • The Onion Routing (ToR) network provides anonymous browsing and access to the Deep Web sites that are identified as *.onion. • Freenet, ZeroNet: peer to peer (P2P) platform for censorship-resistant communication. • Invisible Internet Project (I2P) is a fully encrypted private network layer. • Use of Bitcoins helps keep transactions anonymous as this system does not identify the buyer / seller or payer/payee except as a hash value. In addition bitcoins can be converted to cash in currencies across the world and thus provide an unidentifiable means of stashing and transferring money. • Tor is a special network of computers on the Internet, distributed around the world. • https://www.torproject.org) • Bitcoins are an anonymous, decentralized form of electronic currency • like "cash" in cyberspace - anonymous. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview • Freenet : https://freenetproject.org • ZeroNet : https://zeronet.io • I2P : https://geti2p.net/en
Crooks are smarter – and now it’s cheaper than ever! They can buy malware, attack kits, and even ‘Crimeware-as-a-Service’! It's as cheap as… Drive-by Download tool kit rental $100/WEEK Credit card details $ 0.50/CARDS DDoS attacks $10/DAY Stolen gaming accounts $10 EACH Verified Spam Email Blasts $70/MILLION • India and Union Cabinet has already approved the ‘Smart Cities Mission’, with an outlay of 48,000 crores, under which 100 new ‘Smart Cities’ would be developed. DarkWeb Forensics : Overview
Cyber-Crime Market Prices Src : Trend Micro • Is the Black market illegal? • A black market or underground economy is the market in which goods or services are traded illegally. The key distinction of a black market trade is that the transaction itself is illegal. The goods or services may or may not themselves be illegal to own, or to trade through other, legal channels. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
Drug dealers was selling COVID vaccines on the Darkweb Multiple vendors on the darknet who appeared to be selling doses of the Pfizer/BioNTech vaccine to global customers for as much as $1,300 a piece.” wrote Gavin Butler. Source: VICE World News D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview This threat actor was offering COVID19 Vaccine on the underground for $250. Overnight deliveries in the USA. Source : Sixgill
C3 : Cyber-crime , Cyber-war , Cyber-terrorism D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
WEB INTELLIGENCE (WEBINT) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Surface, Tor (The Onion Router) , I2P (Invisible Internet Project), Freenet Expert Team TTPs aware Profiled Syndicate
Stamped CYBER Market & Forums • Silk Road provided a platform for drug dealers around the world to sell narcotics through the Internet • 950,000+ registered user • Taken down Sep 2013 • Darkmarket facilitated the buying & selling of stolen financial information • Had 2500+ members • Taken down in 2010 Sites like Silk Road and DarkMarket operate in the Deep Web / Dark Web offering illegal services D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Several Collaborative Operations by International Agencies & organisation such as AlphaBay, Hansa, and Dream Market •Ross Ulbricht advertised Silk Road on a bitcoin forum – a breakthrough discovered by a tax investigator using Google •Vanity Jones, a major player on Silk Road, was ousted as Thomas Clark when his identity discovered on an old cannabis forum •David Ryan Burchard attempted to trademark his brand of marijuana sold on the dark web in his name.
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview NCB BUSTED AN INTERNATIONAL DRUGS TRAFFICKING SYNDICATE OPERATING VIA DARKWEB
FORENSICS ANALYSIS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview RAID, SEARCH & SEIZURE : LIVE DEAD
FORENSICS PROCEDURE D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview 1. FOLLOW PROPER STANDARD CHAIN OF CUSTODY (COC), GUIDELINES (SOP) 2. SEARCH & COLLECT DIGITAL EVIDENCES, DOCUMENTATION 3. WRITE-BLOCKER, PORTABLE UTILITIES, SEARCH WITH SET OF KEYWORDS, RAM-DUMP, TRIAGE (obtain HASH) 4. SEIZE EVIDENCES, SEND TO FORENSICS LAB (if required compliance Sec 65B OF Indian Evidence Act , 1872) 5. INVESTIGATION AND ATTRIBUTION ON COLLECTED INFORMATION, AUDIT TRAIL, LEGAL REQUISITION 6. WEBINT, CYBER THREAT INTELLIGENCE, AND REPORTING
FORENSICS FOOTPRINTS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE From evidence storage, email, deleted data, running apps, relevant artefacts etc RAM Memory, Pagefile.sys Windows Triage analysis, Registries entries, Prefecth File, MRU last activities DataTor : State and Torrc (contains path) DataBrowser : Compatibility.ini, Extension.ini Brower History time stamp (Places.sqlite under Profile) Extract Crypto Footprints, wallets, keys, USB (hardware wallet artefacts) Lock the time period in GMT, Users credentials in case Search engines General, Cluster Analysis, Multi Search, Metadata, Subject Related. Example: Ahmia.fi, Darkowl, Kilos, Torch, Candle, SearX, Tor66 (Old Gram) etc Channels forums Securedrop, Deepweb radio, Tunnel, Krumble etc Mailpile, Riseup, Onionscan, Hunchly, Reddit Tor2web Gateways (.to, .casa, .direct, .rip, etc) International Cooperation : Multilateral, MLAT/LR, ISAC, Coordination, CTI PHASE 1 PHASE 2 PHASE 3 DarkWeb Forensics : Overview
FOOTPRINTS ARTIFACTS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE ToR Browser State artefacts Access info timeframe DarkWeb Forensics : Overview
Footprints artifacts cont.. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Browser artefacts Sqlite database info DarkWeb Forensics : Overview
Footprints artifacts cont.. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Registry Details During Live Triage Search with the keywords DarkWeb Forensics : Overview
Investigation HUMINT D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE •Tor hidden service has an associated SSL •Searching Shodan for Hidden Services •Checking an IP Address for Tor Usage such as ExoneraTor •Directory listing (mod status) •Source Code Website (.Conf) •Verbose Signature (tokens), Error •Badly configured services •Reverse Domain •Metadata Analysis of Image, Video, Keyword Search • … DarkWeb Forensics : Overview
SOME DARKWEB SEARCH ENGINES D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
WebPage Analysis D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Study the source code, js, weblinks etc
LINKAGE WITH ADVERSARIES D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Role of criminal OSINT + LEA/LEGAL/Authorities + FORENSICS REVERSE IMAGE SEARCH OF SUSPECT’S
TRENDING THINGS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE ✓ EXPLOIT KITS: Angler, MPack, Phoenix, Blackhole, Crimepack, RIG, Nuclear, Neutrino, and Magnitude, etc ✓ Phishing KIT: Mephistophilus ✓ DRUG, Pharmaceuticals, Narco related ✓ CRYPTO for Terror Financing ✓ Child Sexual Abuse/Exploitation, CP, CyberSex Trafficking ✓ Ransomware as a Service, Selling Breached Data, PII ✓ Fake Indian Currency Notes (FICN) ✓ Counterfeit Goods, Weapons etc…. DarkWeb Forensics : Overview
Google Trends D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
DIGITAL FOOTPRINTS FORENSICS (R3E) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Reconnaissance • Crawler, Sensor, API, NLP, Bots, AI & ML, Algo, Breached Data, Red/Blue Team assessment, etc Record • Inventory, Indexing, Cluster, Database, Grouping, Filter, Integrated Various Data Sources, ISAC Research • Tailor-made investigations, Node, Pattern, Trend, Mapping Adversary, Time based, Cyber Threat Int, Influencer, Prediction, Enforcement • Legal, Lead, Co- ordination, Joint Investigation, Operation, MLAT, SOS DarkWeb Forensics : Overview
D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE WEBINT • Disseminate to Concern • Investigation • Forensics Output COTS Twitter iMessengers Maltego Etc. Processing There are three main steps in analysing web media: • Data identification, • Data analysis, and • Information interpretation. Gather actionable insights in raw form concerning to Subject, etc. Input DarkWeb Forensics : Overview
Resources • Wiki , ToR, Rands, Homeland security, Kaspersky , TrendMicro, Dell, Bright talk, Securus First, National Research Council, Fas, General Accounting Office, Cyber Conflict Studies Association, Strategic Studies Quarterly, Center for Strategic and International Studies, and Monitor reporting • See http://www.bloomberg.com/politics/articles/2015-01-07/clapper-warns-of-more-potential-north-korean-hacksafter-sony. • For additional information, see CRS Report RL33123, Terrorist Capabilities for Cyberattack: Overview and Policy Issues, by John W. Rollins and Clay Wilson. • See “Challenges Remain in DHS’ Efforts to Security Control Systems,” Department of Homeland Security, Office of Inspector General, August 2009. For a discussion of how computer code may have caused the halting of operations at an Iranian nuclear facility see CRS Report R41524, The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability, by Paul K. Kerr, John W. Rollins, and Catherine A. Theohary. • Executive Assistant Director Shawn Henry, Responding to the Cyber Threat, Federal Bureau of Investigation, Baltimore, MD, 2011. • Department of Defense Deputy Secretary of Defense William J. Lynn III, “Defending a New Domain,” Foreign Affairs, October 2010. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
Mail D3pak@Protonmail.com Resources D3pakblog.wordpress.com Twitter/Telegram @D3pak D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE

Recomendados

Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensicsChaitanya Dhareshwar
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Tor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSTor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSReality Net System Solutions
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 

Recomendados

Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensicsChaitanya Dhareshwar
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Tor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSTor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSReality Net System Solutions
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicspranjal dutta
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc Cyber Threat Intelligence Network
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2Manu Mathew Cherian
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media ForensicsJohn J. Carney, Esq.
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Browser forensics
Browser forensicsBrowser forensics
Browser forensicsPrince Boonlia
 
Router forensics
Router forensicsRouter forensics
Router forensicsTaruna Chauhan
 
Cyber crime ppt new
Cyber crime ppt newCyber crime ppt new
Cyber crime ppt newOnkar1431
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics pptOECLIB Odisha Electronics Control Library
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & securitynadikari123
 
Cyber Forensics
Cyber Forensics Cyber Forensics
Cyber Forensics Deepak Kumar (D3)
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 

Más contenido relacionado

La actualidad más candente

Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Cyber crime ppt new
Cyber crime ppt newCyber crime ppt new
Cyber crime ppt newOnkar1431
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & securitynadikari123
 

La actualidad más candente (20)

CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media Forensics
 
Email investigation
Email investigationEmail investigation
Email investigation
 
Browser forensics
Browser forensicsBrowser forensics
Browser forensics
 
Router forensics
Router forensicsRouter forensics
Router forensics
 
Cyber crime ppt new
Cyber crime ppt newCyber crime ppt new
Cyber crime ppt new
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & security
 

Similar a Dark Web Forensics

Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxdarkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxGeetha982072
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504 Prashant Rana
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
 
Iurii Garasym. The future crimes and predestination of cyber security. Though...
Iurii Garasym. The future crimes and predestination of cyber security. Though...Iurii Garasym. The future crimes and predestination of cyber security. Though...
Iurii Garasym. The future crimes and predestination of cyber security. Though...IT Arena
 
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Abzetdin Adamov
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its securityAshwini Awatare
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its securityAshwini Awatare
 
Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?hackdemocracy
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in ActionSatnam Singh
 
ppt.TECHNICALfffgvggfssdcvvvgggfddffg.pptx
ppt.TECHNICALfffgvggfssdcvvvgggfddffg.pptxppt.TECHNICALfffgvggfssdcvvvgggfddffg.pptx
ppt.TECHNICALfffgvggfssdcvvvgggfddffg.pptxGeetha982072
 

Similar a Dark Web Forensics (20)

Cyber Forensics
Cyber Forensics Cyber Forensics
Cyber Forensics
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxdarkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
 
Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : Overview
 
Godfather 2.0
Godfather 2.0Godfather 2.0
Godfather 2.0
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
 
Iurii Garasym. The future crimes and predestination of cyber security. Though...
Iurii Garasym. The future crimes and predestination of cyber security. Though...Iurii Garasym. The future crimes and predestination of cyber security. Though...
Iurii Garasym. The future crimes and predestination of cyber security. Though...
 
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its security
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its security
 
unit-1.pptx
unit-1.pptxunit-1.pptx
unit-1.pptx
 
Darknet
DarknetDarknet
Darknet
 
Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in Action
 
ppt.TECHNICALfffgvggfssdcvvvgggfddffg.pptx
ppt.TECHNICALfffgvggfssdcvvvgggfddffg.pptxppt.TECHNICALfffgvggfssdcvvvgggfddffg.pptx
ppt.TECHNICALfffgvggfssdcvvvgggfddffg.pptx
 

Más de Deepak Kumar (D3)

Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
How to social/official network
How to social/official networkHow to social/official network
How to social/official networkDeepak Kumar (D3)
 

Más de Deepak Kumar (D3) (20)

Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
 
THINK
THINKTHINK
THINK
 
Cyber Security Tips
Cyber Security TipsCyber Security Tips
Cyber Security Tips
 
CISSP INFORGRAPH MINDMAP
CISSP INFORGRAPH MINDMAPCISSP INFORGRAPH MINDMAP
CISSP INFORGRAPH MINDMAP
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & Tips
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber Crime
 
21st Century Cyber Forensics
21st Century Cyber Forensics21st Century Cyber Forensics
21st Century Cyber Forensics
 
Phishing
PhishingPhishing
Phishing
 
IoT
IoTIoT
IoT
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Ransomware
Ransomware Ransomware
Ransomware
 
Success Mantra
Success MantraSuccess Mantra
Success Mantra
 
Facebook Security Tips
Facebook Security TipsFacebook Security Tips
Facebook Security Tips
 
DDOS
DDOS DDOS
DDOS
 
Registry Registrar Registrant
Registry Registrar RegistrantRegistry Registrar Registrant
Registry Registrar Registrant
 
Whatsapp
WhatsappWhatsapp
Whatsapp
 
How to social/official network
How to social/official networkHow to social/official network
How to social/official network
 
Sexting
SextingSexting
Sexting
 
Phishing Scam
Phishing ScamPhishing Scam
Phishing Scam
 

Último

Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 

Último (20)

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 

Dark Web Forensics

  • 1.
  • 2. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Image Credit: gifer.com
  • 3. DISCLAIMER The views expressed in this presentation is for educational & research purposes only and may be controversial. Do not attempt to violate the law with anything contained here. of this material nor the else affiliated in any way is liable for your actions. The purpose of this presentation is to share, discuss, knowledge and experience happening in the cyber world. Thank You! DarkWeb Forensics : Overview
  • 4. The Technology World Always has the Sharpest Brains... There are equally sharp minds, working against you… Src : Securus First D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 5. CYBER Of THINGS : EVERYTHING IS DIGITAL D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE C Factor and all are interrelated CYBER CRIME CYBER SECURITY CYBER TERRORISM DarkWeb Forensics : Overview
  • 6. CYBER RELATED CRIMES D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE Online Financial Frauds Social Media Related Data Breaches Ransomwares Online Phishing Hacking, Sabotaging Eavesdroppin g & Surveillance Crypto- related/MLM Dark Web Related, Illegal Goods DarkWeb Forensics : Overview
  • 7. Some Biggest Data Breaches (India/International) TARGET ICLOUD ANTHEM UBISOFT GAANA OPM ASHLEY MADISON • Personally Identiable Information (PII) and intellectual property (IP) are the top targets • 205 Avg. days to discover breach & most breaches are discovered by third parties D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview EBAY ADOBE
  • 8. CRITICAL INFORMATION INFRASTRUCTURES (CII) EDUCATION WATER DEFENCE TELECOMMUNICATION FINANCIAL GOVERNMENT HOSPITAL INDUSTRY ENERGY TRANSPORTATION Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and economy. Most commonly associated with the term are facilities for: • Amateurs hack systems, professionals hack people. — Bruce Schneier • Don’t assume that you’re not a target. Draw up battle plans. Learn from the mistakes of others D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 9. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 10. KNOW THE WEB D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 11. Understand the Masala under Cyber Market According to the research results from TorStatus, TechRepublic, WIRED, Intelliagg report, SecureWorks Reports, BBCiWonder the record of activities has been discovered under the dark web : File Sharing - 29% Leaked Data selling - 28% Financial Fraud - 12% News and Media - 10% Promotion of Illegal items- 6% Discussion Forums - 5% Drugs selling - 4% Internet and computing by Dark Web visitors(Except criminals who are random or occasional visitors just) - 3% Hacking - 3% Selling of Weapons - 0.3%-- D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 12. Cyber-Crime Tools Used • The operators in the Deep Web and Dark Web use tools which ensure the anonymity of their identity, location, transactions, and payments • The Onion Routing (ToR) network provides anonymous browsing and access to the Deep Web sites that are identified as *.onion. • Freenet, ZeroNet: peer to peer (P2P) platform for censorship-resistant communication. • Invisible Internet Project (I2P) is a fully encrypted private network layer. • Use of Bitcoins helps keep transactions anonymous as this system does not identify the buyer / seller or payer/payee except as a hash value. In addition bitcoins can be converted to cash in currencies across the world and thus provide an unidentifiable means of stashing and transferring money. • Tor is a special network of computers on the Internet, distributed around the world. • https://www.torproject.org) • Bitcoins are an anonymous, decentralized form of electronic currency • like "cash" in cyberspace - anonymous. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview • Freenet : https://freenetproject.org • ZeroNet : https://zeronet.io • I2P : https://geti2p.net/en
  • 13. Crooks are smarter – and now it’s cheaper than ever! They can buy malware, attack kits, and even ‘Crimeware-as-a-Service’! It's as cheap as… Drive-by Download tool kit rental $100/WEEK Credit card details $ 0.50/CARDS DDoS attacks $10/DAY Stolen gaming accounts $10 EACH Verified Spam Email Blasts $70/MILLION • India and Union Cabinet has already approved the ‘Smart Cities Mission’, with an outlay of 48,000 crores, under which 100 new ‘Smart Cities’ would be developed. DarkWeb Forensics : Overview
  • 14. Cyber-Crime Market Prices Src : Trend Micro • Is the Black market illegal? • A black market or underground economy is the market in which goods or services are traded illegally. The key distinction of a black market trade is that the transaction itself is illegal. The goods or services may or may not themselves be illegal to own, or to trade through other, legal channels. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 15. Drug dealers was selling COVID vaccines on the Darkweb Multiple vendors on the darknet who appeared to be selling doses of the Pfizer/BioNTech vaccine to global customers for as much as $1,300 a piece.” wrote Gavin Butler. Source: VICE World News D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview This threat actor was offering COVID19 Vaccine on the underground for $250. Overnight deliveries in the USA. Source : Sixgill
  • 16. C3 : Cyber-crime , Cyber-war , Cyber-terrorism D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 17. WEB INTELLIGENCE (WEBINT) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Surface, Tor (The Onion Router) , I2P (Invisible Internet Project), Freenet Expert Team TTPs aware Profiled Syndicate
  • 18. Stamped CYBER Market & Forums • Silk Road provided a platform for drug dealers around the world to sell narcotics through the Internet • 950,000+ registered user • Taken down Sep 2013 • Darkmarket facilitated the buying & selling of stolen financial information • Had 2500+ members • Taken down in 2010 Sites like Silk Road and DarkMarket operate in the Deep Web / Dark Web offering illegal services D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Several Collaborative Operations by International Agencies & organisation such as AlphaBay, Hansa, and Dream Market •Ross Ulbricht advertised Silk Road on a bitcoin forum – a breakthrough discovered by a tax investigator using Google •Vanity Jones, a major player on Silk Road, was ousted as Thomas Clark when his identity discovered on an old cannabis forum •David Ryan Burchard attempted to trademark his brand of marijuana sold on the dark web in his name.
  • 19. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 20. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview NCB BUSTED AN INTERNATIONAL DRUGS TRAFFICKING SYNDICATE OPERATING VIA DARKWEB
  • 21.
  • 22.
  • 23. FORENSICS ANALYSIS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview RAID, SEARCH & SEIZURE : LIVE DEAD
  • 24. FORENSICS PROCEDURE D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview 1. FOLLOW PROPER STANDARD CHAIN OF CUSTODY (COC), GUIDELINES (SOP) 2. SEARCH & COLLECT DIGITAL EVIDENCES, DOCUMENTATION 3. WRITE-BLOCKER, PORTABLE UTILITIES, SEARCH WITH SET OF KEYWORDS, RAM-DUMP, TRIAGE (obtain HASH) 4. SEIZE EVIDENCES, SEND TO FORENSICS LAB (if required compliance Sec 65B OF Indian Evidence Act , 1872) 5. INVESTIGATION AND ATTRIBUTION ON COLLECTED INFORMATION, AUDIT TRAIL, LEGAL REQUISITION 6. WEBINT, CYBER THREAT INTELLIGENCE, AND REPORTING
  • 25. FORENSICS FOOTPRINTS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE From evidence storage, email, deleted data, running apps, relevant artefacts etc RAM Memory, Pagefile.sys Windows Triage analysis, Registries entries, Prefecth File, MRU last activities DataTor : State and Torrc (contains path) DataBrowser : Compatibility.ini, Extension.ini Brower History time stamp (Places.sqlite under Profile) Extract Crypto Footprints, wallets, keys, USB (hardware wallet artefacts) Lock the time period in GMT, Users credentials in case Search engines General, Cluster Analysis, Multi Search, Metadata, Subject Related. Example: Ahmia.fi, Darkowl, Kilos, Torch, Candle, SearX, Tor66 (Old Gram) etc Channels forums Securedrop, Deepweb radio, Tunnel, Krumble etc Mailpile, Riseup, Onionscan, Hunchly, Reddit Tor2web Gateways (.to, .casa, .direct, .rip, etc) International Cooperation : Multilateral, MLAT/LR, ISAC, Coordination, CTI PHASE 1 PHASE 2 PHASE 3 DarkWeb Forensics : Overview
  • 26. FOOTPRINTS ARTIFACTS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE ToR Browser State artefacts Access info timeframe DarkWeb Forensics : Overview
  • 27. Footprints artifacts cont.. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Browser artefacts Sqlite database info DarkWeb Forensics : Overview
  • 28. Footprints artifacts cont.. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Registry Details During Live Triage Search with the keywords DarkWeb Forensics : Overview
  • 29. Investigation HUMINT D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE •Tor hidden service has an associated SSL •Searching Shodan for Hidden Services •Checking an IP Address for Tor Usage such as ExoneraTor •Directory listing (mod status) •Source Code Website (.Conf) •Verbose Signature (tokens), Error •Badly configured services •Reverse Domain •Metadata Analysis of Image, Video, Keyword Search • … DarkWeb Forensics : Overview
  • 30. SOME DARKWEB SEARCH ENGINES D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 31. WebPage Analysis D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Study the source code, js, weblinks etc
  • 32. LINKAGE WITH ADVERSARIES D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Role of criminal OSINT + LEA/LEGAL/Authorities + FORENSICS REVERSE IMAGE SEARCH OF SUSPECT’S
  • 33. TRENDING THINGS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE ✓ EXPLOIT KITS: Angler, MPack, Phoenix, Blackhole, Crimepack, RIG, Nuclear, Neutrino, and Magnitude, etc ✓ Phishing KIT: Mephistophilus ✓ DRUG, Pharmaceuticals, Narco related ✓ CRYPTO for Terror Financing ✓ Child Sexual Abuse/Exploitation, CP, CyberSex Trafficking ✓ Ransomware as a Service, Selling Breached Data, PII ✓ Fake Indian Currency Notes (FICN) ✓ Counterfeit Goods, Weapons etc…. DarkWeb Forensics : Overview
  • 34. Google Trends D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 35. DIGITAL FOOTPRINTS FORENSICS (R3E) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Reconnaissance • Crawler, Sensor, API, NLP, Bots, AI & ML, Algo, Breached Data, Red/Blue Team assessment, etc Record • Inventory, Indexing, Cluster, Database, Grouping, Filter, Integrated Various Data Sources, ISAC Research • Tailor-made investigations, Node, Pattern, Trend, Mapping Adversary, Time based, Cyber Threat Int, Influencer, Prediction, Enforcement • Legal, Lead, Co- ordination, Joint Investigation, Operation, MLAT, SOS DarkWeb Forensics : Overview
  • 36. D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE WEBINT • Disseminate to Concern • Investigation • Forensics Output COTS Twitter iMessengers Maltego Etc. Processing There are three main steps in analysing web media: • Data identification, • Data analysis, and • Information interpretation. Gather actionable insights in raw form concerning to Subject, etc. Input DarkWeb Forensics : Overview
  • 37. Resources • Wiki , ToR, Rands, Homeland security, Kaspersky , TrendMicro, Dell, Bright talk, Securus First, National Research Council, Fas, General Accounting Office, Cyber Conflict Studies Association, Strategic Studies Quarterly, Center for Strategic and International Studies, and Monitor reporting • See http://www.bloomberg.com/politics/articles/2015-01-07/clapper-warns-of-more-potential-north-korean-hacksafter-sony. • For additional information, see CRS Report RL33123, Terrorist Capabilities for Cyberattack: Overview and Policy Issues, by John W. Rollins and Clay Wilson. • See “Challenges Remain in DHS’ Efforts to Security Control Systems,” Department of Homeland Security, Office of Inspector General, August 2009. For a discussion of how computer code may have caused the halting of operations at an Iranian nuclear facility see CRS Report R41524, The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability, by Paul K. Kerr, John W. Rollins, and Catherine A. Theohary. • Executive Assistant Director Shawn Henry, Responding to the Cyber Threat, Federal Bureau of Investigation, Baltimore, MD, 2011. • Department of Defense Deputy Secretary of Defense William J. Lynn III, “Defending a New Domain,” Foreign Affairs, October 2010. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 38. Mail D3pak@Protonmail.com Resources D3pakblog.wordpress.com Twitter/Telegram @D3pak D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE