Deep Web Investigation

Dark web investigation involves identifying and tracking digital footprints on sites where criminal activity happens. This includes unauthorized markets, cyber attacks and data theft. Effective dark web investigation requires specialized knowledge and advanced technological tools to help bolster cybersecurity and foster a safer online 심부름센터 environment.

While the Dark Web may sound scary, it’s a lot more common than you might think. Here’s what you need to know about it:


The Internet has provided criminals with the tools they need to carry out cyberattacks (see Cybercrime Module 2 on General Types of Cybercrime). These tools include ready-to-use malware, including ransomware and information stealers, keyboard loggers that record every keystroke made on a device, spyware that collects personal data, rootkits that hide software vulnerabilities and are almost impossible to detect and eradicate, worms with self-replicating capabilities and botnets that control networks of infected devices.

The sophistication of cyberattacks and the pace at which they are developed make pursuing them a challenging mission for law enforcement agencies. These agencies must develop a culture of innovation, acquire the latest technology and rely on international cooperation to keep up with criminals.

A number of obstacles impede cybercrime investigations, including a lack of national and international specialized units to investigate these cases and the difficulty of collecting, preserving and sharing digital evidence across borders (see Cybercrime Module 3 on Legal Frameworks and Human Rights). Also, despite their proliferation, cyberattacks remain relatively cheap.

For example, a single hacker can purchase a complete attack package online, which includes the malicious software needed to infiltrate a system and access its secrets, from a vendor on the Dark Web for less than USD 3,000. This approach is known as malware-as-a-service. Workshop participants noted that law enforcement leaders need to gain command buy-in to commit resources for training and investigation on the Dark Web.


Cryptocurrencies are a popular medium for transactions on the dark web, the portion of the Internet that uses encryption and anonymizing technologies to prevent tracking. Criminals use cryptocurrencies to buy and sell illegal contraband including drugs, bomb parts, weapons large and small, stolen credit card details, and child pornography. They also use cryptocurrency to ransom victims of cyber attacks in which hackers penetrate computer systems, encrypt data and demand a payment to restore access.

During a recent workshop, law enforcement officers identified a variety of challenges and needs in investigating the dark web. These included the need to train officers and investigators on recognizing and leveraging dark web evidence, and improving information-sharing between agencies and between jurisdictions. They also cited the need for new forensic standards and laws facilitating inspection of packages shipped by mail or other services.

Many criminals use a portion of the dark web called Tor, which is hidden from surface search engines like Google by using a series of relays to create a virtual tunnel through encrypted servers. This means that the Tor browser hides a user’s IP address and allows them to browse deep web sites without fear of being tracked or their identity compromised. This helps criminals conduct illegal marketplace activity, money laundering and other illicit activities such as cyber attack ransoms.

Digital Footprints

All online activity leaves a digital footprint, whether it’s an individual’s public posts on social media or the data collected by websites as they track their browsing history. These traces, taken together, can reveal valuable insights about the people who use them. While some of this information is used by companies to serve up relevant ads, it can also be exploited by threat actors in a variety of ways.

A business’s digital footprint can have a major impact on its cybersecurity posture and reputation. For example, employees may harm the company’s brand by posting controversial stances on their personal social media accounts or sharing sensitive information without permission. These activities can also expose the company to ransomware attacks and other threats.

Moreover, companies can be exposed by data breaches that result in stolen credentials or sensitive information leaked on the dark web. Threat actors can then leverage this information to impersonate the company or attack its customers and employees.

To minimize these risks, security teams must monitor the deep and dark web for mentions of the company or its employees. They should also check for data leaks and credential dumps, as well as train staff to change passwords immediately after discovering a breach. The good news is that the latest forensic tools can help uncover these footprints and protect sensitive information from cybercriminals.


Deep and Dark web investigation involves identifying and tracking digital footprints, which are left behind by cybercriminals when they carry out criminal activities. These footprints include artifacts such as encryption keys, cryptocurrency wallets and darknet addresses. Identifying these artifacts can help law enforcement agencies investigate and prosecute cybercriminals. However, forensic examiners have to overcome several challenges to track these artifacts.

For example, many criminals use privacy-preserving browsers to guarantee their anonymity and untraceability from law enforcement. This makes it challenging for forensic examiners to analyze browsing data on those systems. In addition, they may use BitTorrent to distribute illegal content such as child pornography and terrorist propaganda. Therefore, it is important to develop new tools and methods for analyzing these digital footprints.

A new approach to forensics can be developed by leveraging existing methodologies that are already used in similar illicit online trades such as wildlife trafficking and antiquities. Heritage experts and authorities can then use these methodologies to search for artifacts that are linked to such illicit transactions, including transaction histories in crypto forums, communications in encrypted messaging apps, and metadata in file management applications.

This paper evaluates the quantitative association between artifact availability and citations, which are commonly used as proxy metrics for the quality of papers and researchers. It finds that papers with available artifacts have significantly more citations than those that do not.