Abstract: The dark web is a part of the internet that is constantly changing, not easy to access, and not indexed by search engines. The goal of the dark web is privacy and anonymity which lends itself to criminal activity. Since these sites are not indexed, they can be more difficult to access through normal means. The software used to access the dark web is designed for privacy so finding host-based artifacts - those left behind in file systems or the Windows registry of a device - can be difficult to find and recognize. Previous studies of dark web forensics have focused on network forensics rather than host-based forensics. This session will discuss a framework for identifying host-based artifacts during digital forensic investigations involving suspected dark web use. This framework is reusable, comprehensive and easy to follow and will assist investigators in finding artifacts that are designed to be hidden or otherwise hard to find. Attendees can expect to learn steps for determining if a system contains host-based artifacts for either Windows-based artifacts or macOS-based artifacts. In addition, Tails persistent storage artifacts are explored.
Bio: Dr. Arica Kulm is the Director of Digital Forensic Services at Dakota State University. Arica received her PhD in Cyber Defense from Dakota State University in December of 2020, has a master’s degree in Cyber Defense from Dakota State University, a bachelor’s degree from South Dakota State University and holds several industry certifications. Her research interests include the dark web and dark web host-based forensics.