A Framework for Identifying Host-Based Artifacts in Dark Web Investigations


The dark web is a part of the internet that is constantly changing, not easy to access, and not indexed by search engines. The goal of the dark web is privacy and anonymity which lends itself to criminal activity. Since these sites are not indexed, they can be more difficult to access through normal means. The software used to access the dark web is designed for privacy so finding host-based artifacts - those left behind in file systems or the Windows registry of a device - can be difficult to find and recognize. Previous studies of dark web forensics have focused on network forensics rather than host-based forensics. This session will discuss a framework for identifying host-based artifacts during digital forensic investigations involving suspected dark web use. This framework is reusable, comprehensive and easy to follow and will assist investigators in finding artifacts that are designed to be hidden or otherwise hard to find. Attendees can expect to learn steps for determining if a system contains host-based artifacts for either Windows-based artifacts or macOS-based artifacts. In addition, Tails persistent storage artifacts are explored.


Dr. Arica Kulm is the Director of Digital Forensic Services at Dakota State University. Arica received her PhD in Cyber Defense from Dakota State University in December of 2020, has a master’s degree in Cyber Defense from Dakota State University, a bachelor’s degree from South Dakota State University and holds several industry certifications. Her research interests include the dark web and dark web host-based forensics.

Open Data Science




Open Data Science
One Broadway
Cambridge, MA 02142

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from - Youtube
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google