Damir Delija, profile picture
Uploaded byDamir Delija
PPTX, PDF2,203 views

Deep Web and Digital Investigations

The document provides an overview of the deep web and digital investigations. It defines the deep web as data that is inaccessible to regular search engines but exists on the internet. This includes dynamically generated web pages, private websites requiring login, and files accessible only through direct filesystem access. The document estimates the deep web is 400-550 times larger than the surface web that is indexed by search engines. Standard digital forensic procedures can be applied to investigate the deep web, but tools may need to be adapted to handle specialized browsers and access methods used to retrieve deep web resources.

Embed presentation

Downloaded 106 times
Deep Web and Digital Investigations Damir Delija Milano 2014 1
What we will talk about • Web and “Deep Web” • Web and documents • Definitions • Technical issues • Forensic issues • I’m not an expert on deep or dark web • Discussion based on many sources and references
Inaccessible Web • Deep Web is a name for data inaccessible by regular search engines on the Internet • Deep Web sounds much better than inaccessible • Searchable / Accessible web is also called surface web • Dark web is part of www with illegal or immoral content • Dark web is not Deep Web it is part of it, but dark pages are on the surface web too
Inaccessible Resources • Inaccessible resources – it exists but we don’t know about it or it’s location – we can’t use it • It is an old problem – you have it, even in your own room • Is there any solution ? – idea from Gopher days, Veronica – it works well with static pages and data – abandoned in web days, becomes a source of tremendous power and wealth for Search Engines
Web and Internet and Documents • WWW is not the Internet ☺ – also full data or document space of each networked computer is not part of the Internet • WWW is hypertext document based structure – we have links among documents – a document is not necessarily a web page – documents must have a presentation ability to be visible through the web interface (transcription layer, often dynamicaly generated) – Links, web pages and documents can be static or dynamically generated – Dynamic documents are here because of volume of data (can’t be organised in static pages) Definitions are crucial in understandig deep and surface web
Volume of Data • For each document there is in average of 11 copies in the system – enterprise measurements pre SAN calculation • Shows how document space expands rapidly • Even simple mail can cause data avalanches • From sourface web point of view ? • Mostly invisible • From Deep Web point of view ? • Data/documents copies are probably floating around, inaccessible to us
Web and Search Engines • Web can access material which is only referenced by a link and is not access protected • Today mostly we assumes search engine span equals web and Internet • To be effective search engines must have pre organised data to answer query • Enormous changing volume of collected data and propagation lag http://en.wikipedia.org/wiki/List_of_search_engines
Deep Resources • Deep Web depends on the method of how search engines acquire and store data • Web can be crawled or explored as link space • Hints are cache, proxy, protocol traffic • No clear boundary between deep resources and surface resources
Uncollectible Resources Deep Web Resources • Dynamic Web Pages – returns in response to a query or accessed only through a form • Unlinked Contents – Pages without any backlinks • Private Web – sites requiring registration and login (password-protected resources) • Limited Access web – Sites with captchas, no-cache pragma http headers • Scripted Pages – Page produced by javascript, Flash, AJAX etc • Non HTML contents – Multimedia files e.g. images or videos
Uncollectible Resources Documents and Disk Space • This comes close to e-discovery field • Is this part of Deep Web ? • Documents not in the web tree • accessible only by direct filesystem access • or by dedicated script effort • Files generally on the web servers and no-web servers machines – accessible only by direct filesystem access
Forgotten Data • From the security aspect, forgotten data is a very interesting part of Deep Web • What is forgotten data – maybe data without custodian ? • Verizon reported about big data breach from 2008, – unknown data being part of data breach in 66% of incidents
Data Lifecycle • Data creation and circulation • How to find data and correlate it • Search engines • Proxies • Metadata, Logs , Feeds • Very interesting ideas in “Programming Collective Intelligence” By: Toby Segaran, O'Reilly Media, August 16, 2007
Hidden Data in Surface web ? • Web handles data available trough html and extensions • What about metadata and embedded data which is not accessible for search engines ?
Surface Web and Deep Issues • “Hidden Data in Internet Published Documents” – deep forensic impact • Specific data formats can have embedded elements which is not visible to search engine – like thumb views embeded in pictures – exif data in images – metadata in documents – stego
Idea of Treasure Island • What is not on the map is unknown • Hiden as treasure island • Idea of unexplored, uncharted with big gains .. • Because of size idea of Iceberg
Why Deep Web Exists ? • Why search engine fails? – Technology • Most of the web data is behind dynamically generated pages (web gateways) – Web crawler cannot reach them or data not announced – Can only be obtained if we have access to the system containing the information – Forms have to populated with values – understanding the semantic of the web gateway and data behind it
Measuring the Deep Web • How to measure – estimates are based on known examples • Try to generate pages based on known home pages and explore the link space, based on hop distances • First Attempt: Bergman (2000) – Size of surface web is around 19 TB – Size of Deep Web is around 7500 TB – Deep Web is nearly 400 times larger than the Surface Web • 2004 Mitesh classified the Deep Web more accurately – Most of the html forms are two hops from the home page
Deep Web Size Current Estimates 2014 • Deep Web about 7500 Terabytes • Surface Web about 19 terabytes • Deep Web has between 400 and 550 times more public information than the Surface Web. • 95% of the Deep Web is publically accessible • More than 200,000 Deep Web sites currently exist. • 550 billion documents on Deep Web • 1 billion documents on Surface Web
History of Deep Web • Start: static html pages, web crawlers can easily reach, only few cgi-scripts • In mid-90’s: Introduction of dynamic pages, page generated as a result of a query or link access • In 1994: Jill Ellsworth used the term “Invisible Web” to refer to these websites. • In 2001, Bergman coined it as “Deep Web” • Dark web goes in parallel as crime start to spread over the Internet
Rough Timeline • 2001: Raghavan et al -> Hidden Web Exposure – domain specific human assisted crawler • 2002: Stumbleupon used Human Crawler – human crawlers can find relevant links that algorithmic crawlers miss. • 2003: Bergman introduced LexiBot – used for quantifying the Deep Web • 2004: Yahoo! Content Acquisition Program – paid inclusion for webmasters • 2005: Yahoo! Subscriptions – Yahoo started searching subcription only sites • 2005: Noulas et. al. -> Hidden Web Crawler – automatically generated meaningful queries to issue against search form • 2005: Google site map – Allows webmasters to inform search engines about urls on their websites that are available for crawling. – Web 2.0 infrastructure – Today Mobile device and Internet of things – each gadget can have (and has) web server for configuration
Forensic Issues
From Digital Forensic Viewpoint • Is there a way to carry out forensically sound actions on Deep Web ? • Can we apply standard digital forensic procedures and best practices ? • In both cases yes, – we are always limited in digital forensics, but that does not prevent reliable results
Web and Digital Forensic • Web is web ☺ • Web artifacts are web artifacts • The type of investigation determines how we handle web data – key element is: legal • Many possible scenarios and situations – follow the forensic principles and best practices as in any other situation – use scientific method – test and experiment to prove method
Deep Web and Forensic Tasks • How to prove access to Deep Web resources – same as ordinary resources, because it is mostly through browsers – advantage over blind Deep Web access since there are history, cache, log artifacts which shows which Deep Web resource was accessed • Deep Web artifacts – Mostly like any other web artifacts – Hidden Data in Internet Published Documents – Dark web as a specific subrange
Forensic Tools Issues • Forensics of specialised browsers and access tools – Thor / onion – Unusual browsers/accessing tools links, lynx, wget – Other browsers 12P Freenet • Key Question: Does our forensic framework support such tools? – Internet Evidence Finder – Encase – FTK – If not how to handle artifacts and data ? • What about mobile devices?
Conclusion and Questions • Challenging field • Size will grow with IPv6 take over and “Internet of things” concept • Cloud concept is important (size, acces, legal isuses) • Each new tehnology will add a new layer of invisibility eg. complexity • Size of available data simply force use of dynamic web pages
References Too many links ... • http://papergirls.wordpress.com/2008/10/07/timeline-deep- web • http://deepwebtechblog.com/federated-search-finds-content- that-google-can’t-reach-part-i-of-iii • http://deepwebtechblog.com/a-federated-search-primer- part-ii-of-iii • http://googleblog.blogspot.com/2008/07/we-knew-web- was-big.html • http://www.online-college-blog.com/features/100- useful-tips-and-tools-to-research-the-deep-web/

More Related Content

PPTX
Draft current state of digital forensic and data science
byDamir Delija
 
PPT
Computer Forensic
byTawhidur Rahman
 
PPTX
Remote forensics fsec2016 delija draft
byDamir Delija
 
PPTX
Digital Forensics Workshop
byTim Fletcher
 
PDF
Why i hate digital forensics - draft
byDamir Delija
 
PPTX
Digital Forensics best practices with the use of open source tools and admiss...
bySagar Rahurkar
 
PPT
Cyber forensic standard operating procedures
bySoumen Debgupta
 
PDF
Computer Forensics: You can run but you can't hide
byAntonio Sanz Alcober
 
Draft current state of digital forensic and data science
byDamir Delija
 
Computer Forensic
byTawhidur Rahman
 
Remote forensics fsec2016 delija draft
byDamir Delija
 
Digital Forensics Workshop
byTim Fletcher
 
Why i hate digital forensics - draft
byDamir Delija
 
Digital Forensics best practices with the use of open source tools and admiss...
bySagar Rahurkar
 
Cyber forensic standard operating procedures
bySoumen Debgupta
 
Computer Forensics: You can run but you can't hide
byAntonio Sanz Alcober
 

What's hot

PPTX
Digital forensics research: The next 10 years
byShekh Md Mehedi Hasan
 
PPTX
Digital forensics ahmed emam
byahmad abdelhafeez
 
PPTX
Cyber forensics 02 mit-2014
byMuzzammil Wani
 
PDF
Digital Forensic
byRavi Nayak
 
PPTX
Cyber Incident Response & Digital Forensics Lecture
byOllie Whitehouse
 
PPT
Digital Forensics
byNicholas Davis
 
PDF
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
PDF
Sued or Suing: Introduction to Digital Forensics
byAnyck Turgeon, CFE/GRCP/CEFI/CCIP/C|CISO/CBA
 
PDF
Private Browsing: A Window of Forensic Opportunity
byAung Thu Rha Hein
 
PPTX
DF Process Models
byCostas Katsavounidis
 
PPTX
Digital investigation
byunnilala11
 
PDF
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
PDF
Computer Forensics – What Every Lawyer Needs to Know
byWinston & Strawn LLP
 
PPTX
Computer forensics powerpoint presentation
bySomya Johri
 
PDF
Osint presentation nov 2019
byPriyanka Aash
 
PPT
Role of a Forensic Investigator
byAgape Inc
 
PDF
Osint
byKamal Rathaur
 
PPTX
Digital forensics
byRoberto Ellis
 
PPTX
computer forensics
byshivi123456
 
Digital forensics research: The next 10 years
byShekh Md Mehedi Hasan
 
Digital forensics ahmed emam
byahmad abdelhafeez
 
Cyber forensics 02 mit-2014
byMuzzammil Wani
 
Digital Forensic
byRavi Nayak
 
Cyber Incident Response & Digital Forensics Lecture
byOllie Whitehouse
 
Digital Forensics
byNicholas Davis
 
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
Sued or Suing: Introduction to Digital Forensics
byAnyck Turgeon, CFE/GRCP/CEFI/CCIP/C|CISO/CBA
 
Private Browsing: A Window of Forensic Opportunity
byAung Thu Rha Hein
 
DF Process Models
byCostas Katsavounidis
 
Digital investigation
byunnilala11
 
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
Computer Forensics – What Every Lawyer Needs to Know
byWinston & Strawn LLP
 
Computer forensics powerpoint presentation
bySomya Johri
 
Osint presentation nov 2019
byPriyanka Aash
 
Role of a Forensic Investigator
byAgape Inc
 
Osint
byKamal Rathaur
 
Digital forensics
byRoberto Ellis
 
computer forensics
byshivi123456
 

Viewers also liked

PPTX
Cis 2016 moč forenzičikih alata 1.1
byDamir Delija
 
PDF
HTML5 and the dawn of rich mobile web applications
byJames Pearce
 
PDF
Are Brands Fracking The Social Web?
byJohn V Willshire
 
PPTX
The Semantic Web and the Digital Archaeological Workflow: A Case Study from S...
byMarcus Smith
 
KEY
Managing Professional Information Overload (K12 Version)
byHeather Braum
 
PDF
Interlinking educational data to Web of Data (Thesis presentation)
byEnayat Rajabi
 
PPT
4.5 mining the worldwideweb
byKrish_ver2
 
PDF
DBpedia - An Interlinking Hub in the Web of Data
byChris Bizer
 
PPT
Web Aplication Vulnerabilities
byJbyte
 
PDF
Linkosophy
byAndrew Hinton
 
PDF
Modern Web Development
byRobert Nyman
 
PPT
A Short History Of Media
byJ Crewe
 
PPTX
Media evolution
bySara Afonso
 
PPTX
Audio media
byJohn Paul Mendoza Bautista
 
PPTX
Deep web
byRawin Windygallery
 
PPTX
visual media.ppt
byVEERMATA JIJABAI TECHNOLOGICAL INSTITUTE
 
PDF
What You Need to Know About the Future of Wearable Technology
byDigital Surgeons
 
PPT
ABOUT COLOR
byphilipemartin
 
Cis 2016 moč forenzičikih alata 1.1
byDamir Delija
 
HTML5 and the dawn of rich mobile web applications
byJames Pearce
 
Are Brands Fracking The Social Web?
byJohn V Willshire
 
The Semantic Web and the Digital Archaeological Workflow: A Case Study from S...
byMarcus Smith
 
Managing Professional Information Overload (K12 Version)
byHeather Braum
 
Interlinking educational data to Web of Data (Thesis presentation)
byEnayat Rajabi
 
4.5 mining the worldwideweb
byKrish_ver2
 
DBpedia - An Interlinking Hub in the Web of Data
byChris Bizer
 
Web Aplication Vulnerabilities
byJbyte
 
Linkosophy
byAndrew Hinton
 
Modern Web Development
byRobert Nyman
 
A Short History Of Media
byJ Crewe
 
Media evolution
bySara Afonso
 
Audio media
byJohn Paul Mendoza Bautista
 
Deep web
byRawin Windygallery
 
visual media.ppt
byVEERMATA JIJABAI TECHNOLOGICAL INSTITUTE
 
What You Need to Know About the Future of Wearable Technology
byDigital Surgeons
 
ABOUT COLOR
byphilipemartin
 

Similar to Deep Web and Digital Investigations

PPT
Deep Web Presentation April 25
bynagold
 
PPT
Deep Web
bySt John
 
PPTX
Presentation Deep Web Technology.pptx
bymayurbokan
 
PPTX
PptDW.pptxvbbbvvvxxfjjrtuhvcfhhjddffcvjjgg
byqualitykioskpvtltd
 
PPTX
Deep Web
byAbishaiDas
 
PDF
Prospectus presentation
byThe Children's Hospital of Philadelphia
 
PPT
Deep Web
bySabique Khan
 
PPTX
DEEP WEB.pptx
byAjitVerma49
 
PPT
Metadata and the web
byRichard.Sapon-White
 
PPTX
DEEP WEB PRESENTATION.pptx
byismailwinofo
 
PPTX
Dark web presentation
byTo Mal
 
PPTX
Deep web Seminar
byHareendran MG
 
PDF
Accessing the deep web (2007)
bybabak danyal
 
PPTX
DEEP WEB by Ajit.pptx
byAjitVerma49
 
PPTX
Deep web
byProgramar Animesh
 
PDF
L017447590
byIOSR Journals
 
PPT
Scary Halloween Cybersecurity Lecture -- The Deep Web
byNicholas Davis
 
PDF
WT - Web & Working of Search Engine
byvinay arora
 
PPTX
Webtech
byHannah Inbarani
 
PPT
Web3uploaded
byfahimilyas
 
Deep Web Presentation April 25
bynagold
 
Deep Web
bySt John
 
Presentation Deep Web Technology.pptx
bymayurbokan
 
PptDW.pptxvbbbvvvxxfjjrtuhvcfhhjddffcvjjgg
byqualitykioskpvtltd
 
Deep Web
byAbishaiDas
 
Prospectus presentation
byThe Children's Hospital of Philadelphia
 
Deep Web
bySabique Khan
 
DEEP WEB.pptx
byAjitVerma49
 
Metadata and the web
byRichard.Sapon-White
 
DEEP WEB PRESENTATION.pptx
byismailwinofo
 
Dark web presentation
byTo Mal
 
Deep web Seminar
byHareendran MG
 
Accessing the deep web (2007)
bybabak danyal
 
DEEP WEB by Ajit.pptx
byAjitVerma49
 
Deep web
byProgramar Animesh
 
L017447590
byIOSR Journals
 
Scary Halloween Cybersecurity Lecture -- The Deep Web
byNicholas Davis
 
WT - Web & Working of Search Engine
byvinay arora
 
Webtech
byHannah Inbarani
 
Web3uploaded
byfahimilyas
 

More from Damir Delija

PDF
6414 preparation and planning of the development of a proficiency test in the...
byDamir Delija
 
PDF
6528 opensource intelligence as the new introduction in the graduate cybersec...
byDamir Delija
 
PDF
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
byDamir Delija
 
PDF
Ecase direct servlet acess v1
byDamir Delija
 
DOCX
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
byDamir Delija
 
PDF
Datafoucs 2014 on line digital forensic investigations damir delija 2
byDamir Delija
 
PDF
EnCase Enterprise Basic File Collection
byDamir Delija
 
PDF
Ocr and EnCase
byDamir Delija
 
PDF
Olaf extension td3 inisg2 2
byDamir Delija
 
PDF
LTEC 2013 - EnCase v7.08.01 presentation
byDamir Delija
 
PDF
Moguće tehnike pristupa forenzckim podacima 09.2013
byDamir Delija
 
PDF
Usage aspects techniques for enterprise forensics data analytics tools
byDamir Delija
 
PPT
Cis 2013 digitalna forenzika osvrt
byDamir Delija
 
PPT
Ibm aix wlm idea
byDamir Delija
 
PDF
Aix workload manager
byDamir Delija
 
PDF
2013 obrada digitalnih dokaza
byDamir Delija
 
PDF
Tip zlocina digitalni dokazi
byDamir Delija
 
PDF
Sigurnost i upravljanje distribuiranim sustavima
byDamir Delija
 
PDF
Improving data confidentiality in personal computer environment using on line...
byDamir Delija
 
PDF
Communication network simulation on the unix system trough use of the remote ...
byDamir Delija
 
6414 preparation and planning of the development of a proficiency test in the...
byDamir Delija
 
6528 opensource intelligence as the new introduction in the graduate cybersec...
byDamir Delija
 
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
byDamir Delija
 
Ecase direct servlet acess v1
byDamir Delija
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
byDamir Delija
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
byDamir Delija
 
EnCase Enterprise Basic File Collection
byDamir Delija
 
Ocr and EnCase
byDamir Delija
 
Olaf extension td3 inisg2 2
byDamir Delija
 
LTEC 2013 - EnCase v7.08.01 presentation
byDamir Delija
 
Moguće tehnike pristupa forenzckim podacima 09.2013
byDamir Delija
 
Usage aspects techniques for enterprise forensics data analytics tools
byDamir Delija
 
Cis 2013 digitalna forenzika osvrt
byDamir Delija
 
Ibm aix wlm idea
byDamir Delija
 
Aix workload manager
byDamir Delija
 
2013 obrada digitalnih dokaza
byDamir Delija
 
Tip zlocina digitalni dokazi
byDamir Delija
 
Sigurnost i upravljanje distribuiranim sustavima
byDamir Delija
 
Improving data confidentiality in personal computer environment using on line...
byDamir Delija
 
Communication network simulation on the unix system trough use of the remote ...
byDamir Delija
 

Recently uploaded

PPTX
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
PDF
Structure-of-the-Atom PPT.pdf/CBSE CLASS 11 CHEMISTRY/ PREPARED BY K SANDEEP ...
bySandeep Swamy
 
PDF
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
PDF
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
PDF
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
PPTX
How to Manage Reservation Method in Odoo 18 Inventory
byCeline George
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
PDF
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
PPTX
How to perform product search based on a custom field from the Website Shop p...
byCeline George
 
PPTX
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
PDF
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PDF
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
PPTX
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PPTX
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
PDF
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PDF
Bones by Sadu Kassam (play) story ppt pdf
byRonnieMaeBorres
 
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
Structure-of-the-Atom PPT.pdf/CBSE CLASS 11 CHEMISTRY/ PREPARED BY K SANDEEP ...
bySandeep Swamy
 
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
How to Manage Reservation Method in Odoo 18 Inventory
byCeline George
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
How to perform product search based on a custom field from the Website Shop p...
byCeline George
 
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
Bones by Sadu Kassam (play) story ppt pdf
byRonnieMaeBorres
 

Deep Web and Digital Investigations

  • 1.
    Deep Web andDigital Investigations Damir Delija Milano 2014 1
  • 2.
    What we willtalk about • Web and “Deep Web” • Web and documents • Definitions • Technical issues • Forensic issues • I’m not an expert on deep or dark web • Discussion based on many sources and references
  • 3.
    Inaccessible Web •Deep Web is a name for data inaccessible by regular search engines on the Internet • Deep Web sounds much better than inaccessible • Searchable / Accessible web is also called surface web • Dark web is part of www with illegal or immoral content • Dark web is not Deep Web it is part of it, but dark pages are on the surface web too
  • 4.
    Inaccessible Resources •Inaccessible resources – it exists but we don’t know about it or it’s location – we can’t use it • It is an old problem – you have it, even in your own room • Is there any solution ? – idea from Gopher days, Veronica – it works well with static pages and data – abandoned in web days, becomes a source of tremendous power and wealth for Search Engines
  • 5.
    Web and Internetand Documents • WWW is not the Internet ☺ – also full data or document space of each networked computer is not part of the Internet • WWW is hypertext document based structure – we have links among documents – a document is not necessarily a web page – documents must have a presentation ability to be visible through the web interface (transcription layer, often dynamicaly generated) – Links, web pages and documents can be static or dynamically generated – Dynamic documents are here because of volume of data (can’t be organised in static pages) Definitions are crucial in understandig deep and surface web
  • 6.
    Volume of Data • For each document there is in average of 11 copies in the system – enterprise measurements pre SAN calculation • Shows how document space expands rapidly • Even simple mail can cause data avalanches • From sourface web point of view ? • Mostly invisible • From Deep Web point of view ? • Data/documents copies are probably floating around, inaccessible to us
  • 7.
    Web and SearchEngines • Web can access material which is only referenced by a link and is not access protected • Today mostly we assumes search engine span equals web and Internet • To be effective search engines must have pre organised data to answer query • Enormous changing volume of collected data and propagation lag http://en.wikipedia.org/wiki/List_of_search_engines
  • 8.
    Deep Resources •Deep Web depends on the method of how search engines acquire and store data • Web can be crawled or explored as link space • Hints are cache, proxy, protocol traffic • No clear boundary between deep resources and surface resources
  • 9.
    Uncollectible Resources DeepWeb Resources • Dynamic Web Pages – returns in response to a query or accessed only through a form • Unlinked Contents – Pages without any backlinks • Private Web – sites requiring registration and login (password-protected resources) • Limited Access web – Sites with captchas, no-cache pragma http headers • Scripted Pages – Page produced by javascript, Flash, AJAX etc • Non HTML contents – Multimedia files e.g. images or videos
  • 10.
    Uncollectible Resources Documentsand Disk Space • This comes close to e-discovery field • Is this part of Deep Web ? • Documents not in the web tree • accessible only by direct filesystem access • or by dedicated script effort • Files generally on the web servers and no-web servers machines – accessible only by direct filesystem access
  • 11.
    Forgotten Data •From the security aspect, forgotten data is a very interesting part of Deep Web • What is forgotten data – maybe data without custodian ? • Verizon reported about big data breach from 2008, – unknown data being part of data breach in 66% of incidents
  • 12.
    Data Lifecycle •Data creation and circulation • How to find data and correlate it • Search engines • Proxies • Metadata, Logs , Feeds • Very interesting ideas in “Programming Collective Intelligence” By: Toby Segaran, O'Reilly Media, August 16, 2007
  • 13.
    Hidden Data inSurface web ? • Web handles data available trough html and extensions • What about metadata and embedded data which is not accessible for search engines ?
  • 14.
    Surface Web andDeep Issues • “Hidden Data in Internet Published Documents” – deep forensic impact • Specific data formats can have embedded elements which is not visible to search engine – like thumb views embeded in pictures – exif data in images – metadata in documents – stego
  • 15.
    Idea of TreasureIsland • What is not on the map is unknown • Hiden as treasure island • Idea of unexplored, uncharted with big gains .. • Because of size idea of Iceberg
  • 16.
    Why Deep WebExists ? • Why search engine fails? – Technology • Most of the web data is behind dynamically generated pages (web gateways) – Web crawler cannot reach them or data not announced – Can only be obtained if we have access to the system containing the information – Forms have to populated with values – understanding the semantic of the web gateway and data behind it
  • 17.
    Measuring the DeepWeb • How to measure – estimates are based on known examples • Try to generate pages based on known home pages and explore the link space, based on hop distances • First Attempt: Bergman (2000) – Size of surface web is around 19 TB – Size of Deep Web is around 7500 TB – Deep Web is nearly 400 times larger than the Surface Web • 2004 Mitesh classified the Deep Web more accurately – Most of the html forms are two hops from the home page
  • 18.
    Deep Web Size Current Estimates 2014 • Deep Web about 7500 Terabytes • Surface Web about 19 terabytes • Deep Web has between 400 and 550 times more public information than the Surface Web. • 95% of the Deep Web is publically accessible • More than 200,000 Deep Web sites currently exist. • 550 billion documents on Deep Web • 1 billion documents on Surface Web
  • 19.
    History of DeepWeb • Start: static html pages, web crawlers can easily reach, only few cgi-scripts • In mid-90’s: Introduction of dynamic pages, page generated as a result of a query or link access • In 1994: Jill Ellsworth used the term “Invisible Web” to refer to these websites. • In 2001, Bergman coined it as “Deep Web” • Dark web goes in parallel as crime start to spread over the Internet
  • 20.
    Rough Timeline •2001: Raghavan et al -> Hidden Web Exposure – domain specific human assisted crawler • 2002: Stumbleupon used Human Crawler – human crawlers can find relevant links that algorithmic crawlers miss. • 2003: Bergman introduced LexiBot – used for quantifying the Deep Web • 2004: Yahoo! Content Acquisition Program – paid inclusion for webmasters • 2005: Yahoo! Subscriptions – Yahoo started searching subcription only sites • 2005: Noulas et. al. -> Hidden Web Crawler – automatically generated meaningful queries to issue against search form • 2005: Google site map – Allows webmasters to inform search engines about urls on their websites that are available for crawling. – Web 2.0 infrastructure – Today Mobile device and Internet of things – each gadget can have (and has) web server for configuration
  • 21.
  • 22.
    From Digital ForensicViewpoint • Is there a way to carry out forensically sound actions on Deep Web ? • Can we apply standard digital forensic procedures and best practices ? • In both cases yes, – we are always limited in digital forensics, but that does not prevent reliable results
  • 23.
    Web and DigitalForensic • Web is web ☺ • Web artifacts are web artifacts • The type of investigation determines how we handle web data – key element is: legal • Many possible scenarios and situations – follow the forensic principles and best practices as in any other situation – use scientific method – test and experiment to prove method
  • 24.
    Deep Web andForensic Tasks • How to prove access to Deep Web resources – same as ordinary resources, because it is mostly through browsers – advantage over blind Deep Web access since there are history, cache, log artifacts which shows which Deep Web resource was accessed • Deep Web artifacts – Mostly like any other web artifacts – Hidden Data in Internet Published Documents – Dark web as a specific subrange
  • 25.
    Forensic Tools Issues • Forensics of specialised browsers and access tools – Thor / onion – Unusual browsers/accessing tools links, lynx, wget – Other browsers 12P Freenet • Key Question: Does our forensic framework support such tools? – Internet Evidence Finder – Encase – FTK – If not how to handle artifacts and data ? • What about mobile devices?
  • 26.
    Conclusion and Questions • Challenging field • Size will grow with IPv6 take over and “Internet of things” concept • Cloud concept is important (size, acces, legal isuses) • Each new tehnology will add a new layer of invisibility eg. complexity • Size of available data simply force use of dynamic web pages
  • 27.
    References Too manylinks ... • http://papergirls.wordpress.com/2008/10/07/timeline-deep- web • http://deepwebtechblog.com/federated-search-finds-content- that-google-can’t-reach-part-i-of-iii • http://deepwebtechblog.com/a-federated-search-primer- part-ii-of-iii • http://googleblog.blogspot.com/2008/07/we-knew-web- was-big.html • http://www.online-college-blog.com/features/100- useful-tips-and-tools-to-research-the-deep-web/