Deepak Kumar (D3) , profile picture
Uploaded byDeepak Kumar (D3)
1,915 views

Dark Web Forensics

The document discusses dark web forensics, highlighting the prevalence of cyber crimes such as financial fraud, hacking, and data breaches. It details various tools and technologies used for anonymity in the dark web, alongside notable examples of illegal marketplaces and criminal activities. The presentation emphasizes the need for proper forensic procedures, legal coordination, and international cooperation in combating cyber threats.

Embed presentation

D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Image Credit: gifer.com
DISCLAIMER The views expressed in this presentation is for educational & research purposes only and may be controversial. Do not attempt to violate the law with anything contained here. of this material nor the else affiliated in any way is liable for your actions. The purpose of this presentation is to share, discuss, knowledge and experience happening in the cyber world. Thank You! DarkWeb Forensics : Overview
The Technology World Always has the Sharpest Brains... There are equally sharp minds, working against you… Src : Securus First D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
CYBER Of THINGS : EVERYTHING IS DIGITAL D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE C Factor and all are interrelated CYBER CRIME CYBER SECURITY CYBER TERRORISM DarkWeb Forensics : Overview
CYBER RELATED CRIMES D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE Online Financial Frauds Social Media Related Data Breaches Ransomwares Online Phishing Hacking, Sabotaging Eavesdroppin g & Surveillance Crypto- related/MLM Dark Web Related, Illegal Goods DarkWeb Forensics : Overview
Some Biggest Data Breaches (India/International) TARGET ICLOUD ANTHEM UBISOFT GAANA OPM ASHLEY MADISON • Personally Identiable Information (PII) and intellectual property (IP) are the top targets • 205 Avg. days to discover breach & most breaches are discovered by third parties D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview EBAY ADOBE
CRITICAL INFORMATION INFRASTRUCTURES (CII) EDUCATION WATER DEFENCE TELECOMMUNICATION FINANCIAL GOVERNMENT HOSPITAL INDUSTRY ENERGY TRANSPORTATION Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and economy. Most commonly associated with the term are facilities for: • Amateurs hack systems, professionals hack people. — Bruce Schneier • Don’t assume that you’re not a target. Draw up battle plans. Learn from the mistakes of others D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
KNOW THE WEB D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
Understand the Masala under Cyber Market According to the research results from TorStatus, TechRepublic, WIRED, Intelliagg report, SecureWorks Reports, BBCiWonder the record of activities has been discovered under the dark web : File Sharing - 29% Leaked Data selling - 28% Financial Fraud - 12% News and Media - 10% Promotion of Illegal items- 6% Discussion Forums - 5% Drugs selling - 4% Internet and computing by Dark Web visitors(Except criminals who are random or occasional visitors just) - 3% Hacking - 3% Selling of Weapons - 0.3%-- D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
Cyber-Crime Tools Used • The operators in the Deep Web and Dark Web use tools which ensure the anonymity of their identity, location, transactions, and payments • The Onion Routing (ToR) network provides anonymous browsing and access to the Deep Web sites that are identified as *.onion. • Freenet, ZeroNet: peer to peer (P2P) platform for censorship-resistant communication. • Invisible Internet Project (I2P) is a fully encrypted private network layer. • Use of Bitcoins helps keep transactions anonymous as this system does not identify the buyer / seller or payer/payee except as a hash value. In addition bitcoins can be converted to cash in currencies across the world and thus provide an unidentifiable means of stashing and transferring money. • Tor is a special network of computers on the Internet, distributed around the world. • https://www.torproject.org) • Bitcoins are an anonymous, decentralized form of electronic currency • like "cash" in cyberspace - anonymous. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview • Freenet : https://freenetproject.org • ZeroNet : https://zeronet.io • I2P : https://geti2p.net/en
Crooks are smarter – and now it’s cheaper than ever! They can buy malware, attack kits, and even ‘Crimeware-as-a-Service’! It's as cheap as… Drive-by Download tool kit rental $100/WEEK Credit card details $ 0.50/CARDS DDoS attacks $10/DAY Stolen gaming accounts $10 EACH Verified Spam Email Blasts $70/MILLION • India and Union Cabinet has already approved the ‘Smart Cities Mission’, with an outlay of 48,000 crores, under which 100 new ‘Smart Cities’ would be developed. DarkWeb Forensics : Overview
Cyber-Crime Market Prices Src : Trend Micro • Is the Black market illegal? • A black market or underground economy is the market in which goods or services are traded illegally. The key distinction of a black market trade is that the transaction itself is illegal. The goods or services may or may not themselves be illegal to own, or to trade through other, legal channels. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
Drug dealers was selling COVID vaccines on the Darkweb Multiple vendors on the darknet who appeared to be selling doses of the Pfizer/BioNTech vaccine to global customers for as much as $1,300 a piece.” wrote Gavin Butler. Source: VICE World News D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview This threat actor was offering COVID19 Vaccine on the underground for $250. Overnight deliveries in the USA. Source : Sixgill
C3 : Cyber-crime , Cyber-war , Cyber-terrorism D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
WEB INTELLIGENCE (WEBINT) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Surface, Tor (The Onion Router) , I2P (Invisible Internet Project), Freenet Expert Team TTPs aware Profiled Syndicate
Stamped CYBER Market & Forums • Silk Road provided a platform for drug dealers around the world to sell narcotics through the Internet • 950,000+ registered user • Taken down Sep 2013 • Darkmarket facilitated the buying & selling of stolen financial information • Had 2500+ members • Taken down in 2010 Sites like Silk Road and DarkMarket operate in the Deep Web / Dark Web offering illegal services D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Several Collaborative Operations by International Agencies & organisation such as AlphaBay, Hansa, and Dream Market •Ross Ulbricht advertised Silk Road on a bitcoin forum – a breakthrough discovered by a tax investigator using Google •Vanity Jones, a major player on Silk Road, was ousted as Thomas Clark when his identity discovered on an old cannabis forum •David Ryan Burchard attempted to trademark his brand of marijuana sold on the dark web in his name.
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview NCB BUSTED AN INTERNATIONAL DRUGS TRAFFICKING SYNDICATE OPERATING VIA DARKWEB
FORENSICS ANALYSIS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview RAID, SEARCH & SEIZURE : LIVE DEAD
FORENSICS PROCEDURE D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview 1. FOLLOW PROPER STANDARD CHAIN OF CUSTODY (COC), GUIDELINES (SOP) 2. SEARCH & COLLECT DIGITAL EVIDENCES, DOCUMENTATION 3. WRITE-BLOCKER, PORTABLE UTILITIES, SEARCH WITH SET OF KEYWORDS, RAM-DUMP, TRIAGE (obtain HASH) 4. SEIZE EVIDENCES, SEND TO FORENSICS LAB (if required compliance Sec 65B OF Indian Evidence Act , 1872) 5. INVESTIGATION AND ATTRIBUTION ON COLLECTED INFORMATION, AUDIT TRAIL, LEGAL REQUISITION 6. WEBINT, CYBER THREAT INTELLIGENCE, AND REPORTING
FORENSICS FOOTPRINTS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE From evidence storage, email, deleted data, running apps, relevant artefacts etc RAM Memory, Pagefile.sys Windows Triage analysis, Registries entries, Prefecth File, MRU last activities DataTor : State and Torrc (contains path) DataBrowser : Compatibility.ini, Extension.ini Brower History time stamp (Places.sqlite under Profile) Extract Crypto Footprints, wallets, keys, USB (hardware wallet artefacts) Lock the time period in GMT, Users credentials in case Search engines General, Cluster Analysis, Multi Search, Metadata, Subject Related. Example: Ahmia.fi, Darkowl, Kilos, Torch, Candle, SearX, Tor66 (Old Gram) etc Channels forums Securedrop, Deepweb radio, Tunnel, Krumble etc Mailpile, Riseup, Onionscan, Hunchly, Reddit Tor2web Gateways (.to, .casa, .direct, .rip, etc) International Cooperation : Multilateral, MLAT/LR, ISAC, Coordination, CTI PHASE 1 PHASE 2 PHASE 3 DarkWeb Forensics : Overview
FOOTPRINTS ARTIFACTS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE ToR Browser State artefacts Access info timeframe DarkWeb Forensics : Overview
Footprints artifacts cont.. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Browser artefacts Sqlite database info DarkWeb Forensics : Overview
Footprints artifacts cont.. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Registry Details During Live Triage Search with the keywords DarkWeb Forensics : Overview
Investigation HUMINT D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE •Tor hidden service has an associated SSL •Searching Shodan for Hidden Services •Checking an IP Address for Tor Usage such as ExoneraTor •Directory listing (mod status) •Source Code Website (.Conf) •Verbose Signature (tokens), Error •Badly configured services •Reverse Domain •Metadata Analysis of Image, Video, Keyword Search • … DarkWeb Forensics : Overview
SOME DARKWEB SEARCH ENGINES D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
WebPage Analysis D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Study the source code, js, weblinks etc
LINKAGE WITH ADVERSARIES D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Role of criminal OSINT + LEA/LEGAL/Authorities + FORENSICS REVERSE IMAGE SEARCH OF SUSPECT’S
TRENDING THINGS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE ✓ EXPLOIT KITS: Angler, MPack, Phoenix, Blackhole, Crimepack, RIG, Nuclear, Neutrino, and Magnitude, etc ✓ Phishing KIT: Mephistophilus ✓ DRUG, Pharmaceuticals, Narco related ✓ CRYPTO for Terror Financing ✓ Child Sexual Abuse/Exploitation, CP, CyberSex Trafficking ✓ Ransomware as a Service, Selling Breached Data, PII ✓ Fake Indian Currency Notes (FICN) ✓ Counterfeit Goods, Weapons etc…. DarkWeb Forensics : Overview
Google Trends D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
DIGITAL FOOTPRINTS FORENSICS (R3E) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Reconnaissance • Crawler, Sensor, API, NLP, Bots, AI & ML, Algo, Breached Data, Red/Blue Team assessment, etc Record • Inventory, Indexing, Cluster, Database, Grouping, Filter, Integrated Various Data Sources, ISAC Research • Tailor-made investigations, Node, Pattern, Trend, Mapping Adversary, Time based, Cyber Threat Int, Influencer, Prediction, Enforcement • Legal, Lead, Co- ordination, Joint Investigation, Operation, MLAT, SOS DarkWeb Forensics : Overview
D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE WEBINT • Disseminate to Concern • Investigation • Forensics Output COTS Twitter iMessengers Maltego Etc. Processing There are three main steps in analysing web media: • Data identification, • Data analysis, and • Information interpretation. Gather actionable insights in raw form concerning to Subject, etc. Input DarkWeb Forensics : Overview
Resources • Wiki , ToR, Rands, Homeland security, Kaspersky , TrendMicro, Dell, Bright talk, Securus First, National Research Council, Fas, General Accounting Office, Cyber Conflict Studies Association, Strategic Studies Quarterly, Center for Strategic and International Studies, and Monitor reporting • See http://www.bloomberg.com/politics/articles/2015-01-07/clapper-warns-of-more-potential-north-korean-hacksafter-sony. • For additional information, see CRS Report RL33123, Terrorist Capabilities for Cyberattack: Overview and Policy Issues, by John W. Rollins and Clay Wilson. • See “Challenges Remain in DHS’ Efforts to Security Control Systems,” Department of Homeland Security, Office of Inspector General, August 2009. For a discussion of how computer code may have caused the halting of operations at an Iranian nuclear facility see CRS Report R41524, The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability, by Paul K. Kerr, John W. Rollins, and Catherine A. Theohary. • Executive Assistant Director Shawn Henry, Responding to the Cyber Threat, Federal Bureau of Investigation, Baltimore, MD, 2011. • Department of Defense Deputy Secretary of Defense William J. Lynn III, “Defending a New Domain,” Foreign Affairs, October 2010. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
Mail D3pak@Protonmail.com Resources D3pakblog.wordpress.com Twitter/Telegram @D3pak D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE

More Related Content

PPTX
Difference between Cyber and digital Forensic.pptx
byApplied Forensic Research Sciences
 
PPTX
cyber security and forensic tools
bySonu Sunaliya
 
PPTX
Investigating Using the Dark Web
byCase IQ
 
PPTX
Router forensics
byTaruna Chauhan
 
PPT
Lecture2 Introduction to Digital Forensics.ppt
bySurajgroupsvideo
 
PPTX
Trends in cyber crime
byManish Singh
 
PPT
Internet Traffic Monitoring and Analysis
byInformation Technology
 
PPTX
Digital Forensics
byMithileysh Sathiyanarayanan
 
Difference between Cyber and digital Forensic.pptx
byApplied Forensic Research Sciences
 
cyber security and forensic tools
bySonu Sunaliya
 
Investigating Using the Dark Web
byCase IQ
 
Router forensics
byTaruna Chauhan
 
Lecture2 Introduction to Digital Forensics.ppt
bySurajgroupsvideo
 
Trends in cyber crime
byManish Singh
 
Internet Traffic Monitoring and Analysis
byInformation Technology
 
Digital Forensics
byMithileysh Sathiyanarayanan
 

What's hot

PPTX
Dark web
bySafwan Hashmi
 
PPTX
Dark Web and Privacy
byBrian Pichman
 
PPTX
Tools for Open Source Intelligence (OSINT)
bySudhanshu Chauhan
 
PPTX
The Dark Web
bySuraj Jaundoo
 
PDF
OSINT with Practical: Real Life Examples
bySyedAmoz
 
PDF
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
PPT
Malware forensics
bySameera Amjad
 
PPTX
Dark web markets: from the silk road to alphabay, trends and developments
byAndres Baravalle
 
PDF
OSINT - Open Source Intelligence
byc0c0n - International Cyber Security and Policing Conference
 
PPTX
Introduction To Dark Web
byAdityakumar Yadav
 
PPT
Introduction to computer forensic
byOnline
 
PPTX
Dark and Deep web
byKhaled Sany
 
PPT
Reconnaissance & Scanning
byamiable_indian
 
ODP
The Deep and Dark Web
bySwecha | స్వేచ్ఛ
 
PPTX
Footprinting and reconnaissance
byNishaYadav177
 
PPTX
The dark web
byBella M
 
PPT
Cyber forensics
bypranjal dutta
 
PDF
Cyber Forensics
byDeepak Kumar (D3)
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
PDF
Fundamental digital forensik
bynewbie2019
 
Dark web
bySafwan Hashmi
 
Dark Web and Privacy
byBrian Pichman
 
Tools for Open Source Intelligence (OSINT)
bySudhanshu Chauhan
 
The Dark Web
bySuraj Jaundoo
 
OSINT with Practical: Real Life Examples
bySyedAmoz
 
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
Malware forensics
bySameera Amjad
 
Dark web markets: from the silk road to alphabay, trends and developments
byAndres Baravalle
 
OSINT - Open Source Intelligence
byc0c0n - International Cyber Security and Policing Conference
 
Introduction To Dark Web
byAdityakumar Yadav
 
Introduction to computer forensic
byOnline
 
Dark and Deep web
byKhaled Sany
 
Reconnaissance & Scanning
byamiable_indian
 
The Deep and Dark Web
bySwecha | స్వేచ్ఛ
 
Footprinting and reconnaissance
byNishaYadav177
 
The dark web
byBella M
 
Cyber forensics
bypranjal dutta
 
Cyber Forensics
byDeepak Kumar (D3)
 
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
Fundamental digital forensik
bynewbie2019
 

Similar to Dark Web Forensics

PDF
Dark Web and Threat Intelligence
byMarlabs
 
PPTX
Automating Threat Hunting on the Dark Web and other nitty-gritty things
byApurv Singh Gautam
 
PDF
Cyber Threat Intel : Overview
byDeepak Kumar (D3)
 
PDF
Threat Intelligence
byDeepak Kumar (D3)
 
PDF
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
byMatthew Kurnava
 
PPTX
C3 Cyber
byDeepak Kumar (D3)
 
PDF
OSINT Social Media Techniques - Macau social mediat lc
byCyber Threat Intelligence Network
 
PDF
Threat Hunting on the Dark Web
byApurv Singh Gautam
 
PDF
Dw communication
byArjun Chetry
 
PDF
Digital forensic science and its scope manesh t
byManesh T
 
PPTX
Darknet - Is this the future of Internet?
byBangladesh Network Operators Group
 
PDF
The Dark Net
byPaige Rasid
 
PPTX
Dark web investigation
byCobinweb
 
PDF
Deep Web Monitoring: How Law Enforcement Uncovers Hidden Threats
byvishalkoli34
 
PPTX
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
PPTX
03.fnc corporate protect workshop new
byforensicsnation
 
PPTX
FNC Corporate Protect
byforensicsnation
 
PPTX
FNC Corporate Protect Workshop
byforensicsnation
 
ODP
Forensics Expo, London 2015
byProf John Walker FRSA Purveyor Dark Intelligence
 
PPTX
CYBERFORENSICS
byDr. Prashant Vats
 
Dark Web and Threat Intelligence
byMarlabs
 
Automating Threat Hunting on the Dark Web and other nitty-gritty things
byApurv Singh Gautam
 
Cyber Threat Intel : Overview
byDeepak Kumar (D3)
 
Threat Intelligence
byDeepak Kumar (D3)
 
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
byMatthew Kurnava
 
C3 Cyber
byDeepak Kumar (D3)
 
OSINT Social Media Techniques - Macau social mediat lc
byCyber Threat Intelligence Network
 
Threat Hunting on the Dark Web
byApurv Singh Gautam
 
Dw communication
byArjun Chetry
 
Digital forensic science and its scope manesh t
byManesh T
 
Darknet - Is this the future of Internet?
byBangladesh Network Operators Group
 
The Dark Net
byPaige Rasid
 
Dark web investigation
byCobinweb
 
Deep Web Monitoring: How Law Enforcement Uncovers Hidden Threats
byvishalkoli34
 
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
03.fnc corporate protect workshop new
byforensicsnation
 
FNC Corporate Protect
byforensicsnation
 
FNC Corporate Protect Workshop
byforensicsnation
 
Forensics Expo, London 2015
byProf John Walker FRSA Purveyor Dark Intelligence
 
CYBERFORENSICS
byDr. Prashant Vats
 

More from Deepak Kumar (D3)

PDF
Cyber of things 2.0
byDeepak Kumar (D3)
 
PDF
THINK
byDeepak Kumar (D3)
 
PDF
Cyber Security Tips
byDeepak Kumar (D3)
 
PDF
CISSP INFORGRAPH MINDMAP
byDeepak Kumar (D3)
 
PDF
Cyber Forensics & Challenges
byDeepak Kumar (D3)
 
PDF
Cyber Crime Types & Tips
byDeepak Kumar (D3)
 
PDF
Cyber Security India & Cyber Crime
byDeepak Kumar (D3)
 
PDF
21st Century Cyber Forensics
byDeepak Kumar (D3)
 
PDF
Phishing
byDeepak Kumar (D3)
 
PDF
IoT
byDeepak Kumar (D3)
 
PDF
Bitcoin
byDeepak Kumar (D3)
 
PDF
Ransomware
byDeepak Kumar (D3)
 
PDF
Success Mantra
byDeepak Kumar (D3)
 
PDF
Facebook Security Tips
byDeepak Kumar (D3)
 
PDF
DDOS
byDeepak Kumar (D3)
 
PDF
Registry Registrar Registrant
byDeepak Kumar (D3)
 
PDF
Whatsapp
byDeepak Kumar (D3)
 
PDF
How to social/official network
byDeepak Kumar (D3)
 
PDF
Sexting
byDeepak Kumar (D3)
 
PDF
Phishing Scam
byDeepak Kumar (D3)
 
Cyber of things 2.0
byDeepak Kumar (D3)
 
THINK
byDeepak Kumar (D3)
 
Cyber Security Tips
byDeepak Kumar (D3)
 
CISSP INFORGRAPH MINDMAP
byDeepak Kumar (D3)
 
Cyber Forensics & Challenges
byDeepak Kumar (D3)
 
Cyber Crime Types & Tips
byDeepak Kumar (D3)
 
Cyber Security India & Cyber Crime
byDeepak Kumar (D3)
 
21st Century Cyber Forensics
byDeepak Kumar (D3)
 
Phishing
byDeepak Kumar (D3)
 
IoT
byDeepak Kumar (D3)
 
Bitcoin
byDeepak Kumar (D3)
 
Ransomware
byDeepak Kumar (D3)
 
Success Mantra
byDeepak Kumar (D3)
 
Facebook Security Tips
byDeepak Kumar (D3)
 
DDOS
byDeepak Kumar (D3)
 
Registry Registrar Registrant
byDeepak Kumar (D3)
 
Whatsapp
byDeepak Kumar (D3)
 
How to social/official network
byDeepak Kumar (D3)
 
Sexting
byDeepak Kumar (D3)
 
Phishing Scam
byDeepak Kumar (D3)
 

Recently uploaded

PDF
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
PPTX
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PPTX
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
PDF
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
PDF
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PPTX
How to Change Shipping Label Size in Odoo 18 Inventory
byCeline George
 
PPTX
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
 
PPTX
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
PDF
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
PDF
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
PDF
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
PDF
Artificial Intelligence in Research and Academic Writing, Workshop on Researc...
byProf. Vinod Kumar Kanvaria
 
PPTX
How to Add an Icon in Systray in Odoo 18
byCeline George
 
PDF
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
PPTX
Q4_PPT MUSIC & ARTS 7 week 1-2, matatag curriculum
byZEN
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
How to Change Shipping Label Size in Odoo 18 Inventory
byCeline George
 
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
 
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
Artificial Intelligence in Research and Academic Writing, Workshop on Researc...
byProf. Vinod Kumar Kanvaria
 
How to Add an Icon in Systray in Odoo 18
byCeline George
 
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
Q4_PPT MUSIC & ARTS 7 week 1-2, matatag curriculum
byZEN
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 

Dark Web Forensics

  • 2.
    D3PAK KUMAR (D3) DIGITALFORENSICS | CYBER INTELLIGENCE Image Credit: gifer.com
  • 3.
    DISCLAIMER The views expressedin this presentation is for educational & research purposes only and may be controversial. Do not attempt to violate the law with anything contained here. of this material nor the else affiliated in any way is liable for your actions. The purpose of this presentation is to share, discuss, knowledge and experience happening in the cyber world. Thank You! DarkWeb Forensics : Overview
  • 4.
    The Technology WorldAlways has the Sharpest Brains... There are equally sharp minds, working against you… Src : Securus First D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 5.
    CYBER Of THINGS: EVERYTHING IS DIGITAL D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE C Factor and all are interrelated CYBER CRIME CYBER SECURITY CYBER TERRORISM DarkWeb Forensics : Overview
  • 6.
    CYBER RELATED CRIMES D3PAKKUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE Online Financial Frauds Social Media Related Data Breaches Ransomwares Online Phishing Hacking, Sabotaging Eavesdroppin g & Surveillance Crypto- related/MLM Dark Web Related, Illegal Goods DarkWeb Forensics : Overview
  • 7.
    Some Biggest DataBreaches (India/International) TARGET ICLOUD ANTHEM UBISOFT GAANA OPM ASHLEY MADISON • Personally Identiable Information (PII) and intellectual property (IP) are the top targets • 205 Avg. days to discover breach & most breaches are discovered by third parties D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview EBAY ADOBE
  • 8.
    CRITICAL INFORMATION INFRASTRUCTURES(CII) EDUCATION WATER DEFENCE TELECOMMUNICATION FINANCIAL GOVERNMENT HOSPITAL INDUSTRY ENERGY TRANSPORTATION Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and economy. Most commonly associated with the term are facilities for: • Amateurs hack systems, professionals hack people. — Bruce Schneier • Don’t assume that you’re not a target. Draw up battle plans. Learn from the mistakes of others D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 9.
    D3PAK KUMAR (D3) DIGITALFORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 10.
    KNOW THE WEB D3PAKKUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 11.
    Understand the Masalaunder Cyber Market According to the research results from TorStatus, TechRepublic, WIRED, Intelliagg report, SecureWorks Reports, BBCiWonder the record of activities has been discovered under the dark web : File Sharing - 29% Leaked Data selling - 28% Financial Fraud - 12% News and Media - 10% Promotion of Illegal items- 6% Discussion Forums - 5% Drugs selling - 4% Internet and computing by Dark Web visitors(Except criminals who are random or occasional visitors just) - 3% Hacking - 3% Selling of Weapons - 0.3%-- D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 12.
    Cyber-Crime Tools Used •The operators in the Deep Web and Dark Web use tools which ensure the anonymity of their identity, location, transactions, and payments • The Onion Routing (ToR) network provides anonymous browsing and access to the Deep Web sites that are identified as *.onion. • Freenet, ZeroNet: peer to peer (P2P) platform for censorship-resistant communication. • Invisible Internet Project (I2P) is a fully encrypted private network layer. • Use of Bitcoins helps keep transactions anonymous as this system does not identify the buyer / seller or payer/payee except as a hash value. In addition bitcoins can be converted to cash in currencies across the world and thus provide an unidentifiable means of stashing and transferring money. • Tor is a special network of computers on the Internet, distributed around the world. • https://www.torproject.org) • Bitcoins are an anonymous, decentralized form of electronic currency • like "cash" in cyberspace - anonymous. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview • Freenet : https://freenetproject.org • ZeroNet : https://zeronet.io • I2P : https://geti2p.net/en
  • 13.
    Crooks are smarter– and now it’s cheaper than ever! They can buy malware, attack kits, and even ‘Crimeware-as-a-Service’! It's as cheap as… Drive-by Download tool kit rental $100/WEEK Credit card details $ 0.50/CARDS DDoS attacks $10/DAY Stolen gaming accounts $10 EACH Verified Spam Email Blasts $70/MILLION • India and Union Cabinet has already approved the ‘Smart Cities Mission’, with an outlay of 48,000 crores, under which 100 new ‘Smart Cities’ would be developed. DarkWeb Forensics : Overview
  • 14.
    Cyber-Crime Market Prices Src: Trend Micro • Is the Black market illegal? • A black market or underground economy is the market in which goods or services are traded illegally. The key distinction of a black market trade is that the transaction itself is illegal. The goods or services may or may not themselves be illegal to own, or to trade through other, legal channels. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 15.
    Drug dealers wasselling COVID vaccines on the Darkweb Multiple vendors on the darknet who appeared to be selling doses of the Pfizer/BioNTech vaccine to global customers for as much as $1,300 a piece.” wrote Gavin Butler. Source: VICE World News D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview This threat actor was offering COVID19 Vaccine on the underground for $250. Overnight deliveries in the USA. Source : Sixgill
  • 16.
    C3 : Cyber-crime, Cyber-war , Cyber-terrorism D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 17.
    WEB INTELLIGENCE (WEBINT) D3PAKKUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Surface, Tor (The Onion Router) , I2P (Invisible Internet Project), Freenet Expert Team TTPs aware Profiled Syndicate
  • 18.
    Stamped CYBER Market& Forums • Silk Road provided a platform for drug dealers around the world to sell narcotics through the Internet • 950,000+ registered user • Taken down Sep 2013 • Darkmarket facilitated the buying & selling of stolen financial information • Had 2500+ members • Taken down in 2010 Sites like Silk Road and DarkMarket operate in the Deep Web / Dark Web offering illegal services D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Several Collaborative Operations by International Agencies & organisation such as AlphaBay, Hansa, and Dream Market •Ross Ulbricht advertised Silk Road on a bitcoin forum – a breakthrough discovered by a tax investigator using Google •Vanity Jones, a major player on Silk Road, was ousted as Thomas Clark when his identity discovered on an old cannabis forum •David Ryan Burchard attempted to trademark his brand of marijuana sold on the dark web in his name.
  • 19.
    D3PAK KUMAR (D3) DIGITALFORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 20.
    D3PAK KUMAR (D3) DIGITALFORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview NCB BUSTED AN INTERNATIONAL DRUGS TRAFFICKING SYNDICATE OPERATING VIA DARKWEB
  • 23.
    FORENSICS ANALYSIS D3PAK KUMAR(D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview RAID, SEARCH & SEIZURE : LIVE DEAD
  • 24.
    FORENSICS PROCEDURE D3PAK KUMAR(D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview 1. FOLLOW PROPER STANDARD CHAIN OF CUSTODY (COC), GUIDELINES (SOP) 2. SEARCH & COLLECT DIGITAL EVIDENCES, DOCUMENTATION 3. WRITE-BLOCKER, PORTABLE UTILITIES, SEARCH WITH SET OF KEYWORDS, RAM-DUMP, TRIAGE (obtain HASH) 4. SEIZE EVIDENCES, SEND TO FORENSICS LAB (if required compliance Sec 65B OF Indian Evidence Act , 1872) 5. INVESTIGATION AND ATTRIBUTION ON COLLECTED INFORMATION, AUDIT TRAIL, LEGAL REQUISITION 6. WEBINT, CYBER THREAT INTELLIGENCE, AND REPORTING
  • 25.
    FORENSICS FOOTPRINTS D3PAK KUMAR(D3) DIGITAL FORENSICS | CYBER INTELLIGENCE From evidence storage, email, deleted data, running apps, relevant artefacts etc RAM Memory, Pagefile.sys Windows Triage analysis, Registries entries, Prefecth File, MRU last activities DataTor : State and Torrc (contains path) DataBrowser : Compatibility.ini, Extension.ini Brower History time stamp (Places.sqlite under Profile) Extract Crypto Footprints, wallets, keys, USB (hardware wallet artefacts) Lock the time period in GMT, Users credentials in case Search engines General, Cluster Analysis, Multi Search, Metadata, Subject Related. Example: Ahmia.fi, Darkowl, Kilos, Torch, Candle, SearX, Tor66 (Old Gram) etc Channels forums Securedrop, Deepweb radio, Tunnel, Krumble etc Mailpile, Riseup, Onionscan, Hunchly, Reddit Tor2web Gateways (.to, .casa, .direct, .rip, etc) International Cooperation : Multilateral, MLAT/LR, ISAC, Coordination, CTI PHASE 1 PHASE 2 PHASE 3 DarkWeb Forensics : Overview
  • 26.
    FOOTPRINTS ARTIFACTS D3PAK KUMAR(D3) DIGITAL FORENSICS | CYBER INTELLIGENCE ToR Browser State artefacts Access info timeframe DarkWeb Forensics : Overview
  • 27.
    Footprints artifacts cont.. D3PAKKUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Browser artefacts Sqlite database info DarkWeb Forensics : Overview
  • 28.
    Footprints artifacts cont.. D3PAKKUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Registry Details During Live Triage Search with the keywords DarkWeb Forensics : Overview
  • 29.
    Investigation HUMINT D3PAK KUMAR(D3) DIGITAL FORENSICS | CYBER INTELLIGENCE •Tor hidden service has an associated SSL •Searching Shodan for Hidden Services •Checking an IP Address for Tor Usage such as ExoneraTor •Directory listing (mod status) •Source Code Website (.Conf) •Verbose Signature (tokens), Error •Badly configured services •Reverse Domain •Metadata Analysis of Image, Video, Keyword Search • … DarkWeb Forensics : Overview
  • 30.
    SOME DARKWEB SEARCHENGINES D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 31.
    WebPage Analysis D3PAK KUMAR(D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Study the source code, js, weblinks etc
  • 32.
    LINKAGE WITH ADVERSARIES D3PAKKUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview Role of criminal OSINT + LEA/LEGAL/Authorities + FORENSICS REVERSE IMAGE SEARCH OF SUSPECT’S
  • 33.
    TRENDING THINGS D3PAK KUMAR(D3) DIGITAL FORENSICS | CYBER INTELLIGENCE ✓ EXPLOIT KITS: Angler, MPack, Phoenix, Blackhole, Crimepack, RIG, Nuclear, Neutrino, and Magnitude, etc ✓ Phishing KIT: Mephistophilus ✓ DRUG, Pharmaceuticals, Narco related ✓ CRYPTO for Terror Financing ✓ Child Sexual Abuse/Exploitation, CP, CyberSex Trafficking ✓ Ransomware as a Service, Selling Breached Data, PII ✓ Fake Indian Currency Notes (FICN) ✓ Counterfeit Goods, Weapons etc…. DarkWeb Forensics : Overview
  • 34.
    Google Trends D3PAK KUMAR(D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 35.
    DIGITAL FOOTPRINTS FORENSICS(R3E) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Reconnaissance • Crawler, Sensor, API, NLP, Bots, AI & ML, Algo, Breached Data, Red/Blue Team assessment, etc Record • Inventory, Indexing, Cluster, Database, Grouping, Filter, Integrated Various Data Sources, ISAC Research • Tailor-made investigations, Node, Pattern, Trend, Mapping Adversary, Time based, Cyber Threat Int, Influencer, Prediction, Enforcement • Legal, Lead, Co- ordination, Joint Investigation, Operation, MLAT, SOS DarkWeb Forensics : Overview
  • 36.
    D3PAK KUMAR DIGITAL FORENSICS| CYBER INTELLIGENCE WEBINT • Disseminate to Concern • Investigation • Forensics Output COTS Twitter iMessengers Maltego Etc. Processing There are three main steps in analysing web media: • Data identification, • Data analysis, and • Information interpretation. Gather actionable insights in raw form concerning to Subject, etc. Input DarkWeb Forensics : Overview
  • 37.
    Resources • Wiki ,ToR, Rands, Homeland security, Kaspersky , TrendMicro, Dell, Bright talk, Securus First, National Research Council, Fas, General Accounting Office, Cyber Conflict Studies Association, Strategic Studies Quarterly, Center for Strategic and International Studies, and Monitor reporting • See http://www.bloomberg.com/politics/articles/2015-01-07/clapper-warns-of-more-potential-north-korean-hacksafter-sony. • For additional information, see CRS Report RL33123, Terrorist Capabilities for Cyberattack: Overview and Policy Issues, by John W. Rollins and Clay Wilson. • See “Challenges Remain in DHS’ Efforts to Security Control Systems,” Department of Homeland Security, Office of Inspector General, August 2009. For a discussion of how computer code may have caused the halting of operations at an Iranian nuclear facility see CRS Report R41524, The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability, by Paul K. Kerr, John W. Rollins, and Catherine A. Theohary. • Executive Assistant Director Shawn Henry, Responding to the Cyber Threat, Federal Bureau of Investigation, Baltimore, MD, 2011. • Department of Defense Deputy Secretary of Defense William J. Lynn III, “Defending a New Domain,” Foreign Affairs, October 2010. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DarkWeb Forensics : Overview
  • 38.
    Mail D3pak@Protonmail.com Resources D3pakblog.wordpress.com Twitter/Telegram@D3pak D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE