Ai+ Training

The dark web is a part of the internet that is constantly changing, not easy to access, and not indexed by search engines.  The goal of the dark web is privacy and anonymity which lends itself to criminal activity.  Since these sites are not indexed, they can be more difficult to access through normal means.  The software used to access the dark web is designed for privacy so finding host-based artifacts - those left behind in file systems or the Windows registry of a device - can be difficult to find and recognize.  Previous studies of dark web forensics have focused on network forensics rather than host-based forensics. This session will discuss a framework for identifying host-based artifacts during digital forensic investigations involving suspected dark web use. This framework is reusable, comprehensive and easy to follow and will assist investigators in finding artifacts that are designed to be hidden or otherwise hard to find. Attendees can expect to learn steps for determining if a system contains host-based artifacts for either Windows-based artifacts or macOS-based artifacts. In addition, Tails persistent storage artifacts are explored.