Dark Web Investigation

As the internet expands, so do opportunities for criminal activity. OSINT investigators can monitor dark web forums, marketplaces and messaging services to uncover contemporary trends in drug dealing, financial crime, firearms sales and human trafficking.


But these sources can be difficult to navigate safely and effectively without special tools and training. Join a workshop session to learn how to master the deep and dark web as a source of open source intelligence.

Artifact Investigation

When conducting a dark web investigation, it can be challenging to triage available data sources and determine which artifacts are of primary interest. This can be particularly important when investigating mobile devices, where determining which applications have been installed on the device can be an essential investigative goal.

Effective forensics software and computer forensics techniques are essential tools for investigators to identify and dismantle illegal operations. These operations often involve the exchange of illicit goods and services, ransomware schemes, weapon sales and other cybercrimes that thrive in anonymity.

These activities are often conducted using communication applications like Skype and WhatsApp, which leave forensic traces of the criminal activity on the internet that can be traced by forensic investigators. Additionally, the use of platforms such as Tor, ZeroNet and Lokinet leaves additional forensic evidence that can be identified by forensic investigators.

To find these forensic artifacts, forensic examiners utilize a number of different methods that can be time consuming and labor intensive to implement. These methods include examining application source code to find the unique and encoded artifacts, searching through archives of websites and search engines to locate past research and reference materials and performing manual analysis of the results of those searches. A more efficient method is to leverage ForensicAF, a tool that automatically decodes and finds these artifacts for investigators.

Cryptocurrency Recovery

The popularity of cryptocurrencies has led to an increased number of cybercrimes and fraud. To combat these threats, investigators have diversified their investigative techniques to include deep web investigations. The dark and deep web are layers of the internet that aren’t indexed by search engines like Google and require special software to access. They contain a wealth of information that can help investigators tackle various types of investigations, including locating evidence in cases of stolen cryptocurrency and investigating cyber scams.

Aside from using tools to identify OSINT data (like Maltego and i2), investigators can use platforms like ZeroNet and Lokinet, which enable them to trace transaction histories and other indicators of illicit crypto activity. They can also leverage other digital forensics tools to analyse the unique characteristics of different cryptocurrencies, as some offer better traceability while others prioritize anonymity and privacy.

To recover funds lost to a cryptocurrency scam, victims must first document their losses and carefully examine all available evidence, including transaction records and communication logs. They must also determine the scope of their investment and whether or not their crypto has been moved to other locations. Then, they can employ blockchain analysis to locate and trace stolen funds. Finally, they can report the incident to the CFTC and seek assistance from law enforcement. However, it is crucial to note that funds lost due to drops in the price of a cryptocurrency are generally not recoverable.

Digital Footprint Investigation

Every time a person interacts with the Internet, they leave behind their digital footprint. This is information that can be used to identify, track and target a specific individual, organisation or business. Digital footprints are passively collected by websites, search engines and social media platforms, as well as proactively shared through content such as reviews or public posts. The wealth of information available from digital footprints has made them an attractive source of data for marketers, researchers and cybercriminals alike.

A well-managed digital footprint can improve reputation, boost professional opportunities and establish authority. However, poorly managed or hidden digital footprints can be exploited by malicious actors. Inappropriate photos, offensive content or unprofessional conduct may be shared with a wider audience, impacting relationships and damaging reputations. This information can also be leveraged to steal identities and commit cyber-attacks, such as phishing or tailgating attacks.

Digital footprint investigations are essential for ensuring the safety of individuals and businesses, especially those with high profiles. This is because people with a visible online presence are more likely to be targeted by malicious attackers. To avoid these threats, it is advisable for high-profile individuals and organisations to minimize their digital footprints from the start. A deep web investigation can help them find and remove the data that is making them vulnerable to these attacks.

Data Breach Investigation

Data breaches are a common occurrence due to the amount of information stored in digital form. They can be carried out by cybercriminals for financial gain, espionage, or as part of a hacktivist attack. They may also be the result of human error such as misusing privileged access or clicking on a phishing link.

When a breach occurs, it is important to contain the incident as quickly as possible. This is particularly crucial for breaches that involve personal and confidential information such as PII (Personally Identifiable Information), which are subject to stringent state and federal notification regulations.

The first step is to collect and evaluate all the available information about the breach. This will help entities understand the impact to individuals and determine if any remedial action is necessary.

Once the information is gathered, it is time to investigate the incident and determine what caused it to occur. This will require digging into log files and reviewing the forensic evidence from the breach. It is important to not destroy the evidence during this stage, such as powering off a computer or disconnecting it from the internet, as doing so could lead to the loss of valuable clues.

Once a detailed report has been compiled, it’s time to communicate the findings. This may include notifying victims of the breach, if required, in accordance with regulatory requirements. It is also a good idea to provide advice on how individuals can protect themselves against potential harm, such as changing passwords or being careful in case scammers steal their data.