Analyzing Tor Browser Artifacts for Enhanced Web Forensics, Anonymity, Cybersecurity, and Privacy in Windows-Based Systems-Reference-Cited by-同舟云学术

Analyzing Tor Browser Artifacts for Enhanced Web Forensics, Anonymity, Cybersecurity, and Privacy in Windows-Based Systems

Published:2024-08-19 Issue:8 Volume:15 Page:495
ISSN:2078-2489
Container-title:Information
language:en
Short-container-title:Information

Author:

Javed Muhammad Shanawar¹,Sajjad Syed Muhammad¹,Mehmood Danish²^ORCID,Mansoor Khawaja¹,Iqbal Zafar¹^ORCID,Kazim Muhammad³^ORCID,Muhammad Zia³⁴^ORCID

Affiliation:

1. Department of Cyber Security, Air University, Islamabad 44000, Pakistan

2. Department of Computing, Shaheed Zulfiqar Ali Bhutto Institute Of Science and Technology, Islamabad 44000, Pakistan

3. Department of Computer Science, North Dakota State University, Fargo, ND 58102, USA

4. Department of Computer Science and Technology, University of Jamestown, Jamestown, ND 58405, USA

Abstract

The Tor browser is widely used for anonymity, providing layered encryption for enhanced privacy. Besides its positive uses, it is also popular among cybercriminals for illegal activities such as trafficking, smuggling, betting, and illicit trade. There is a need for Tor Browser forensics to identify its use in unlawful activities and explore its consequences. This research analyzes artifacts generated by Tor on Windows-based systems. The methodology integrates forensic techniques into incident responses per NIST SP (800-86), exploring areas such as registry, storage, network, and memory using tools like bulk-extractor, autopsy, and regshot. We propose an automated PowerShell script that detects Tor usage and retrieves artifacts with minimal user interaction. Finally, this research performs timeline analysis and artifact correlation for a contextual understanding of event sequences in memory and network domains, ultimately contributing to improved incident response and accountability.

Publisher

MDPI AG

Link

https://www.mdpi.com/2078-2489/15/8/495/pdf

Reference37 articles.

1. Schriner, J. (2017). Monitoring the Dark Web and Securing Onion Services, City University of New York.

2. Kumar, A., Sondarva, K., Gohil, B.N., Patel, S.J., Shah, R., Rajvansh, S., and Sanghvi, H. (2022, January 2–3). Forensics Analysis of TOR Browser. Proceedings of the International Conference on Information Security, Privacy and Digital Forensics, Goa, India.

3. Angeli, V.M., Atamli, A., and Karafili, E. (2022, January 23–26). Forensic analysis of Tor in Windows environment: A case study. Proceedings of the 17th International Conference on Availability, Reliability and Security, Vienna, Austria.

4. A forensic examination of anonymous browsing activities;Teng;Forensic Sci. J.,2018

5. A review on classification of tor-nontor traffic and forensic analysis of tor browser;Mehta;Int. J. Eng. Res. Technol. (IJERT),2020