Investigation of Cyber Crimes in Darknet

Proceedings
of
National Level Webinar on

Investigation of Cyber Crimes in
(28th February, 2022)
National Cyber Crime Research & Innovation Centre (NCR&IC)

BUREAU OF POLICE RESEARCH AND DEVELOPMENT
Ministry of Home Affairs, Government of India
Proceedings
of
National Level Webinar on
Investigation of Cyber Crimes in
(28th February, 2022)
National Cyber Crime Research & Innovation Centre (NCR&IC)

Promoting Good Practices & Standards
National level Webinar on Investigation of Cyber Crimes in Darknet
संदश े
मझु े यह देखकर प्रसन्नता है कि बीपीआरएडं डी, नई दिल्ली में स्थापित राष्ट्रीय साइबर अपराध अनसु ंधान और
नवाचार कें द्र (NCR&IC), अनसु ंधान और नवाचार के क्षेत्र में प्रमख ु हितधारकों के साथ साझेदारी बनाने के लिए प्राप्त
अधिदेश सनिश् ु चित करने की दिशा में सक्रिय रूप से काम कर रहा है। यह साइबर अपराध की रोकथाम और जांच पर कें द्रित
है, जो कि हमारी कानन ू प्रवर्तन एजेंसियों (LEAs) का सबसे चनु ौतीपरू ्ण कार्य है।
कानन ू प्रवर्तन एजेंसियों (LEAs) को नवीनतम तकनीकों का लाभ प्रदान करने के अपने अधिदेश को परू ा करने के
लिए, NCR&IC, LEAs के लिए साइबर सरु क्षा पर प्रासंगिक विषयों पर नियमित रूप से वेबिनार आयोजित कर रहा है
और साथ ही व्यापक प्रसार के लिए एक पस्ति ु का के रूप में वेबिनार की कार्यवाही प्रकाशित कर रहा है। बीपीआरएडं डी के
इन प्रयासों के लिए में, महानिदेशक, श्री बालाजी श्रीवास्तव और उनकी टीम को बधाई देता हू।ं
मैं 'Investigation of Cyber Crimes in Darknet' विषय पर LEAs के लिए वेबिनार आयोजित करने और
सदं र्भ हेतु एक पस्ति
ु का के रूप में इसकी कार्यवाही प्रकाशित करने के लिए बीपीआरएडं डी में NCR&IC की सराहना करता
हू,ं जो निश्चित रूप से साइबर अपराध से निपटने में लगे पलि ु सकर्मियों को Dark and Deep Web में लाभान्वित करे गा।
नई दिल्ली।
05 मई, 2022 (नित्यानन्द राय)
Office Tel.: 011-23092870, 23092595, FAX No. : 011-23094896
BUREAU OF POLICE RESEARCH AND DEVELOPMENT iii

अजय कुमार मिश्रा गृह राज्य मंत्री

भारत सरकार
AJAY KUMAR MISHRA MINISTER OF STATE FOR
HOME AFFAIRS
GOVERNEMNT OF INDIA
संदशे
कानन ू प्रवर्तन एजेंसियां लोकतंत्र की सरु क्षा में महत्वपरू ्ण भमि
ू का निभाती हैं। आज राज्यों / कें द्र शासित प्रदेशों में
पलिु स बल साइबर अपराधों का मक ु ाबला करते हुए नई चनु ौतियों का सामना कर रहे हैं। राज्य / कें द्र शासित प्रदेश अपने
साइबर सरु क्षा तंत्र को मजबतू कर अपनी कानन ू प्रवर्तन एजेंसियों की क्षमता निर्माण कर रहे हैं। बीपीआरएडं डी अपनी विभिन्न
पहलों के माध्यम से राज्य सरकारों के प्रयासों को गति प्रदान करता है जिसके लिए ब्यूरो के सभी अधिकारी एवं कर्मचारीगण
बधाई के पात्र हैं।
NCR&IC, गृह मत्राल ं य की I4C योजना का एक महत्वपरू ्ण विग ं है जो कानन ू प्रवर्तन एजेंसियों को प्रौद्योगिकियों
का लाभ प्रदान करने के लिए राष्ट्रीय स्तर के वेबिनार आयोजित कर रहा है जहां सशिक्षि ु त प्रोफे शनल के ज्ञान और अनभु व
को राज्यों/कें द्र शासित प्रदेशों और कें द्रीय पलि
ु स बल के कर्मियों के साथ साझा किया जाता है। मैं 'Investigation of
Cyber Crimes in Darknet' विषय पर वेबिनार आयोजित करने और कानन ू प्रवर्तन एजेंसियों (LEAs) के उपयोग हेतु
व्यापक प्रसार के लिए इसकी कार्यवाही प्रकाशित करने के लिए बीपीआरएडं डी के प्रयासों की सराहना करता हू।ँ
मैंने 'Investigation of Cyber Crimes in Darknet' विषय पर आयोजित वेबिनार की कार्यवाही का अध्ययन
किया है और साइबर अपराधों से निपटने में सबं द्ध सभी एजेंसियों के लिए विशेष रूप से Deep and Dark web में इसे
प्रासंगिक और सचू नात्मक पाया है।
(अजय कुमार मिश्रा)

दिनांक: 02.05.2022.
नई दिल्ली।
Office: Room No. 127, North Block, New Delhi-110 001 Tel.: 23094054 Fax: 23093549
E-mail: ajay.kumar19@sansad.nic.in
BUREAU OF POLICE RESEARCH AND DEVELOPMENT v

निशिथ प्रामाणिक गृह राज्य मंत्री

भारत सरकार
NISITH PRAMANIK MINISTER OF STATE FOR
HOME AFFAIRS
GOVERNEMNT OF INDIA
े
संदश
सबसे पहले मैं राष्ट्रीय साइबर अनसु ंधान एवं नवाचार कें द्र (NCR&IC) और पलि
ु स अनसु ंधान एवं विकास ब्यूरो
(BPR&D) को नियमित अतं राल पर उभरती हुई प्रौद्योगिकी से उत्पन्न साइबर सरु क्षा चनु ौतियों के प्रासंगिक विषयों पर
राष्ट्रीय स्तर के वेबिनार आयोजित करने के लिए बधाई देना चाहता हू।ँ
मैं पलि
ु स अनसु ंधान एवं विकास ब्यूरो के महानिदेशक, श्री बालाजी श्रीवास्तव और उनकी परू ी टीम के प्रति अपनी
प्रशसं ा व्यक्त करना चाहता हू,ँ जो साइबर अपराधों से निपटने के लिए कानन ू प्रवर्तन एजेंसियों की क्षमता निर्माण की दिशा में
अथक प्रयास कर रहे हैं। ब्यूरो साइबर अपराध के हर बोधगम्य क्षेत्र में लगातार वेबिनार, कार्यशालाएँ और सबं ंधित प्रशिक्षण
आयोजित कर रहा है और कानन ू प्रवर्तन एजेंसियों के लिए व्यापक प्रसार और त्वरित संदर्भ के लिए कार्यवाही प्रकाशित कर
रहा है, जो कि एक सराहनीय कार्य है।
वर्तमान परिदृश्य में, 'डार्कनेट में साइबर अपराधों की जाँच', एक प्रासगं िक विषय है। वेबिनार की कार्यवाही एक बहुत
ही रोचक और सचू नात्मक पठन है। मझु वि े श्वास है कि ये कार्यवाही डार्क और डीप वेब आधारित साइबर अपराध के खतरे
से निपटने के लिए त्वरित संदर्भ के रूप में काम करे गी।
जय हिदं !
(निशिथ प्रामाणिक)
Office: Room No. 127-A, North Block, New Delhi-110 001 Tel.: 23092123 Fax: 23093143
E-mail : nisith.pramanik@sansad.nic.in
BUREAU OF POLICE RESEARCH AND DEVELOPMENT vii

MESSAGE
NCR&IC established at BPR&D is spearheading research and innovation in the area of Cyber
Security in collaboration with Academia, Industry and Law Enforcement Agencies (LEAs) across India.
NCR&IC has been striving continuously to augment the capacity of LEAs in their fight against modern
day challenges of Cyber Crime.
NCR&IC hosts regular series of webinars on different emerging topics related to current trends
in Cyber Crime Investigation for Law Enforcement Agencies (LEAs) across India. In this sequence, the
5th webinar on the theme ‘Investigation of Cyber Crimes in Darknet’ organised on 28th February,
2022 at BPRD HQs, New Delhi was widely attended by States/UTs, CAPFs and CPOs.
The proceedings of the Webinar make a very informative reading. I record my deep appreciation
of the hard work done by Dr. Karuna Sagar, IPS, IG/Director Modernisation and his team. I am sanguine
that these proceedings will serve as useful reference material for our Law Enforcement Agencies.
(Balaji Srivastava)
“Promoting Good Practices and Standards”
BUREAU OF POLICE RESEARCH AND DEVELOPMENT ix

EXECUTIVE SUMMARY
To deal with modern age cyber crime in India, Ministry of Home Affairs has rolled out an
umbrella Scheme, Indian Cyber Crime Coordination Centre (14C). National Cyber Crime Research and
Innovation Centre (NCR&IC) is one of the seven verticals under the Indian Cyber Crime Coordination
Centre (14C), which functions in the Bureau of Police Research and Development (BPR&D) with the
aim to innovate the tools and technologies for prevention and investigation of various types of cyber
crimes.
The cases of cyber crimes, especially Dark and Deep Web Crimes, are increasing at an alarming
rate. There is a need to evolve effective strategies for the investigation of cases related to the darknet.
With this goal, NCR&IC organized a National level Webinar on “Investigation of Cyber Crimes in
Darknet” from 11 AM to 1:15 PM on February 28, 2022 at the BPR&D Headquarters, New Delhi.
More than 346 Police Officials from CAPFs, CPOs and other Police Forces from States/UTs attended
the Webinar.
The Webinar was addressed by eminent subject matter experts from Academia, Industry, and
Law Enforcement Agencies. The Webinar offered three different perspectives on the Investigation of
cyber crime on the darknet to the Law Enforcement Officers.
Sh. Neeraj Sinha, ADG, BPR&D, opened the Webinar with his welcome address. He highlighted
the emerging challenges faced by Law Enforcement Agencies in cyber space and gave examples of how
the Dark and Deep Web Crimes constitute a significant challenge before the LEAs. He also stated that
there is much scope for research and innovation for effective intelligence gathering of Darknet and
Deep Web Crimes.
“Promoting Good Practices and Standards”
BUREAU OF POLICE RESEARCH AND DEVELOPMENT xi

Sh. Balaji Srivastava, DG, BPR&D, delivered his inaugural his address. He highlighted that the
technological landscape of the world is changing very rapidly. The drivers of the ongoing 4th Industrial
Revolution, such as AI, Machine Learning, Cloud Computing, Internet of Things, Blockchain, Drone,
AR-VR, and now the Metaverse, are fast transforming our lives in every possible way.
Shri Brijesh Singh commenced his talk with the case of the illegal dark web marketplace “Hansa,”
which was investigated and shut down by Dutch police. He also shared details of real-time darknet
markets operating, where investigations can be initiated as these dark web markets trade in all kinds of
illegal items. He stated that it is very difficult to take down these markets as the TOR browser, through
which these markets are accessed, functions in such a way that investigators cannot trace the actual IPs
and their locations due to multiple layers of encryptions involved. Shri Brijesh Singh primarily focused
his talk on the Hansa investigation as a case study.
Dr. Pilli Emmanuel Shubhakar commenced his talk with a brief introduction to the TOR
browser, i.e., The Onion Router is free and open-source software available to enable anonymous
communication. TOR directs Internet traffic through a free, worldwide, volunteer overlay network,
consisting of more than six thousand relays, for concealing a user’s location and usage from anyone
conducting network surveillance or traffic analysis. Dr. Pilli Emmanuel Subhakar’s main focus was on
the darknet and its access.
Sh. Inderjeet Singh form Vara Technology delivered his talk focused on darknet intelligence. He
commenced his discussion with surface web, deep web, and dark web. The surface web is the portion
of the World Wide Web readily available to the general public and searchable with standard web search
engines. The surface web contains 4% of all Internet content. The deep web, invisible web, or hidden
web are part of the Wolrd Wide Web whose contents are not indexed by standard web search engines,
such as Google Chrome. He deliberated in details regarding dark web crawling tools and demonstrated
their application.
The officials participating in the Webinar had an excellent opportunity to interact and upgrade
their knowledge in investigating cyber crimes on Darknet. After each talk they actively took part
in Q&A sessions and enhanced their enhanced their knowledge. Overall, it was an interactive and
informative webinar covering various perspectives on the prevention and investigation of Deep and
Dark Web Crimes.
The Proceedings of the Webinar have been drafted skilfully. It covers all the aspects deliberated
by learned speakers and issues raised during the interactive sessions. The proceedings are an interesting
reading and will serve as a useful, ready reference for the LEAs .
(Karuna Sagar)
xii BUREAU OF POLICE RESEARCH AND DEVELOPMENT

CONTENTS
02 Webinar Agenda
03 Proceedings
07 Session – 1
10 Session – 2
22 Session – 3
30 References
31 Contact List of BPR&D officers
BUREAU OF POLICE RESEARCH AND DEVELOPMENT 1

Webinar AGENDA
Webinar Theme:
Investigation of Cyber Crimes in Darknet
Mode of Webinar: Online (Cisco WebEx)
Objective of Webinar: To provide an interactive session for Law Enforcement Agencies on emerging
Cyber Crimes, new techniques and methodologies for investigation, prevention and modern-day
challenges, especially in Investigation of Cyber Crimes in Darknet.
Time Sessions
11:00AM-11:05AM Welcome Address - ADG, BPR&D
11:05AM-11:10AM Inaugural Address - DG, BPR&D
11:10AM-11:40AM Session 1:
Sh. Brijesh Singh, IPS, ADG (Home Guards), Maharashtra
Topic: Darknet Investigation
11:40AM-11:50AM Q&A - Session 1
11:50AM-12:20PM Session 2:
Dr. Pilli Emmanuel Shubhakar
Associate Professor, MNIT Jaipur
Topic: TOR Forensics
12:20PM-12:30PM Q&A - Session 2
12:30PM-01:00PM Session 3:
Sh. Inderjeet Singh
Chief Cyber Security Officer,
Vara Technology Pvt Ltd, New Delhi
Topic: Darknet Intelligence and Forensics
01:00PM-01:10PM Q&A - Session 3
01:10PM-01:15PM Vote of Thanks - IG (Mod)
2 BUREAU OF POLICE RESEARCH AND DEVELOPMENT

PROCEEDINGS
National Cyber Crime Research and Innovation Center (NCR&IC), a vertical of Indian Cyber
Crime Coordination Center, MHA, is deployed at Bureau of Police Research & Development, New
Delhi.
In order to provide a platform where LEAs from across the country can learn about emerging
cyber security and Cyber Crime challenges from top cyber security experts, NCR&IC has decided to
organize a series of monthly webinars.
The fifth webinar on the theme ”Investigation of Cyber Crimes in Darknet” was organized on
28th Feb 2022 at BPRD HQs, New Delhi through WebEx. Approx 346 participants from all States/UTs,
CAPFs and CPOs participated in the webinar.
Following are three esteemed speakers one each from LEAs, industry and academia who
delivered their talks:
1. Sh. Brijesh Singh, IPS,

ADG (Home Guards), Maharashtra
2. Dr. Pilli Emmanuel Shubhakar,

3. Sh. Inderjeet Singh,

Chief Cyber Security Officer, Vara Technology Pvt Ltd, New Delhi
Dr. M M Gosal, SSO (T&T), BPR&D started the proceedings of the webinar by welcoming Sh.
Balaji Srivastava, DG, BPR&D, Sh. Neeraj Sinha, ADG, BPR&D at the event.
Sh. Neeraj Sinha, ADG, BPR&D delivered his welcome address by welcoming, Respected Sh.
Balaji Srivastava, DG, BPR&D, Dr. Karuna Sagar, Director (Modernisation), BPR&D, distinguished
speakers, participants from States/UTs, CAPFs, CPOs and dear colleagues. He expressed his compliments
to the NCR&IC team, Modernization Division for organizing webinar on relevant topics of cyber crime
investigation and digital forensics. In its endeavor to organize a monthly webinar on cyber security,
NCR&IC came up with the idea of a webinar on the investigation of crimes taking place in the dark

web so that the capacity building of our forces be taken at grassroot level in all police institutions and
organizations. He mentioned that it is very delightful to see that this webinar comprises three distinct
yet interconnected topics which are being addressed by experts from industry, academia and LEA’s.
This practice of amalgamating three crucial stakeholders of cyber security will create a unique synergy
for latest research from academia, development from industry and implementation of technological
solutions by LEA’s.
Sh. Neeraj Sinha, ADG, BPR&D concluded his address by urging all participants to gain
knowledge and wisdom from the distinguished speakers.
Sh. Balaji Srivastava, IPS, DG, BPR&D

delivered the following inaugural address.
“I am extremely delighted to be a part of this Inaugural Event of the NCR&IC Webinar on
‘Investigation of Cyber Crimes in Darknet’ being organized by the Modernization Division of the
BPR&D. This is the second webinar of the year 2022 by NCR&IC on such a crucial topic, which exhibits
the commitment of this young team towards augmenting the capacity building initiatives taking place
in LEAs ecosystem.
The National Cyber Crime Research and Innovation Centre (NCR&IC). In collaboration with
leading academic and research institutions such as IITs, IIITs, & NITs, the NCR&IC is developing
Technological Solutions for Central and State Police Organizations, in varied domains of Cyber
Forensics, Cyber Crime Investigation, and Prevention of Cyber Crime, employing cutting edge
technologies. The NCR&IC also envisions harnessing the vast potential of the rapidly growing Start-
up Ecosystem in the country.
The NCR&IC has the mandate to track emerging technological developments, to proactively
predict potential vulnerabilities – which can be exploited by cybercriminals and to strengthen the
cyber-crime handling capabilities of Law Enforcement Agencies (LEAs). The theme of this NCR&IC
coordinated webinar is therefore very relevant – ‘Investigation of Cyber Crimes in Dark net’. Experts
explain darknet as a popular marketplace for illicit services, allowing cybercriminals to benefit from
its encryption and anonymous features. Moreover, the dark net requires a special software to access
which could help criminals shield themselves from unwanted attention. Cyber experts also point out
that, ‘most widely used cyber attacks cost as little as USD 66 per kit, while hiring of a hacker on dark net
could be amounting to USD 500 only’. Monitoring of dark net, in the beginning itself, will definitely
help the Law Enforcement Agencies in preventing other serious cyber-crimes such as ransomware
attacks, distributed denial of services (DDoS), counter anti-virus crimes and money laundering etc. It
is, therefore essential that as police officers, we equip ourselves adequately to tackle this menace.

In Jan 2022 i.e. last month itself, NCR&IC conducted a webinar on “Investigation and Prevention
of Phishing Crimes at Individual, Organisation and Critical Infrastructure Levels”. I am happy that
more than 230 officials and cyber crime investigators from across the country had attended it and took
part in a healthy discussion on three distinct topics addressed by our eminent speaker. I urge all the
participants to attend all such webinars and other technological events being organised by NCR&IC,
focused on emerging technologies and concerns of cyber security.
The technological landscape of the world is changing very rapidly. The drivers of the ongoing
4th Industrial Revolution such as AI, Machine Learning, Cloud Computing, Internet of Things,
Blockchain, Drone, AR-VR and now the Metaverse are fast transforming our lives in every possible
way.
There is a big business of cyber crimes in darknet. According to a story published in Forbes in
the year 2019, Criminals relied on the darknet to buy and sell all sorts of contraband - ranging from
illegal drugs to stolen passwords and data. Toolkits for Ransomware attacks also called as Ransomware
as a Service (RaaS) are being sold in darknet. Malware as a Service and Phishing as a Service are other
flourishing criminal activities in darknet.
New chapters of technological evolution are unfolding at a breakneck speed along with their
associated complexities and vulnerabilities. In this situation, even the best of the cyber security systems
cannot shield us completely from the scourge of online threats. While sustained awareness is the key
to any cyber security system in place, there should be an emphasis on both prevention and mitigation
of cyber-crimes. Undoubtedly, the paradigm of Sustainable Security should go hand in hand with
Sustainable Development and only then, can we realize the twin objectives of Aatma Nirbhar Bharat
and Surakshit Bharat.
This webinar has been conceived to leverage the strength and expertise of all stakeholders,
and to create strategic partnerships in the areas of research and innovation, focused on fighting
cyber-crimes, cyber-crime impact containment and cyber-crime investigations. I strongly urge all
the participants from across the country to actively interact with the BPR&D and give their valuable
feedback to enable the Bureau to fully utilize the potential of NCR&IC by synergising its functioning
with the requirements of Law Enforcement Agencies.
I take this opportunity to thank our distinguished speakers, who have accepted our request to
address various topics of interest and relevance for our Law Enforcement Agencies. I am sure each one
of us will benefit immensely from this webinar.
I compliment the NCR&IC team in my Bureau under the guidance of the Director
(Modernization) for organizing this very important webinar.
I am sanguine that the deliberations in this webinar will give all of your valuable insights on how

to investigate cyber crimes taking place through the anonymous ecosystem of dark net. This webinar
should broaden your horizon with the knowledge of the latest modus operandi of such criminals and
equip you with innovative tools and technologies to tackle it effectively.
I wish every success to this webinar and all future endeavors of NCR&IC.”
Dr. MM Gosal , Senior Scientific Officer, BPR&D moderated the event.

Session 1
Topic: Darknet Investigation
Sh. Brijesh Singh, IPS

ADG (Home Guards), Maharashtra
Shri Brijesh Singh started his talk about the case Hansa which was investigated
by the Dutch Police. The most surprising thing in this operation was, onces The dutch
police Caught the details of the hosting, where the server was hosted. They actually took
2 months, and ran it for around two months. A cyber security firm told them about the
suspicious server and informed the Dutch police and the Dutch police obtained a legal
warrant.
The Hansa investigation started in a traditional fashion: with a tip. A security company’s
researchers believed they had found a Hansa server in the Netherlands data center of a web-hosting
firm. (Security firm BitDefender has claimed some involvement in the Hansa operation. But the
NHTCU declined to reveal the name of the security company or the web-hosting firm, along with
several other details they say they’re keeping under wraps to protect methods and sources. Even the
names of the two German men charged with running Hansa remain secret, since German law protects
the names of prosecuted individuals until their trial.)
Various police departments across the world have taken down various markets of darknet
including Alphabay. Alfa market in fact this market has been running since 2014. Still many operations
have not been seen in India yet. NCB has done some investigation related to darknet drug markets in
India.
Sh. Brijesh Singh also shared details of actual darknet markets running in 2022, where
investigations can be started. These dark markets include all kinds of illegal things to be sold. In reality
it’s very difficult to take down these markets as TOR browser functions in such a way that the actual IP
and locations cannot be traced, due to multiple layers of encryption involved. Exit notes and relays can
be considered during the investigation, as the monitoring can be possible at such areas. Also the time
and correlation attack can be helpful in gathering evidence. In some scenarios the use of tor browser
can be identified by seeing the network logs. By correlating the different activities related to dark web
access a lot of information can be gathered out.
These dark web markets have been managed by moderators who were responsible for day to

day activities, listing of items, disputes, and other activities related to the dark web market. All these
kinds of announcements, activities and related links have been shared on public platforms like reddit
and telegram. These moderators are also responsible for maintaining the reputation and security of
their darknet market.
Many times for the investigation purposes law enforcement agencies may do the test purchases
on the darknet in order to gather more information about these markets and their moderators. There
are many forensic tools for investigating the browsing artifacts related to darknet access. Many times
the files like image, audio, video may include some of the metadata which remains accidentally by the
moderator. Metadata may include any relevant information or evidence like name of sender, device
IDs, location if enabled etc., which may be for the track down in order to reach the suspects. All this
evidence identified can be further analysed using any link analysis software for getting further insights
about the crime.
Although the dark net is not indexed like Google, in order to successfully monitor search dark
web activities LEAs may use spiders and crawlers. There are a lot of darknet search engines for doing
search of dark net websites and onion links. Ahmia is one example of a dark web search engine. But
these sides are very volatile in nature as many times services are enabled or not. So for investigation
purposes, information can be gathered only when these search engines are up. After getting the
information, entity resolution, meta data analysis and link analysis software can be used to do the
further analysis.
As the people operating at darknet are aware of the latest technology of cybersecurity, operational
security is a very important aspect to look upon. Crawling such a darknet may be very risky because
these darknet sites may have the mechanism to infect the incoming traffic with malwares. So as a
law enforcement agency it is very difficult to penetrate into such darknet websites, as every incoming
participant has to verify himself by posting something illegal in nature. Many times these darknet
networks are logistic in nature, that may use the normal services like courier and logistics services
which is not being monitored or suspected is a challenge.
Most of the information about these darknet sites are available in various leaks that reveal the
IP address with respect to such onion sites. Many times the location of a server running any darknet
service can be identified by tracerouting such leaks. Many times the risky Bitcoin addresses and wallet
addresses have been published. These Bitcoin addresses may belong to drugs, criminal and terrorist
networks. By tracing these transactions many individuals and links between them can be identified
who are involved in such activities. In the long term it may result in a network of overall activity.
For law enforcement agencies to investigate such darknet and dark markets laboratories can be
set up by setting up the virtual machine environments to safeguard the network of the organization.

Virtualbox and VMware are some of the virtual machines that may be used for investigation purposes,
where tor browser and other related tools can be installed. Kali Linux is the example of an operating
system that may be installed over the virtual machine with a proper VPN setting for initiating the
investigation. Operational security is a very important aspect to be maintained while using the
organization’s network.
Darknet activities in India are also increasing at a large level. A lot of drug markets are running
on Indian darknet. There are a lot of open source tools available for investigating such markets. Setting
up a lab with such open source tools may be very easy for starting any research and investigation.
Continuous monitoring of darknet markets is very essential in order to identify the activities related to
terrorism, child sexual abuse, drugs and firearms.
Sh. Brijesh Singh also mentioned that he will be very happy to see if any darknet Market take
down is possible in a year by any law enforcement agency in India. Because we have the technology and
expertise available to run such operations.
Sh. Brijesh Singh ended his talk with a brief session of open Q&A.

Session 2
Topic: TOR Forensics
Dr. Pilli Emmanuel Shubhakar,

Dr. Pilli Emmanuel Shubhakar started his talk with a brief introduction of the Tor, short for
The Onion Router, is free and open-source software for enabling anonymous communication. Tor
directs Internet traffic through: a free, worldwide, volunteer overlay network, consisting of more
than six thousand relays, for concealing a user’s location and usage from anyone conducting network
surveillance or traffic analysis. Following figures show that, how Tor works?

Following figure shows that how the connection is established using the Tor Onion Router:
Image source: Tor: The Second-Generation Onion Router
Tor is a very anonymous and highly confidential in nature that leads to many attacks possible,
including,
• While establishing a circuit if we force the user to choose a particular exit/ entry router. Then
the user traffic can be captured
• Denial of Service attack on the TLS handshake
• Adversaries can also attack the Tor network’s hosts and network links
• Traffic Analysis attack on Tor network

• An attacker that is able to exploit a vulnerability in the web server or in the web application (e.g.
the e-commerce system exposed by the operators to propose the illegal products) could easily
hack the targeted hidden service.
• Seizure of Directory servers
He explained about Why Tor was built. The core principle of Tor, The Onion routing, was
developed in the mid-1990s by United States Naval Research Laboratory employees to protect U. S.
Intelligence Communications. Tor enables its users to surf the Internet, chat and send instant messages
anonymously, and is used by a wide variety of people for both licit and illicit purposes. Tor is good for
people getting around censorship restrictions in their country, people looking to hide their IP address,
or anyone else who doesn’t want their browsing habits linked to them. The Tor network can also host
websites that are only accessible by other Tor users. In other words, you’ve now entered the world of the
Dark Web. You can find everything from free textbooks to drugs on the Dark Web and worse so long
as you know the special URL that takes you to these sites.
The Tor is useful in many ways as, Edward Snowden case, using Tor allowed him to fulfill his
oath to the constitution of the United States and release information of public interest to the media
about the abuses committed by the government through its mass surveillance program without the
government knowing about it. Journalists, dissidents, and non-governmental organizations all use Tor
for sensitive communications or for bypassing laws in countries where the internet is tightly regulated
by the government. These are what Tor was built for.
Following figure shows the usefulness of Tor:
Dr. Pilli further explained about the Tor Browser and its functioning. The Tor Browser consists
of a modified Mozilla Firefox ESR web browser, the TorButton, TorLauncher, NoScript, and HTTPS.

Everywhere Firefox extensions and the Tor proxy. Users can run the Tor Browser from removable
media. It can operate under Microsoft Windows, macOS, or Linux. The Tor Browser automatically
starts Tor background processes and routes traffic through the Tor network. Upon termination of a
session the browser which moves by a Private browsing mode deletes privacy-sensitive data such as
HTTP cookies and the browsing history.
Following figure shows the layout of Tor Browser:
Further the Tor Browser is compared with the Mozilla Browser, as follows:
Tor Browser Mozilla Browser

Used to access Dark Web as well as normal Web Only used to access normal Web
Doesn’t provide anonymity, only normal
Can provide anonymity
browsing
Bandwidth requirement is high Bandwidth requirement is low
Plugins like java, Flash and QuickTime need to
All plugins works flawlessly
be disabled for anonymity
Connection establishment takes time Connection establishment is fast
Dr. Pilli also highlighted the Dark Web and it’s functioning in brief. The dark web refers to
content that isn’t indexed by search engines like google, bing, etc. It requires special software like

Tor Browser or authorization to access. Dark web content lives on the darknet, a part of the internet
accessible only to particular browsers or through specific network configurations. Following figure
shows the architecture of Dark Web:
Image source: https://www.avast.com/c-dark-web
Further he mentioned how the Dark Web is used for illegal purposes. The dark web is used for
many illegal activities like,
• To buy and sell illegal drugs, malware, and prohibited content in darknet marketplaces
• Some dark web commerce sites have dangerous chemicals and weapons for sale.
• Some hackers offer ransomware as a service (RaaS), where cybercriminals can “rent” a strain
of ransomware from its creator in exchange for a fee or a percentage of their ransom payments
• The most well-known dark web marketplace was the Silk Road, which launched in 2011 and
essentially functioned as an Amazon-like market for illegal drugs.
• In 2013, the FBI shut down the Silk Road, and its founder, Ross Ulbricht, is now serving a
double life sentence.
• Hackers sell access to email accounts, social media profiles, or other information that can be
used for identity theft.
Following figures show, how the Dark Web is used for various illegal purposes:

He mentioned a tool called TrackTor, a platform independent tool that provides statistical and
analytical data tracked from the Tor services exercised by the end user. (Source: https://github.com/
hrp-tracktor/TrackTor).
Some of the highlighting features of TrackTor include detailed Bandwidth, Connections and
Resources usage information, Event Logs details etc.

TorShield is another tool for a Defense Proposed for Deep Learning based attacks on Tor. The
defense works on the principle of adversarial machine learning that is to modify the traffic traces with
minimum perturbations to lead to misclassification by adversary’s model. (Source: https://github.com/
narendersinghyadav/torsheild).
TorBot is an open-source intelligence tool for the Dark Web. Using this tool LEAs can automate
their task of crawling and identifying different services in Tor network which can not be accessed
by traditional web crawlers and spiders. It should be able to fetch data and later using the data on
different machine learning algorithms should be able to find such illegal activities that are happening
in encrypted networks. The TorBot Intel module collects information such as, Scripts, Bitcoin Hashes,
Robots, Emails and Files. Following figure shows various modules of TorBot tool:

TorWard is another tool used for the discovery and the systematic study of malicious traffic
over Tor. An intrusion detection system (IDS) is used to discover and classify malicious traffic in it. It
consists of a NAT (Network Address Translation) gateway and a Tor exit router behind the gateway.
Tor traffic is routed through the gateway to the exit router so that we can study the outgoing traffic
from Tor. An IDS is installed on the NAT gateway to analyze the exit traffic before it is rerouted into
Tor. Using TorWard IDS we detected malicious traffic like, Virus alerts, Bot traffic, Adware Alerts and
Spyware. Following figure shows the architecture of TorWard Tool in details:
Image source: TorWard: Discovery, Blocking, and Traceback of Malicious Traffic Over Tor
TorForensics is a forensics tool used to determine any changes that happened due to the
existence of the Tor Browser on the physical system. The process involves getting RAM and memory
dump before the Tor interaction, during Tor interaction and after the Tor interaction. The analyzing
these dumps to find the data available about the Tor usage. Using TorForensics LEAs can find: Tor
Existence on the system, Sites visited using Tor and Data related to Tor.
Following figure shows the working of the TorForensics:

Open Host
Machine
Take a snapshot of
Guest VM
Before the experiment

Open VM
Test the VM
environment
Design & Upload

hidden services
Acquire Volatile
Memory
Memory dump
Before Tor interaction

Acquire Non-volatile
Memory Digital Forensic Image
Tor Browsing Analyse Forensics Form a End

Tor interaction Activities artefacts basis
Acquire Volatile
During Tor interaction Memory Memory dump
Close Browser
Acquire Volatile
After Tor interaction Memory Memory dump
Image source: Tor forensics: Proposed workflow for client memory artefacts

Open Host
Machine
Take a snapshot of
Guest VM
Before the experiment

Open VM
Test the VM
environment
Design & Upload

hidden services
Acquire Volatile
Memory
Memory dump
Before Tor interaction

Tor Browsing Analyse Forensics Form a End

Tor interaction Activities artefacts basis
Acquire Volatile
During Tor interaction Memory Memory dump
Close Browser
Acquire Volatile
After Tor interaction Memory Memory dump
TorBotStalker is a very important tool available to deanonymize real botnets in Tor network and
further identify infected hosts and control servers. It involves the use of circuit traffic fingerprinting
and machine learning to classify Tor circuits to either web or botnet activity. Using this tool LEAs can
block the unwanted Bot traffic on tor and classify different types of botnet like TCP botnet, Http botnet,
etc. (Reference: TorBot Stalker: Detecting Tor Botnets through Intelligent Circuit Data Analysis).
Dr. Pilli mentioned in brief about the Silk Road Marketplace. Silk Road was an online black

market and the first modern darknet market. As part of the dark web, it was operated as a Tor hidden
service, such that online users were able to browse it anonymously and securely without potential
traffic monitoring. The website was launched in February 2011. Silk Road provided goods and services
to over 100,000 buyers. In March 2013, the site had 10,000 products for sale by vendors, 70% of which
were drugs. According to the government, total sales were equivalent to roughly $183 million and
involved 146,946 buyers and 3,877 vendors. Buyers and sellers conducted all transactions with bitcoins
(BTC), a cryptocurrency that provides a certain degree of anonymity. (Reference: https://en.wikipedia.
org/wiki/Silk_Road_(marketplace)). Ross Ulbricht was alleged by the FBI to be the founder and owner
of Silk Road and the person behind the pseudonym “Dread Pirate Roberts” (DPR). He was arrested
on 2 October 2013 in San Francisco in Glen Park Library. The FBI initially seized 26,000 bitcoins from
accounts on Silk Road, worth approximately $3.6 million at the time.
He also discussed how the Silk Road Marketplace was taken down. To catch DPR the agents
searched for the first instance of the mention of Silk Road. They found the site’s first appearance and
found a mention in a Shroomery.org forum. A user named Altoid talked up this exciting new “service
that claims to allow you to buy and sell anything online anonymously”. Googling elsewhere for the
username Altoid revealed a question about database programming posted on Stack Overflow, dated
March 16, 2013, asking, “How do I connect to a Tor hidden service using curl in php?” The email listed
was rossulbricht@gmail.com. A minute later, that user changed the alias to Frosty. A quick search for
his last known address showed that he had lived half a block away from Café Luna, the San Francisco
node on his chart (the site where an administrator had logged in to the Silk Road VPN).
Dr Pilli discussed the egregious case of Peter Scully. Peter is an Australian man currently serving
a life sentence in the Philippines after being convicted of human trafficking and rape by sexual assault
against minors. He is also on trial for dissemination of child pornography, torture and murder. He did
all of the aforementioned things, recorded these acts, and uploaded these recordings on the dark web.
He highlighted the hitmen scams. The dark web is notorious for featuring tons of hitmen for
hire sites. Considering the dark web’s image, a lot of people bought into the idea that they could actually
have someone killed by paying large amounts of money in Bitcoin to someone on the dark web. But it
was all a scam.
To sum-up the session Dr. Pilli highlighted that:
• Tor itself is quite safe, however a simple human error can lead to discovery of the identity of the
individual on the DarkWeb.
• In order to know the activities of DarkWeb users, LEA should themselves be able to gather
information about these sites and take necessary actions.
• Gathering physical evidence of a Tor service is more easy than getting the evidence over the

internet as Tor is highly appreciated for its anonymity.

• There are certain attacks scenarios possible to deanonymize the identity of a Tor user but it
requires special skills
• Tor is also regularly updated to remove the bugs associated with it.
Dr. Pilli ended his talk with a brief session of open Q&A.

Session 3:
Topic: Darknet Intelligence and Forensics
Sh. Inderjeet Singh,

Chief Cyber Security Officer, Vara Technology Pvt Ltd, New Delhi
Sh. Inderjeet Singh delivered his talk focused on darknet intelligence. He started his talk with
surface web, deep web and dark web.
The surface web is the portion of the world wide web that is readily available to the general
public and searchable with standard web search engines. The surface web contains 4% of all internet
content.
The Deep web. Invisible web or hidden web are parts of the world wide web whose contents
are not indexed by standard web search engines. The content of the deep web is hidden behind HTTP
forms and includes many common users such as web mail. Online banking and services that users
must pay for and the Dark web is a portion of the deep web that has been intentionally hidden and is
inaccessible through standard browsers. The dark web is used by people who are looking to procure
drugs, weapons and other hacked databases.
Then he talked about the status of the darknet web in 2022. Dark web accounts for roughly
48% of the internet. Most commonly listed guns on the dark web are pistols, making 84% of category
listings. Terrorism statistics on the dark web reveal that 50,000 extremist groups exist there. 8.1% of
listings on darknet marketplaces are for illicit drugs. 60 of the biggest websites on darknet account
for around 750tb in size. Selling of illegal drugs makes up around 8.1% of the dark web marketplace.
Illegal financing takes up around 6.3% of all dark web markets. Credit card numbers cost as little as $9
on the dark web markets. A hacked twitter account costs $35, while you can pay up to $80 for a hacked
Gmail account. ‘Empire’ is one of the largest darknet marketplaces listing over 6,000 products.
Then he enlightened on the darknet and he discussed about the articles/ service
available in the dark net as follows -
• Sale of illegal drugs: Sale or purchase of narcotics; typically, marketplaces connecting buyers
and sellers
• Sexual Abuse: Sites where the title indicates some form of sexual abuse (typically minors)

• Anonymity: Sites aimed at promoting (or teaching) the use of anonymity tools or anonymous
culture
• Sale of Bitcoin / Cryptocurrency: Currency exchange from a mainstream currency to bitcoin,
but more often money-laundering services
• Sale of forged documents and Counterfeit currency: Sites offering counterfeit items; notable
fake currency, such as notes, or fake passports/ identity documents
• Sale of unlicensed firearms: Sites exclusively aimed at selling guns Sale of stolen credit card
information and user accounts Sale of forged documents and currency
• Hiring hit men
• Child pornography: Pornography sites that carry material that would be illegal in most Western
jurisdictions
• Forum: Web-based forum whose primary purpose does not fit into another category; for
example, generalist forum
• Fraud: Sites attempting to obtain a pecuniary advantage by deception
• Gambling: Any site that promotes/supports gambling. Bitcoin gambling services were most
prevalent here, whereby users would first convert their fiat currency to bitcoin
• Hacking: Site providing instructional information on illegal computer hacking
• Hosting: Dark Net hosting service allowing users to host another Dark Net site
• Mail: Darknet web-based email or messaging service; ex- include Mail2Tor and the now defunct
TorMail
• Blogs: Personal or topical blog, often covering topics such as hacktivism
• Books: ebook service typically offering copyrighted material for free
• Chat: Web-based chat service, excluding services such as Jabber and Internet Relay Chat
• Directory: Site offering links to other sites within the Dark Net, often used for discovering other
sites
• Market: a marketplace selling items other than drugs or services covered in other categories
• News: news service such as current affairs or news specific to the Dark Net
• Search: site providing a search engine-type service; one example is Ahmia
• Whistleblower: sites typically operated by journalists for whistleblowers to submit documents.
The GlobaLeaks platform (Hermes Center for Transparency and Digital Human Rights 2014)
and SecureDrop platform (Freedom of the Press Foundation 2014) were prominently featured
in this category.
• Money laundering

• Insider trading
• Hollywood movies
• Trade secrets
• Government secrets
• Celebrity sex pictures
• Corruption
• Proprietary source code
• Industrial designs like medicine or defence
• Zero day exploits
• Stolen databases
• Proof of tax evasion and Military intelligence
In continue the discussion he has explain to the LEA’s pertaining to the accessing the dark web -
Dark net can be accessed by the TOR browser. After that he has explained the different type of
the darknet -
A. TOR - it Anonymous internet proxy network and data is routed through the relays.
B. I2P - Anonymous peer to peer network. Garlic routing with unidirectional “tunnels”.
C. Freenet - Anonymous data publishing network. Users share portions of their bandbith & drive
and possible to strict peer to peer friends network
By following the reference links -

The reality of the darknet are the Few reachable onion domains Uptime isn’t ideal, Useful for
free expression in few countries, Populars ite like Facebook, NYTimes, etc. Legal to access the Dark
Web.
Then he discussed about the some of the features of marketplace in darknet like -
• Friendly interface which is unique in itself.

• BTC & XMR support
• Exceptional features such as escrow payment systems along with multi-signature.
• PGP support, 2FA login,referral, bug bounty, no records stored for message logs, as well as
transaction logs and much more.
• Users on the darknet market only need to pay for individual orders which are similar to any
other eCommerce market in the clear net.
• Drugs, security, and hosting services (Hacking, energy control, carding are all available except
for the exception from orders that are made from countries like UAE and Russia where it has
been officially banned(both vendor and buyers).
Then he shows the some of the marketplace of the darknet as follows -

There's a site known as Euroarms that lets you buy all kinds of weapons and have
them delivered to your door courtesy of the deep web.

Then he talked about the cost of the different services which are the available in the darknet -
• SSN - $1
• Fake FB with 15 friends - $1
• DDoS Service - $7/hr
• Rent a Hacker - $12/hr
• Credit Card - $20+
• Mobile Malware - $150
• Bank Details- $1000+
• Exploits or 0-days - $150,000+
• Critical databases- $300,000+
After that, he has given some of the examples-

Then he has discussed the threat hunting in the darknet by following the definition of the
threat hunting as “Practice of proactively searching for cyber threats Hypothesis-based approach
Uses advanced analytics and machine learning investigations Proactive and iterative search” also he
explained the benefits of the threat hunting activity as -
• Keep up with the latest trends of attacks

• Prepare SOCs/Incident Responders
• Get knowledge of TTPs (Tactics, Techniques, Procedures) to be used
• Reduce damage and risks to the organization
• Identifying the motivation behind attacks
• Being proactive against different cyber threats and attacks
Then he has explained the methodology for the hunting the threat following the setting up the
lab -
• Lab/VM
• Physical or Cloud
• Isolate the network
• Install relevant tools such as Go Scrapy Privoxy TOR ELK (Kibana, Logstash & Elasticsearch)
and Go libraries Python libraries
He has also given the light on some of the search engine tools for the dark web such as Katana,
OnionSearch, Ahmia Search Engine, DarkSearch, Kilos then he has discussed the tools to get onion
links from the Dark Web like

• Hunchly
• H-Indexer
• TOR66
Link scan tools such as -
• OnionScan
• Onioff
• Onion-nmap.
Also he has explained the tools to scrape data from the Dark Web -
• TorBot
• TorCrawl
• OnionIngestor
Sh. Inderjeet Singh’s talk ended with a brief session of open Q&A.
In the end, Dr. Karuna Sagar, IG/Director (Mod), BPR&D proposed a Vote of
Thanks to the Chair and other Dignitaries. He mentioned that the knowledge shared
by respected experts/speakers on the topic “Investigation of Cyber Crimes in Darknet ‘’ will
definitely help all the Law Enforcement Officers to deal with the day to day Cybercrime
Challenges especially related to Dark Web.
The Webinar concluded at 1:30 PM.

References
1. https://www.wired.com/story/hansa-dutch-police-sting-operation/
2. https://www.europol.europa.eu/media-press/newsroom/news/massive-blow-to-criminal-dark-
web-activities-after-globally-coordinated-operation
3. https://turbofuture.com/internet/A-Beginners-Guide-to-Exploring-the-Darknet
4. https://www.cnet.com/news/privacy/darknet-dark-web-101-your-guide-to-the-badlands-of-
the-internet-tor-bitcoin/
5. https://heimdalsecurity.com/blog/how-to-get-on-the-dark-web/
6. https://www.authentic8.com/blog/understanding-dark-web-and-how-it-can-aid-your-
investigation
7. https://nij.ojp.gov/topics/articles/taking-dark-web-law-enforcement-experts-id-investigative-
needs
8. https://www.rand.org/pubs/research_reports/RR2704.html
9. Forensic Analysis of Tor Browser on Windows 10 and Android 10 Operating Systems, https://
ieeexplore.ieee.org/document/9568880
10. https://www.dsci.in/content/dark-deep-web-advanced-forensic-analysis-tor-browser-and-
implications-law-enforcement
11. Technical White Paper - Dark & Deep Web: Advanced Forensic Analysis of Tor Browser and
Implications for Law Enforcement Agencies, https://www.dsci.in/content/dark-deep-web-
advanced-forensic-analysis-tor-browser-and-implications-law-enforcement
12. Tor forensics: Proposed workflow for client memory artefacts, https://www.sciencedirect.com/
science/article/pii/S0167404821001358
13. TrackTor - https://github.com/hrp-tracktor/TrackTor
14. https://github.com/narendersinghyadav/torsheild

Contact List of BPR&D Officers

Name of the Officer Ph. No./E-mail ID
Dr. Karuna Sagar 011- 26782023

IG / Director (Mod) igmod@bprd.nic.in
Brig Navrattan Joshi Retd. 011-26782185

PSO (Electronics) psoelectronics@bprd.nic.in
Lt. Col. Ashwani Kumar 011- 26782183

AD (Mod) ashwanik@bprd.nic.in
Dr. Raveesh Kumar 011- 26785451

PSO (W) raveesh.kumar@bprd.nic.in
Sh. Sushil Kumar 011-26734931

PSO (B&E) sushilkumar@bprd.nic.in
Dr. M.M. Gosal 011- 26734815

SSO (T) ssotraffic@bprd.nic.in

Notes

officialBPRDIndia
BPRDIndia
Bureau of Police Research & Development India
bprdIndia
www.bprd.nic.in
Cyberdost
www.cybercrime.gov.in
NATIONAL CYBER CRIME RESEARCH & INNOVATION CENTRE (NCR&IC)

NH-8, Mahipalpur, New Delhi-110037

Investigation of Cyber Crimes in Darknet

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Investigation of Cyber Crimes in Darknet

Uploaded by

Copyright:

Available Formats

Proceedings

National Level Webinar on

(28th February, 2022)

National Cyber Crime Research & Innovation Centre (NCR&IC)

(28th February, 2022)

National Cyber Crime Research & Innovation Centre (NCR&IC)

Office Tel.: 011-23092870, 23092595, FAX No. : 011-23094896

BUREAU OF POLICE RESEARCH AND DEVELOPMENT iii

अजय कुमार मिश्रा गृह राज्य मंत्री

(अजय कुमार मिश्रा)

BUREAU OF POLICE RESEARCH AND DEVELOPMENT v

निशिथ प्रामाणिक गृह राज्य मंत्री

BUREAU OF POLICE RESEARCH AND DEVELOPMENT vii

“Promoting Good Practices and Standards”

BUREAU OF POLICE RESEARCH AND DEVELOPMENT ix

“Promoting Good Practices and Standards”

BUREAU OF POLICE RESEARCH AND DEVELOPMENT xi

xii BUREAU OF POLICE RESEARCH AND DEVELOPMENT

31 Contact List of BPR&D officers

BUREAU OF POLICE RESEARCH AND DEVELOPMENT 1

11:00AM-11:05AM Welcome Address - ADG, BPR&D

11:05AM-11:10AM Inaugural Address - DG, BPR&D

11:40AM-11:50AM Q&A - Session 1

12:20PM-12:30PM Q&A - Session 2

01:00PM-01:10PM Q&A - Session 3

01:10PM-01:15PM Vote of Thanks - IG (Mod)

2 BUREAU OF POLICE RESEARCH AND DEVELOPMENT

1. Sh. Brijesh Singh, IPS,

2. Dr. Pilli Emmanuel Shubhakar,

3. Sh. Inderjeet Singh,

BUREAU OF POLICE RESEARCH AND DEVELOPMENT 3

Sh. Balaji Srivastava, IPS, DG, BPR&D

4 BUREAU OF POLICE RESEARCH AND DEVELOPMENT

BUREAU OF POLICE RESEARCH AND DEVELOPMENT 5

Dr. MM Gosal , Senior Scientific Officer, BPR&D moderated the event.

6 BUREAU OF POLICE RESEARCH AND DEVELOPMENT

Sh. Brijesh Singh, IPS

BUREAU OF POLICE RESEARCH AND DEVELOPMENT 7

8 BUREAU OF POLICE RESEARCH AND DEVELOPMENT

BUREAU OF POLICE RESEARCH AND DEVELOPMENT 9

Dr. Pilli Emmanuel Shubhakar,

10 BUREAU OF POLICE RESEARCH AND DEVELOPMENT

Image source: Tor: The Second-Generation Onion Router

BUREAU OF POLICE RESEARCH AND DEVELOPMENT 11

Following figure shows the usefulness of Tor:

12 BUREAU OF POLICE RESEARCH AND DEVELOPMENT

Following figure shows the layout of Tor Browser:

Tor Browser Mozilla Browser

BUREAU OF POLICE RESEARCH AND DEVELOPMENT 13

Image source: https://www.avast.com/c-dark-web

14 BUREAU OF POLICE RESEARCH AND DEVELOPMENT

BUREAU OF POLICE RESEARCH AND DEVELOPMENT 15

16 BUREAU OF POLICE RESEARCH AND DEVELOPMENT

Following figure shows the working of the TorForensics:

BUREAU OF POLICE RESEARCH AND DEVELOPMENT 17

Before the experiment

Design & Upload

Before Tor interaction

Tor Browsing Analyse Forensics Form a End

18 BUREAU OF POLICE RESEARCH AND DEVELOPMENT

Before the experiment

Design & Upload

Before Tor interaction

Tor Browsing Analyse Forensics Form a End