A machine learning‐based memory forensics methodology for TOR browser artifacts

Summary At present, 96% of the resources available into the World‐Wide‐Web belongs to the Deep Web, which is composed of contents that are not indexed by search engines. The Dark Web is a subset of the Deep Web, which is currently the favorite place for hiding illegal markets and contents. The most...

Full description

Saved in:
Bibliographic Details
Published in:Concurrency and computation 2021-12, Vol.33 (23), p.n/a
Main Authors: Pizzolante, Raffaele, Castiglione, Arcangelo, Carpentieri, Bruno, Contaldo, Roberto, D'Angelo, Gianni, Palmieri, Francesco
Format: Article
Language:English
Subjects:
anonymity
Artificial intelligence
Forensic computing
Forensic sciences
Machine learning
Methodology
private browsing
Search engines
the onion router
TOR
Tor browser
Web browser forensics
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Summary At present, 96% of the resources available into the World‐Wide‐Web belongs to the Deep Web, which is composed of contents that are not indexed by search engines. The Dark Web is a subset of the Deep Web, which is currently the favorite place for hiding illegal markets and contents. The most important tool that can be used to access the Dark Web is the Tor Browser. In this article, we propose a bottom‐up formal investigation methodology for the Tor Browser's memory forensics. Based on a bottom‐up logical approach, our methodology enables us to obtain information according to a level of ion that is gradually higher, to characterize semantically relevant actions carried out by the Tor browser. Again, we show how the proposed three‐layer methodology can be realized through open‐source tools. Also, we show how the extracted information can be used as input to a novel Artificial Intelligence‐based architecture for mining effective signatures capable of representing malicious activities in the Tor network. Finally, to assess the effectiveness of the proposed methodology, we defined three test cases that simulate widespread real‐life scenarios and discuss the obtained results. To the best of our knowledge, this is the first work that deals with the forensic analysis of the Tor Browser in a live system, in a formal and structured way.
ISSN:1532-0626
1532-0634
DOI:10.1002/cpe.5935