Investigating Darknets – 2019 OSMOSIS Session Topic

Andrew Lewman

Making the theoretical, practical. Darknet technologies are often steeped in deep technical jargon and complex computer science terms. In reality, they’re based on simple concepts anyone can understand. Models like Distributed Hash Tables, JSON, magnet files, BitTorrent protocols. We’ll learn the basic foundations of darknet technologies. We’ll build upon this foundation by getting more into more complex implementations and see how these are deployed in live darknets. We’ll learn basic forensic approaches to understanding darknets as seen on live machines. Throughout all of this will be sprinkled stories and anecdotes from past successful investigations. We’ll dissect how Tor actually works, the difference between VPN mode and hidden service mode. We’ll walk through a more secure darknet workstation for analysts. This will enable us to better investigate sites, collect evidence, and explore with reduced exposure to the darknet.

Learning Objectives:

  • Understanding of the various darknet technologies, tor, i2p, zero net, open bazaar
  • Gain practical experience with darknets
  • Investigate darknets using multiple sources of data