Forensic investigation of the dark web on the Tor network: pathway toward the surface web

The Dark Web is notorious for being a huge marketplace that promotes illegal products such as indecent images of children, drug, private data, and stolen financial data. To track criminals on the Dark Web, several challenges, arising from the Dark Web’s nature, must be overcome. Dark websites frequently change domain names, so investigators find little evidence of criminals when using a common crawling method. Furthermore, disturbing material on the Dark Web threatens investigators’ mental health and decreases the effectiveness of investigations. Above all, given the anonymity of the Dark Web, few clues remain to track criminals. To address these challenges, this article presents an advanced crawler to collect data considering the Dark Web ecosystem. Machine learning models that detect disturbing content are implemented to protect investigators’ mental health. This article also describes tracking code and status module, pivotal clues that can strip the anonymity of perpetrators along with the cryptocurrency transactions studied in previous works. In this article, the current state of the Dark Web is introduced by analyzing 14,993 crawled dark websites. By presenting three case studies, it is proved that our proposed investigative methodology can identify operators of illegal dark websites by connecting dark websites with the corresponding surface websites.