Biblio

With the advent of information and communication technology, the digital space is becoming a playing ground for criminal activities. Criminals typically prefer darkness or a hidden place to perform their illegal activities in a real-world while sometimes covering their face to avoid being exposed and getting caught. The same applies in a digital world where criminals prefer features which provide anonymity or hidden features to perform illegal activities. It is from this spirit the Darkweb is attracting all kinds of criminal activities conducted over the Internet such as selling drugs, illegal weapons, child pornography, assassination for hire, hackers for hire, and selling of malicious exploits, to mention a few. Although the anonymity offered by Darkweb can be exploited as a tool to arrest criminals involved in cybercrime, an in-depth research is needed to advance criminal investigation on Darkweb. Analysis of illegal activities conducted in Darkweb is in its infancy and faces several challenges like lack of standard operating procedures. This study proposes progressive standard operating procedures (SOPs) for Darkweb forensics investigation. We provide the four stages of SOP for Darkweb investigation. The proposed SOP consists of the following stages; identification and profiling, discovery, acquisition and preservation, and the last stage is analysis and reporting. In each stage, we consider the objectives, tools and expected results of that particular stage. Careful consideration of this SOP revealed promising results in the Darkweb investigation.

Operating systems have various components that produce artifacts. These artifacts are the outcome of a user’s interaction with an application or program and the operating system’s logging capabilities. Thus, these artifacts have great importance in digital forensics investigations. For example, these artifacts can be utilized in a court of law to prove the existence of compromising computer system behaviors. One such component of the Microsoft Windows operating system is Shellbag, which is an enticing source of digital evidence of high forensics interest. The presence of a Shellbag entry means a specific user has visited a particular folder and done some customizations such as accessing, sorting, resizing the window, etc. In this work, we forensically analyze Shellbag as we talk about its purpose, types, and specificity with the latest version of the Windows 11 operating system and uncover the registry hives that contain Shellbag customization information. We also conduct in-depth forensics examinations on Shellbag entries using three tools of three different types, i.e., open-source, freeware, and proprietary tools. Lastly, we compared the capabilities of tools utilized in Shellbag forensics investigations.

In the computer era, various digital devices are used along with networking technology for data communication in secured manner. But sometimes these systems are misused by the attackers. Information security with the high efficiency devices, tools are utilized for protecting the communication media and valuable data. In case of any unwanted incidents and security breaches, digital forensics methods and measures are well utilized for detecting the type of attacks, sources of attacks, their purposes. By utilizing information related to security measures, digital forensics evidences with suitable methodologies, digital forensics investigators detect the cyber-crimes. It is also necessary to prove the cyber-crimes before the law enforcement department. During this process investigators type to collect different types of information from the digital devices concerned to the cyber-attack. One of the major tasks of the digital investigator is collecting and managing the seizure records from the crime-scene. The present paper discusses the seizure record framework for digital forensics investigations.