Spyder Forensics Dark Web Host-Based Forensics
40 Hours / 5-Days
Course Overview
Delve into the world of Tor, I2P and Freenet
During this course, participants will gain a detailed understanding of the software used to access the Dark networks and what data persists from their usage. Utilizing various techniques and forensic applications, participants will learn how to recognize the presence of the Dark Web tools on multiple platforms, and how to extract the relevant information. Topics covered include deciphering Tor Browser artifacts on Windows®, Android and iOS, identifying and extracting Tor Browser activity from Memory, a forensic look at I2P and Freenet Artifacts found on a Windows® device, and decoding popular cryptocurrency wallets. Additionally, students will learn methodologies to identify Dark Web and Cryptocurrency activity through the use of RegEx.
Course Modules:
Forensic Analysis of Tor Browser Artifacts
- Introduction to the Tor Browser on Windows® Devices
- Examine the artifacts associated with the installation of the Tor Browser
- Extracting User Bookmark Information
- Bookmark Backups
- Places.sqlite
- Identifying Tor Browser Activity from Windows Timeline
- RegEx Searching Onion Addresses
Tor Browser Usage Artifacts from Memory
- Introduction to HTTP Requests and Responses
- Identifying HTTP Requests and Responses in Memory
- Data Carving HTML pages from Memory
- Data Carving Graphics from Memory
PGP Artifacts
- Introduction the PGP Encryption
- Identifying PGP Artifacts using RegEx
- Extracting information from PGP keys
Forensic Analysis of I2P Artifacts
- Introduction to I2P on Windows® Devices
- Examine the artifacts associated with the installation of I2P and I2Peasy
- Learn the function of the I2P Address book and how to extract information from it
- Identifying I2P Browsing History
- RegEx Searching I2P Addresses
Forensic Analysis of Freenet Artifacts
- Introduction to Freenet on Windows® Devices
- Examine the artifacts associated with the installation of Freenet
- Extracting Freenet usage information
- Freenet Bookmarks
- Upload/Download History
- Understanding the Node to Node Text Messaging System (N2NTM)
- Decoding the N2NTM artifacts
- Identifying Freenet Browsing History
- RegEx Searching Freenet Keys
iOS Tor Applications
- Introduction to Tor applications on iOS devices
- Decoding the OnionBrowser Application
- Decoding the RedOnion Application
- Extracting Connection information from Orbot
Android Tor Applications
- Introduction to Tor applications on Android devices
- Decoding the Tor Browser Application
- Decoding the OrNet Application
- Extracting Connection information from Orbot
Cryptocurrency Artifacts
- Introduction to popular Windows® Desktop Wallets
- Identifying and extracting wallet information
- Electrum
- Exodus
- Bitpay
- Wasabi
- Introduction to Trezor and Ledger Hardware Wallets
- Identifying the use of Hardware cryptocurrency wallet
- Extracting Hardware wallet information from their setup applications
- Decoding Trezor Suite
- Decoding Ledger Live
Course Information
- 5-Days of Instruction
- Course Manual
- Practical Files
- Attendance Certificate
Prerequisites
To get the most out of this class, you should:
- Have 12 months experience in forensic examinations
- Attended Spyder Forensics Foundations training or similar program
- Have a fundamental understanding of SQLite, LevelDB’s, Binary Plists, HTML and JSON files
- Be familiar with Dark Web Investigations
Request the Syllabus
Contact Spyder Forensics for more details of the course.
Hosting Courses
If you are interested in hosting this, or any of our courses at your facility, contact us.