The DarkNet, Investigations & Criminality
Professor John Walker
HEXFORENSICS Ltd
Shelton Street, Covent Garden, London, WC2H 9JQ

The Technology Explosion – the Opportunity
The race to evolve technology has in itself enabled the world to be a smarter place, and manifested in opportunities
for the global community.
It has also enabled the Criminal Community to create a business model that nets billions in illicit revenue.
Add to this the fact that many businesses do not understand the Cyber Threat and you have the Perfect Storm in which
Criminality, Paedophiles, Abusers and their DarkNets may thrive.

Research
According to research &
Europol the principal
search engines index only a
small portion of the
overall web content,
the remaining part is
unknown to the
majority of web users.
I concur..

Why DarkNet?
The DarkNet may actually represent anything its creator withies, for whatever purpose:
• Fun
• International Terrorism
• Criminal Community Support
• Copyright Theft
• Paedophilia and Distribution of Images
• On Line Live Abuse
• Hacking
•
• Anything

What is the DarkNet Made of?
The Construction is down to imagination, ingenuity,
and creativity.
•
Dynamic URL’s

The Challenge – The Truth
Proxy Server are on offer in Russia [and other places] as an intermediate system to acts as a
mediator between a computer and the Internet.
These Proxy Servers are used for various purposes, but their main purpose is to support anonymity.
Anonymity, in this case, comes from the fact that the destination server sees the IP address of the proxy
server and not that of the miscreants system.
The good news is – such services store logs, and do not always provide complete anonymity.
Dynamic Content
Unlinked Content
Private Web
Contextual Web
Scripted Content
Non-HTML/Text Content

The Reality of the Global Threat Landscape
http://hackmageddon.com/2015/04/20/1-15-april-2015-cyber-attacks-timeline/
Here is a list of 49 attacks which took place
Up to and including 14/04/2015!

Evolution - CaaS
TheRealDeal," has opened up for hackers,
which focuses on selling Zero-Day exploits
— infiltration codes that took advantage of
software vulnerabilities for which the
manufacturers have released no official
software patch.
Consider MS15-034 flaw which has left over 70
million sites vulnerable to Cyber Attack.

The Value of HUMINT
No matter the type of event or security incident, HUMINT [Human Intelligence] can be a double edge sword –
• On one hand it can bring high value to the investigation
• On the other – it can represents OoII to Cyber Adversaries

Minority Reporting – The value of TIA
The Cyber Threats-of-the-Age dictate a new way of looking at the unconventional through a new window of defence.

“Digital Forensics has been used in investigations for more than 30 years, however it is now
facing one of its biggest challenges.”
Professor Andy Jones – De Montfort University
This presentation only considered the environmental facets of a DarNet – it did not consider:
• Acquisition of Artifacts
• Reliability of Evidence
• Distance Forensic Protocols
• The Chain-of-Evidence
• Multi Cloud Environment
• Locally Stored Keys
• Admissibility
This is a new age and thus dictates new protocols of engagement .

Thank You for Listening