A Forensic Audit of the Tor Browser Bundle
Matt Muir, Petra Leimich, William J Buchanan
TL;DR
This paper presents an experimental methodology to identify digital evidence left by the Tor Browser, aiding investigators in overcoming privacy protections for forensic analysis.
Contribution
It introduces a novel forensic approach to detect evidence artifacts from the Tor Browser, enhancing investigative techniques for privacy-focused tools.
Findings
Identified specific digital artefacts associated with Tor Browser use
Demonstrated effectiveness of the methodology in real-life scenarios
Provided guidelines for forensic investigators
Abstract
The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its local footprint within a host and over a network connection. The Tor browser, though, can leave behind digital artefacts which can be used by an investigator. This paper outlines an experimental methodology and provides results for evidence trails which can be used within real-life investigations.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDigital and Cyber Forensics · Web Application Security Vulnerabilities · Advanced Malware Detection Techniques