Article: DarkExtract: tool for extracting and analysing Tor Browser host-based activities Journal: International Journal of Electronic Security and Digital Forensics (IJESDF) 2025 Vol.17 No.5 pp.563 - 581 Abstract: The increasing usage of Tor Browser, a popular tool for anonymous web browsing, has presented unique challenges for forensic investigators in analysing digital evidence. This research paper introduces Dark_Extract, an open-source tool designed to simplify the identification and analysis of host-based artefacts left by Tor Browser. The purpose of this study is to address the challenges associated with forensic analysis of Tor Browser traces by providing a user-friendly and efficient solution. The methodology employed in developing Dark_Extract involved the analysis of Tor Browser's architecture and the identification of key host-based artefacts relevant to forensic investigation. The tool was then developed to automate the extraction and analysis of these artefacts, eliminating the need for extensive knowledge of Tor Browser's intricate structure. The major findings of this study demonstrate the effectiveness of Dark_Extract in simplifying the forensic analysis of Tor Browser traces. The tool successfully extracts and presents crucial host-based artifacts such as downloads, cookies, browsing history, and bookmarks, which can be of significant importance in forensic investigations. The results obtained through the use of Dark_Extract indicate its accuracy and efficiency in identifying and organising these artefacts. Inderscience Publishers - linking academia, business and industry through research

Title: DarkExtract: tool for extracting and analysing Tor Browser host-based activities

Authors: Ngaira Mandela; Amir Aboubakr Shaker Mahmoud; Animesh Kumar Agrawal; Nilay R. Mistry

Addresses: School of Digital Forensics and Cyber Security, National Forensic Sciences University, Gandhinagar, India ' School of Digital Forensics and Cyber Security, National Forensic Sciences University, Gandhinagar, India ' Unitedworld Institute of Technology (UIT), Karnavati University, Ahmedabad, India ' School of Digital Forensics and Cyber Security, National Forensic Sciences University, Gandhinagar, India

Abstract: The increasing usage of Tor Browser, a popular tool for anonymous web browsing, has presented unique challenges for forensic investigators in analysing digital evidence. This research paper introduces Dark_Extract, an open-source tool designed to simplify the identification and analysis of host-based artefacts left by Tor Browser. The purpose of this study is to address the challenges associated with forensic analysis of Tor Browser traces by providing a user-friendly and efficient solution. The methodology employed in developing Dark_Extract involved the analysis of Tor Browser's architecture and the identification of key host-based artefacts relevant to forensic investigation. The tool was then developed to automate the extraction and analysis of these artefacts, eliminating the need for extensive knowledge of Tor Browser's intricate structure. The major findings of this study demonstrate the effectiveness of Dark_Extract in simplifying the forensic analysis of Tor Browser traces. The tool successfully extracts and presents crucial host-based artifacts such as downloads, cookies, browsing history, and bookmarks, which can be of significant importance in forensic investigations. The results obtained through the use of Dark_Extract indicate its accuracy and efficiency in identifying and organising these artefacts.

Keywords: Tor Browser; dark web; dark net; forensic investigation; digital evidence; host-based artefacts; anonymous web browsing; forensic data extraction.

DOI: 10.1504/IJESDF.2025.148210

International Journal of Electronic Security and Digital Forensics, 2025 Vol.17 No.5, pp.563 - 581

Received: 18 Aug 2023
Accepted: 13 Nov 2023
Published online: 01 Sep 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: DarkExtract: tool for extracting and analysing Tor Browser host-based activities

Keep up-to-date