International Journal of Electronic Security and Digital Forensics (26 papers in press)
Security and Privacy of Adolescents in Social Applications and Networks: Legal Practice of Developing Countries
by Ahmad Ghandour, Viktor Shestak, Konstantin Sokolovskiy
Abstract: The article aims to study the developed countries experience on the legal regulation of cyberbullying among adolescents, to identify existing shortcomings in the developing countries laws, and to develop recommendations for improving the regulatory framework. To do this, the authors have studied the state regulatory practice of the UK, USA, Canada, Malaysia, South Africa and Turkey and analysed the statistics of 2018 on the manifestation of cyberbullying among adolescents in these countries. It turns out that in the countries under review there is either no separate. The percentage of cyber aggression cases among adolescents in developing countries is higher than in developed countries. For example, in South Africa, it is 85%, and in Canada 33%. The results of this study can encourage countries to create separate cyberbullying legislation if they do not have it yet and periodically review and modify already existing legislation.
Keywords: adolescent protection; cyberbullying; depression; regulations; social networks; suicide.
Computer and Network security: Intrusion detection system using mobile agent
by Samir Bourekkache, Okba KAZAR, Aloui Ahmed, Ghazali Hamouda
Abstract: With the evolution of internet and computer networks, security has become a major concern over the years. Security is a focal aspect of every computer system and so the quality of these systems depends on the provided functionalities as well as the degree of their security. Generally, we trust the used networks when using our personal and sensitive information. However, several threats and attacks of stealing our information and harming our computers are possible. Therefore, intrusion detection system is one of the most widely used systems to diagnose various threats and malicious activity on computer networks. There are a lot of works that have proposed MAS-based intrusion diagnostic techniques to handle attacks. In this paper, we proposed an approach for intrusion detection system that uses a set of mobile agents to ensure the protection of the whole data and machines from attackers. Moreover, to detect possible attacks, we use the scenario method that is based on the comparison of the packets received in the network with the information stored in the attacks signature database.
Keywords: intrusion detection systems; computer and network security; multi-agents system; MAS; mobile agent; JADE.
Quantitative Impact Analysis of Application-level Attacks on a Robotic Platform
by Khalil Ahmad Yousef, Anas Almajali, Bassam Mohd, Salah Abu Ghalyon
Abstract: Robots are important examples of cyberphysical systems. Typically, robots are battery powered, which are potential target for cyber-physical attacks to drain batteries and reduce their lifespan. When the battery is drained, the robot is not available and results in denial-of-service. Hence, robotic security and operation duration are fundamental requirements. The main objective of this paper is to provide an impact-based quantitative security risk assessment of three application level attacks targeting a well-known mobile robot platform that is called the PeopleBotTM. The novelty of our work is that we successfully drained a fully-charged robot battery using application level attacks that include exhausting the computing resources of the robot. The attacks cause reduction in the robot availability time. The average availability time from the performed attacks was reduced by 11.78%. We followed the adversarial risk assessment template provided in NIST. Finally, some mitigation strategies for the performed attacks were suggested.
Keywords: cyber-physical security; robot availability; attacks; vulnerability; risk assessment; PeopleBot.
Passive contrast enhancement detection using NSCT based statistical features and ensemble classifier
by Gajanan Birajdar, Vijay Mankar
Abstract: Due to widespread use of digital images and sophisticated image editing software, it is quite easy to create digital image forgeries without leaving any visual traces of doctoring. Contrast enhancement (CE) processing is popularly used to hide the traces of doctoring in copy-and-move image forgery operation by malicious users. In this paper, global blind contrast enhancement detection algorithm is proposed using various statistical parameters based on Gaussian distribution and generalised Gaussian distribution features, energy and grey level run length matrix (GLRLM) descriptors after NSCT decomposition. Fisher feature selection criterion is utilised to choose the most relevant features and to remove the less important features. Detection accuracy of the algorithm is investigated using various ensemble classifiers architectures. Experimental results are presented using four different ensemble classifier architectures class-I to class-IV for Cb and grey image database. The proposed algorithm outperforms all the existing feature-based approaches compared using the detection accuracy.
Keywords: blind image forgery detection; non-subsampled contourlet transform; grey level run length matrix; GLRLM; generalised Gaussian distribution; classifier ensemble.
Using a DNA Tape as a Key for Encrypt Images
by Mohammed Fadhil, Hamza Al-Sewadi, Shadi Masadeh
Abstract: Security of sensitive information, such as medical, financial, and national security records, whether in transmission or storage are of high concern nowadays. Due to the unique feature of deoxyribonucleic acid (DNA), it is anticipated that their utilisation would prove beneficial for new cryptographic schemes. A great benefit of the DNA concept is that their sequence is indefinitely long, unique, and has a binary sort of behaviour lending itself to digital computer implementations. This paper presents an innovative method for utilising the DNA features which are incredibly stable and unique for every living being by first: treating the image and the key used as chains of the four nucleotides of the DNA (A, T, C, G), second: building and using map tables to implement the encryption operations. Experiments with different types and sizes of images have given promising results in comparison with available image encryption schemes.
Keywords: DNA cryptography; key generation; image encryption; sensitive applications; random sequence.
A Secured Data Sharing Framework for Dynamic Groups using an Attribute-based Cryptography in Public cloud: Agri-Cloud
by Poornima E, Sasikala C, Vijayakumar Peroumal
Abstract: A secured data sharing algorithm is implemented across the dynamic users in the cloud using an efficient attribute based cryptography technique. Proposed data sharing algorithm provides two solutions to the effective usage of resources to the organisational data storage. Initially, E-ABBE scheme and the latter group-based ABE technique help to provides flexible, confidential and easiest key management method. The overhead of computation will still be constant and will not take account of the no. of users and revoked users in the group which ensures privacy and security to utilise the cloud resources by the group users and these solutions are applied for agriculture data in an agri-cloud drive for such dynamic groups using techniques. The performance analysis of the proposed method has been assessed by simulating it in Cloud Sim tool and the results are compared with MONA.
Keywords: data sharing; cloud computing; key management; dynamic groups; multiple owners; cloud computing; agri cloud; attribute-based encryption; attribute-based group signature.
A comparative analysis of Copy-move forgery detection algorithms
by Mohassin Ahmad, Farida Khursheed
Abstract: Copy-paste/copy-move image forgery is also known as image cloning, in which a portion of an image or entity is copied and pasted to another region of a certain picture. This category of image manipulation has the intent either to conceal the entity or to fabricate the image details. Thus, the authenticity of the photographs in different real-world implementations becomes challenging. The number of cases of image tampering is raising with the simple accessibility of image manipulation tools. Therefore, robust, precise and effective approaches to digital image forgery detection are increasingly required. A study on copy-move forgery detection (CMFD) is performed in this paper using three common schemes and their efficiency is checked and compared on images with rotation and scaling in the copied region. First, we will cover DCT-based CMFD, then adaptive over-segmentation and matching feature point. Finally, CMFD, based on PatchMatch, is addressed. The findings show the very good performance of each system.
Keywords: copy-move forgery detection; CMFD; digital image forensics; discrete cosine transform; DCT; scale invariant feature transform; SIFT; PatchMatch.
FPGA Implementation of Hybrid Asymmetric key based Digital Signature and Diffie-Hellman Key Exchange Algorithm for IoT Application
by Vijayakumar Peroumal, Sujan Krishna, Harivamsi Reddy, Polineni Ramakrishna, Jagannath M
Abstract: A new RSA-based Diffie-Hellman key exchange with a digital signature algorithm has been proposed and implemented through FPGAs. In the proposed algorithm, the problem of man-in-the-middle attack is solved. The proposed algorithm is more useful in the case of the client and server-based interaction like in the case of wireless mobile internet (4G/LTE) usage by an individual and in case bank transactions that are made by the individuals. Security, resistance to side attacks and collisions, larger key size, non-factorisation of the prime numbers are the advantages of the RSA which is used in the proposed algorithm. Synthesis and implementation of the encrypted block have been compared and analysed on Spartan-3, Spartan-6e, Virtex-4 and Spartan-6 FPGA boards. Complete security is achieved using digital signature and previous problems of the traditional algorithm.
Keywords: digital signature; authentication; cryptography; Diffie-Hellman; RSA; FPGA.
Detection of Injections in API requests using Recurrent Neural Networks and Transformers
by Sujan Reddy, Bhawna Rudra
Abstract: Application programming interfaces (APIs) are playing a vital role in every online business. The objective of this study is to analyse the incoming requests to a target API and flag any malicious activity. This paper proposes a solution based on sequence models and transformers for the identification of whether an API request has SQL injections, code injections, XSS attacks, operating system (OS) command injections, and other types of malicious injections or not. In this paper, we observe that transformers outperform B-RNNs in detecting malicious activity which is present in API requests. We also propose a novel heuristic procedure that minimises the number of false positives. We observe that the RoBERTa transformer outperforms and gives an accuracy of 100% on our dataset. We observe that the heuristic procedure works well in reducing the number of false positives when a large number of false positives exist in the predictions of the models.
Keywords: vanilla recurrent neural networks; recurrent neural networks; RNNs; long short-term memory; gated recurrent units; GRU; security; application programming interfaces; API.
Child Pornography through Cyberspace - A Comparative Analysis of Laws and Criminal Justice Responses in India with USA, UK and Japan.
by Rupashree Sahoo, Paromita Chattoraj
Abstract: In India the number of cases of creating or storing child pornography in 2019 doubled from that of 2018, although, there are legislations like Protection of Children from Sexual Offences Act, 2012 as well as Information Technology Act, 2000 that prohibit creation, viewing and circulation of child pornography. Some of the technologically advanced countries encountering higher prevalence of cyber child pornography have strict laws and standardised procedures for effective investigation and prosecution of cases. This paper focuses on the various facets of child pornography through cyber space in India in terms of definition and punishment for the offence and criminal justice response through the stages of reporting, investigation and court disposals. The comparative analysis of these aspects in India with already established systems of USA, UK and Japan, is made to critically evaluate where the Indian laws and criminal justice administration stands in tackling this offence.
Keywords: cyber child pornography; CCP; investigation; criminal justice; court disposals; USA; India; UK; Japan.
Problems of legal regulation of activities for the commercial use of space communications
by Gulmira Ishkibayeva, Daniya Nurmukhankyzy
Abstract: It is impossible to imagine the life of a modern person without space technologies: telecommunications, satellite navigation, remote sensing of the Earth from space, predictions of natural disasters and weather fluctuations, mineral exploration, etc. The purpose of the study is to assess the problems of legal regulation of activities related to the space use of space communications. The scientific novelty is determined by the fact that the paper demonstrates the development of a set of regulations for the commercial use of space communications for the first time. Along with the undeniable advantages of space technologies, the exploration and use of outer space is associated with a wide range of risks, threats, and challenges that pose a danger to both the population of the Earth and outer space, as well as to people and other biological beings in space. The practical significance of the study is determined by the fact that the safety of space activities in recent years has become one of the most serious problems of space activities.
Keywords: insurance of space activities; outer space; licensing; space policy; international legal regulation.
Forensic cloud environment: a solution for big data forensics
by Oteng Tabona, Andrew Blyth, Thabiso Maupong, Thabo Semong
Abstract: Big data forensics is a new and interesting research field because of the enormous amount of data and a variety of digital sources that are available today. Many of the proposed techniques in the literature use a workstation environment to carry out digital forensics investigations involving big data. The challenge of these techniques includes lack of evidence correlation, intelligence and knowledge sharing, and security lapses. In this paper, we propose a method to carry out digital forensic involving big data in the cloud. The key ingredient of our solution is a novel cloud environment called forensic cloud environment (FCE). We outline the key components of FCE, for each component and we discuss the role it plays in FCEs ability to handle big data. Finally, we evaluate the efficacy of FCE against forensic toolkit (FTK). The performance evaluation indicates that the FCE performs much better than FTK when dealing with big data forensic.
Keywords: digital forensic; big data forensics; forensic cloud environment; FCE; forensic toolkit; FTK.
Big Data Analysis and Forensics
by Asia Aljahdali, Ghalia Alluhaib, Rasha Alqarni, Majdah Alsharef, Amal Alsaqqaf
Abstract: This study provides an insight into one of digital forensics needs by analysing big data. As digital forensics is one of the branches of forensic science specialised in recovering data from digital devices for investigation for purposes of computer crime or other goals. The study also shows how when the problem relates to the storage, management and analysis of a large amount of data of its various types, organised and semi-organised, which defend big data, there are challenges facing digital investigators. Investigators rely on specific tools to handle big data like Hadoop, Spark Apache, and SAS. Hadoop provides a system for storing massive files on distributed files and analysing their components. While Spark Apache provides quick analysis of distributed data without storing it. SAS visual analysis of big data provides fast support for data discovery and visualisation via a memory drive. An overview of these three big data technologies is reviewed through their components and the processes by which these features are compared and then compared. The study shows how the greatest benefit is achieved by bringing these tools together when using rather than relying on one and not the other.
Keywords: big data; digital forensics; Hadoop; Spark Apache; SAS.
A Framework for Enhancing Privacy in Online Collaboration
by Aashish Bhardwaj, Vikas Kumar
Abstract: COVID-19 pandemic has changed the working of almost all the organisations from physical to online mode, due to its social distancing norms. Working in online mode requires a collaboration platform for sharing documents, audio and video in real time. However, due to poor privacy barriers and ignorance of participants; pranksters, fraudsters and cyber criminals are able to breach the privacy in these collaborations. Present work highlights the privacy features of the popular collaboration tools and their implications for the users. Major privacy breach incidences have been presented along with the associated technological glitches. A privacy enhancement framework has been proposed with six significant pillars as: 1) user centric privacy design; 2) compliance to privacy laws; 3) access control; 4) transparency; 5) awareness and education; 6) ethical contact tracing. The privacy framework will be able to take-up the privacy challenges in online collaboration, if properly implemented. Also, the framework is more user centric rather than the organisation centric, hence it can be used by both the individual and institutional users.
Keywords: privacy; online collaboration; zoom; contact tracing; COVID-19; pandemic.
The relationship between cyber-attacks and dynamics of company stock. The role of reputation management.
by Iryna Leroy
Abstract: There are number of factors that can affect the value of stock prices and move stocks up and down. News (both economic and political) often has significant influence on the financial system and the stock market, in particular. News about cyberattacks on companies is always negative. For example, in September 2014 shares of technological company Apple fell more than 4% in a day after rumours of a hack in the cloud service iCloud, which resulted in the distribution of photographs of American celebrities. Cyber-attacks cause not only financial damage, but also lead to reputational losses. Which reputation management tools can companies use in order to recover the value of the company's shares? This study provides evidence that the recovery of shares after a cyber-attack occurs in those companies that use certain tools of reputation management, which allows better share price recovery in the stock market.
Keywords: reputation management; information security; investor relations; computer security; cyber attack;stock market.
Management of Electronic Ledger: A Constraint Programming Approach for Solving Curricula Scheduling Problems
by Aftab Ahmed Shaikh, Abdullah Ayub Khan
Abstract: Curricula timetabling belongs to the scheduling and planning domain of artificial intelligence, the problem largely recognised by its key importance for initiating and afterward regulating the curricula events. In the literature the issue is reflected as a resources management job against puzzling constraints. The group of hard constraints requires the vital priority and must be removed, whereas the degree of solving of soft constraints upraises the quality scale and leads to optimal solution at the end. Constraint programming is one of the contemporary techniques that shape the research work presented in this article. The research investigates a constraint programming framework to examine over the various datasets. The study proposes and implements three incremental low-level heuristics operated by min-conflict algorithm approach for solving identical but unequal benchmark scheduling instances. The framework is designed in such way to provide fair chance of randomisation and incremental calculation to parameters in order to keep up the accuracy. The acquired prominent results validated the effectiveness and correctness of proposed methodology.
Keywords: heuristic scheduling; constraints programming; problem solving; electronic ledger management.
Cyber Terrorism and its Role in the Outbreak of International Crisis
by Abedalrzag Aldalbeeh, Ahmad Alsharqawi
Abstract: Cyber-terrorism is an important issue that concerns the local and international communities. So that terrorist acts have developed due to the evolution of societies and the scientific and technological progress that societies are witnessing, where they have developed in terms of style and concepts. Therefore, cyber-terrorism has become one of the sources of threat and outbreak of the crisis, whether local, regional or international. One of the most important reasons for developing the concept of cyber-terrorism is the technological revolution. Despite the many advantages offered by the age of technology in facilitating human life, it has become a fertile environment for terrorists to spread their extremist ideology, thus causing. Therefore, this study came to explain the phenomenon of cyber-terrorism and its role in the outbreak of crisis through social media and electronic programs.
Keywords: cyber; terrorism; crisis; technological; revolution; social media; electronic.
Cloud Forensics and Digital Ledger Investigation: A New Era of Forensics Investigation
by Abdullah Ayub Khan, Aftab Ahmed Shaikh, Asif Ali Laghari, M. Malook Rind
Abstract: Nowadays, cloud computing has gained popularity because it provides a platform for pay-as-you-go services, including hardware, software, and operating environment. However, technological resources cannot only be shared; but allocated on-demand to various users. The emerged rate of inevitable vulnerabilities and network crime activities all over the globe. Cybercriminals targets cloud environments. So, the demand for digital investigation is increased drastically. These extreme challenges pose serious issues for the cloud investigation. It has an impact on the researcher community of digital forensics as well. The cloud service providers and customers have yet to establish adequate forensics capacity and support digital forensics investigations on cybercrime activities in the cloud. In this paper, we present a digital forensics-enabled cloud investigation framework. In addition, we survey previous related works based on existing cloud forensics practices, fog forensics, edge forensics, and law and highlight the significant role of cloud computing in digital forensics. Finally, we discuss the technical challenges and limitations along with the future directions.
Keywords: cloud forensics; digital ledger investigation; cybercrime; cloud computing; edge computing; fog applications.
Color image encryption based on an improved Fractional-order logistic map
by Ismail Haddad, Djamel Herbadji, Aissa Belmeguenai, Selma Boumerdassi
Abstract: In this work, we use an improved fractional-order logistic map to introduce a new colour image encryption algorithm. By analysing the Lyapunov exponent and the bifurcation diagram, the map provides a wider range and a uniform distribution of data compared to its classical. It also has additional parameters and thus a larger key space, which makes it better in protection and safety against hacker attacks. Our algorithm relies on random input of pixels in order to obtain a different image in each encryption round to ensure greater protection. The algorithm also provides great permutation and diffusion features. The simulation results and security analysis indicate that our scheme has a good impact on encryption and can withstand various attacks, such as statistical attack, differential attack and data loss and noise attacks.
Keywords: fractional-order; logistic map; image encryption; security analysis.
A New Encryption System for IoT Devices using Embedded Key Cryptosystem
by Shadi Masadeh
Abstract: IoT constrained devices have special phenomena of constrained resources such as power source, memory and processing power. Besides, it is vital to achieve an acceptable level of security and privacy while preserving the IoT device resources. In this paper, a new cryptographic algorithm is developed that would be suitable for securing IoT devices using embedded key cryptosystem. The encryption/decryption processes are achieved by segmenting the message into blocks of certain length. Each block is encrypted/decrypted using a key that is generated according to the segment itself, i.e., the keys are embedded into the blocks. The algorithm adopts two tables; one for the intended character set and the other for the key elements generation. The secrecy of these tables is responsible for securing the key strength. Experimental implementation proves the algorithm feasibility and strength against hackers and intruders.
Keywords: symmetric cryptosystems; key embedding; IoT security; network security.
An Improved Region-based Embedding Technique for Data Hiding and Image Recovery using Multiple ROI and RONI
by Bijay Paikaray, Debabala Swain, Sujata Chakravarty
Abstract: To preserve the sensitive contents of the digital images during their transmission, it is essential to hide them with maximum imperceptibility so that the intruders will not be able to identify visually. The image recovery at the receiver end is equally significant because of the sensitive images, like medical diagnosis images, satellite images, etc. This paper proposes an improved image hiding technique where the sensitive contents of the image are located in multiple regions. These regions get embedded based on histogram analysis of the region of interest (ROI) pixels then hidden in the region of non-interest (RONI). Further, the reverse operations can be applied to the embedded regions and the hidden data are retrieved from RONI. Using this technique, the embedded regions can be easily extracted and recovered with the fully restored without any loss. The proposed work is on multiple ROI with the reliability, integrity, and confidentiality of transmitted images.
Keywords: multiple ROI; region of non-interest; RONI; medical image; image embedding; hiding; imperceptibility; recovery.
A Framework for Evaluating Cyber Forensic Tools
by SUNIL GUPTA, Pradeep Arya, Vemuri Dwijesh Sai, Sri Sai Bhargav Nagandla
Abstract: Digital forensics has always been a versatile and high stress field. Perpetrators use various methods to commit crimes and find ways to evade the authorities. Forensic investigators use automated software tools to gather evidence to present in a court of law. Admissibility of evidence has always been questioned in the court. There have been many methods developed to validate and verify the forensic. But very often, forensic investigators lack resources to conduct some of these tests and as for some of them they are outdated and do not apply to the current scenario. This study explores such methodologies and introduces a new paradigm which will complement the problems with previously proposed works. The proposed paradigm is not only a fast solution relatively, but it can also be easily used by beginners. We aimed to make the most time effective and cost-effective solution. We have also included a performance testing methodology to make our paradigm more tolerable and fail proof. The proposed algorithm will also specify the total number of observations that need to be taken to tolerate the errors.
Keywords: cyber forensic tools; testing; functional mapping; performance; accuracy.
State-Of-The-Art Techniques for Passive Image Forgery Detection: A Brief Review
by Simranjot Kaur, Rajneesh Rani, Ritu Garg, Nonita Sharma
Abstract: Images are major information carriers in the digital era. Along with the benefits, there are many drawbacks of digital visual media. The digital multimedia editing tools like Adobe Photoshop, CorelDRAW, Affinity, Freehand, GNU Image Manipulation Program (GIMP), etc. are being used to tamper or manipulate the images for malicious purposes. Image forgery is the process of manipulating a digital image by adding some content or hiding some content such that the integrity of the image is lost. So, it becomes important to check the credibility and integrity of the images. In order to detect the image manipulation, various active and passive techniques have been put forward. The recent methods make use of deep learning techniques to detect image tampering. This manuscript attempts to review state-of-the-art approaches in the discipline of passive image forgery detection, and presents a comparative performance analysis. Also, the publicly available benchmarking databases for image forgery detection and performance evaluation parameters are elucidated.
Keywords: image tampering; image forgery detection; deep learning; image manipulation detection.
Extracted Rule-Based Technique for Anomaly Detection in A Global Network
by NURENI AYOFE AZEEZ, O.E. Victor, Sanjay Misra, Robertas Damasevicius, Rytis Maskeliunas
Abstract: Phishing attacks deceive internet users into revealing sensitive information over the internet to the cybercriminals. The disguise as a result of phishing involves the creation of fake websites that are look-alikes of reputable websites. In this paper, a rule-based method to detect phishing attacks in a global network is presented. Four machine learning models were trained on a dataset consisting of 14 features. The machine learning algorithms used are K-nearest neighbour (kNN), support vector machine (SVM), random forest (RF), and naive Bayes (NB). With the random forest model, a true positive of 100% and an accuracy of 98.35% were achieved. Rules were then extracted from the random forest model and embedded in a web browser extension called PhishAlert for easy application. Evaluation of the rules shows PhishAlert as an efficient tool for phishing detection. With this technique, the internet users can be easily guided and protected against cybercriminals.
Keywords: phishing attack; machine learning; web browser; fake websites.
Forensics of a Rogue Base Transceiver Station
by Ahmed Landry Sankara, Ramya Shah, Digvijaysinh Rathod
Abstract: GSM represents the most used telecommunication technology by mobile users in various countries. Recent incidence shows that the cyber criminals exploited vulnerabilities in telecommunication by the use of rogue BTS (Base Station Transceiver). The numbers of attacks using rogue BTS surprisingly increases in recent years and mostly in countries where GSM remains the primary telecommunication system. We reproduce an attack scenario such as IMSI catcher, calls/SMS spoofing and calls/SMS interception using YateBTS as the BTS software. We analyzed Raspberry OS (Linux based OS) and YateBTS using forensic softwares such as EnCase and FTK analyzer. We collected and recovered important artifacts related to user activity, user authentication activity, system calls messages from Blade RF, call logs, internet traffic log, custom SMS and BTS configurations which are valuable in a court of law. The recovered artifacts allow us to recreate the truth of the crime.
Keywords: GSM; Rogue BTS; SDR; YateBTS; BladeRF; BTS forensics; Digital Forensics; IMSI catcher; SMS spoofing; FTK; Encase.
Opensource Intelligence and Dark Web User De-anonymisation
by Tashi Wangchuk, Digvijaysinh Rathod
Abstract: The dark web has emerged as a platform where cybercriminals carry out illegal activities. Attempts to investigate and de-anonymise the suspicious dark web users have not been able to keep up with the pace of the dark webs flourishment coupled with dysfunctional tools and techniques. This study proposes and evaluates a dark web investigation framework using a Python-based tool to harvest data from the dark web to derive intelligence for further investigation using the available opensource intelligence (OSINT) tools. In the experimental implementation of the framework and the tool (Dark2Clear), the tool successfully scraped the hidden service URLs, harvested the e-mail addresses of the dark web users, and suspicious e-mail addresses were used as input to the OSINT tools for gathering intelligence to de-anonymise. It was observed that the framework and tool can be effectively used by the investigators to investigate and de-anonymise suspicious dark web users.
Keywords: hidden services; opensource intelligence; dark web; investigation framework; de-anonymisation.