Working with the Dark Web: Advanced (Virtual Course)

Open enrolment and in-house options available

This five-day course provides an extended introduction to the many disciplines needed to research and investigate the Dark Web. To begin, you will be shown how to identify resources on Tor and other peer-to-peer networks. Thereafter, guidance will be provided on the tools and strategies needed to investigate these assets as rigorously as possible, including via the surface web and social media as appropriate.

Course Outline

Working with the Tor Network

Course Introduction

  • Defining the Dark Web
  • The history of the Dark Web
  • Key terms
  • Common myths and misconceptions
  • Technical requirements
  • Legal and ethical obligations

Working with the Tor Browser

  • The Tor browser
  • Setup and configuration
  • Security settings
  • Alternative browsers
  • Tor circuits
  • Tor vulnerabilities
  • Privacy / security checks

The Tor Network

  • How the Internet works
  • Network Architecture
  • Guards, bridges and exit relays
  • Onion routing
  • Onion domains
  • Directory servers
  • Tor protocols
  • Tor metrics
  • Node analysis
  • Network investigation tools

Source Discovery and Exploitation I

Finding Hidden Sites and Resources

  • Dark web entry points
  • Dark Web search engines
  • Dark Web link directories
  • Dark Web news sites
  • Dark Web paste bins
  • Source discovery via the surface web
  • Source discovery via social media
  • Recommended resource discovery tools

Working with Scripts and Crawlers

  • Optimising your virtual machine
  • Setting up and running crawlers
  • Using Python scripts
  • Finding new scripts

Source Discovery and Exploitation II

Dark Web Services

  • Marketplaces
  • Communities, forums and discussion boards
  • Email and messaging services
  • Social networks
  • Hosting services

Monitoring the Dark Web

  • Source / resource discovery via RSS
  • Dashboard setup and optimisation
  • Generating Dark Web-related news
  • Monitoring Dark Web directories
  • Tracking specific sites and resources
  • Generating investigative leads / clues

Alternative Peer-to-Peer Networks

  • Accessing i2P
  • Accessing Freenet / Hyphanet
  • Accessing Zeronet
  • Working with IRC clients
  • Working with file sharing clients
  • Deep Web resources and strategies

Investigating Dark Web Sites I

Getting Started

  • Generating your requirements
  • The investigators toolkit
  • Managing your investigation
  • Working with unique identifiers
  • OpSec and digital hygiene for investigators

Investigating Domains

  • Domain reconnaissance and footprinting
  • Establishing a domain history
  • Investigating network / technical identifiers
  • Investigating HTML data
  • De anonymisation strategies
  • De-anonymisation strategies

Investigating URLs

  • Crawling / indexing URLs
  • Identifying and analysing URL patterns
  • Link and relationship analysis
  • Discovering mirror sites

Investigating Content

  • Content / file capture
  • Text analysis
  • Media analysis
  • Metadata analysis
  • Investigating content identifiers

Investigating Dark Web Sites II

Investigating Target Entities

  • Username investigations
  • Email investigations
  • Phone number investigations
  • Investigating companies
  • Working with breached data

Investigating Mirror Sites on the Surface Web

  • Generating site maps
  • Investigating IPs
  • Investigating DNS data
  • Investigating MX data
  • Running reverse lookups
  • Investigating domain and subdomains
  • Investigating inbound and outbound links
  • Investigating sites caches and archives
  • Working with IDs and unique identifiers

Case Study

  • Timed investigation of a hidden website
  • Presentation of key findings

Course Details

Who is this Course For?

This course is intended for investigators, intelligence analysts, security officers and law enforcement professionals wishing to improve the rigour and effectiveness of the entire investigative process.

How You Benefit

On completion of this course, you will have the ability to:

  • Leverage the Dark Web as part of a holistic OSINT capability
  • Understand how to access and navigate the Tor network
  • Access and navigate alternatives to the Tor
  • Identify hidden sites and other Dark Web resources
  • Investigate a broad range of Tor-based entities (websites, individuals, etc.)
  • Use virtual machines to improve security and content discovery

What You Receive

  • A full set of course slides and user guides
  • Templates to support requirements planning and data collation
  • Tip sheets and cheat sheets
  • An index of recommended Dark Web resources
  • An index of recommended tools as bookmarks
  • Recommended readings to support further study
  • Six months of post-course support
  • A certificate of completion

Course Fee

EUR 1,900

Course Prerequisites

No prior knowledge of the Dark Web is needed to take this course. However, knowledge of foundational OSINT tools, resources and strategies is recommended.

Course Requirements

Participants should observe the following technical requirements:

  • A Windows laptop (tablet computers are not recommended). Please ensure you have full administrative rights to this device.
  • Set up a Google account to facilitate the use of different clearnet tools
  • Install Google’s Chrome browser
  • Install the Tor browser
  • Install Virtual Box with Backbox Linux
  • Please also install Zoom and Microsoft Office (or Open Office). Additional software requirements will be sent prior to the start of the course.

Additional technical guidance will be forwarded in advance of the course.