Working with the Dark Web: Advanced (Virtual Course)
This five-day course provides an extended introduction to the many disciplines needed to research and investigate the Dark Web. To begin, you will be shown how to identify resources on Tor and other peer-to-peer networks. Thereafter, guidance will be provided on the tools and strategies needed to investigate these assets as rigorously as possible, including via the surface web and social media as appropriate.
Course Outline
Working with the Tor Network
Course Introduction
- Defining the Dark Web
- The history of the Dark Web
- Key terms
- Common myths and misconceptions
- Technical requirements
- Legal and ethical obligations
Working with the Tor Browser
- The Tor browser
- Setup and configuration
- Security settings
- Alternative browsers
- Tor circuits
- Tor vulnerabilities
- Privacy / security checks
The Tor Network
- How the Internet works
- Network Architecture
- Guards, bridges and exit relays
- Onion routing
- Onion domains
- Directory servers
- Tor protocols
- Tor metrics
- Node analysis
- Network investigation tools
Source Discovery and Exploitation I
Finding Hidden Sites and Resources
- Dark web entry points
- Dark Web search engines
- Dark Web link directories
- Dark Web news sites
- Dark Web paste bins
- Source discovery via the surface web
- Source discovery via social media
- Recommended resource discovery tools
Working with Scripts and Crawlers
- Optimising your virtual machine
- Setting up and running crawlers
- Using Python scripts
- Finding new scripts
Source Discovery and Exploitation II
Dark Web Services
- Marketplaces
- Communities, forums and discussion boards
- Email and messaging services
- Social networks
- Hosting services
Monitoring the Dark Web
- Source / resource discovery via RSS
- Dashboard setup and optimisation
- Generating Dark Web-related news
- Monitoring Dark Web directories
- Tracking specific sites and resources
- Generating investigative leads / clues
Alternative Peer-to-Peer Networks
- Accessing i2P
- Accessing Freenet / Hyphanet
- Accessing Zeronet
- Working with IRC clients
- Working with file sharing clients
- Deep Web resources and strategies
Investigating Dark Web Sites I
Getting Started
- Generating your requirements
- The investigators toolkit
- Managing your investigation
- Working with unique identifiers
- OpSec and digital hygiene for investigators
Investigating Domains
- Domain reconnaissance and footprinting
- Establishing a domain history
- Investigating network / technical identifiers
- Investigating HTML data
- De anonymisation strategies
- De-anonymisation strategies
Investigating URLs
- Crawling / indexing URLs
- Identifying and analysing URL patterns
- Link and relationship analysis
- Discovering mirror sites
Investigating Content
- Content / file capture
- Text analysis
- Media analysis
- Metadata analysis
- Investigating content identifiers
Investigating Dark Web Sites II
Investigating Target Entities
- Username investigations
- Email investigations
- Phone number investigations
- Investigating companies
- Working with breached data
Investigating Mirror Sites on the Surface Web
- Generating site maps
- Investigating IPs
- Investigating DNS data
- Investigating MX data
- Running reverse lookups
- Investigating domain and subdomains
- Investigating inbound and outbound links
- Investigating sites caches and archives
- Working with IDs and unique identifiers
Case Study
- Timed investigation of a hidden website
- Presentation of key findings
Course Details
Who is this Course For?
This course is intended for investigators, intelligence analysts, security officers and law enforcement professionals wishing to improve the rigour and effectiveness of the entire investigative process.
How You Benefit
On completion of this course, you will have the ability to:
- Leverage the Dark Web as part of a holistic OSINT capability
- Understand how to access and navigate the Tor network
- Access and navigate alternatives to the Tor
- Identify hidden sites and other Dark Web resources
- Investigate a broad range of Tor-based entities (websites, individuals, etc.)
- Use virtual machines to improve security and content discovery
What You Receive
- A full set of course slides and user guides
- Templates to support requirements planning and data collation
- Tip sheets and cheat sheets
- An index of recommended Dark Web resources
- An index of recommended tools as bookmarks
- Recommended readings to support further study
- Six months of post-course support
- A certificate of completion
Course Fee
EUR 1,900
Course Prerequisites
No prior knowledge of the Dark Web is needed to take this course. However, knowledge of foundational OSINT tools, resources and strategies is recommended.
Course Requirements
Participants should observe the following technical requirements:
- A Windows laptop (tablet computers are not recommended). Please ensure you have full administrative rights to this device.
- Set up a Google account to facilitate the use of different clearnet tools
- Install Google’s Chrome browser
- Install the Tor browser
- Install Virtual Box with Backbox Linux
- Please also install Zoom and Microsoft Office (or Open Office). Additional software requirements will be sent prior to the start of the course.
Additional technical guidance will be forwarded in advance of the course.