Forensic Analysis of Tor Browser: A Case Study for Privacy and Anonymity on the Web

Jadoon, Abid Khan; Iqbal, Waseem; Amjad, Muhammad Faisal; Afzal, Hammad; Bangash, Yawar Abbas

doi:10.1016/j.forsciint.2019.03.030

Cited by 27 publications

(12 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This research methodology is primarily based on earlier work by A. Jadoon et.al. [9] and R.Nelson et.al. [10] with NIST SP 800-63 guidelines.…”

Section: Iiiproposed Methodologymentioning

confidence: 98%

“…They analyzed the registry settings before and after installation, other filesystem artifacts, and memory of the system to conclude that the Tor browser leaves minimal on-disk evidence. Further, in [9], the authors performed a forensic analysis of Tor privacy browser 7.02 (32-bit) on Windows 8.1 OS in which they analyzed Tor browser artifacts from registry, memory, and storage. However, they only covered normal surface-web based user browsing activities on Tor privacy browser to uncover artifacts related to Tor.…”

Section: Iirelated Workmentioning

confidence: 99%

“…They did not include any significant effort for discovering browsing artifacts from registry and memory. 2) On Windows 8.1 by A. Jadoon et.al [9] -this research examined the registry, storage, and memory and included a lot of effort into the exploration of user-browsing artifacts but lacked the exploration of Tor applicationrelated artifacts. 3) On Windows 10 version 1703 by M.Muir et.al.…”

Section: Comparison With Existing Researchmentioning

confidence: 99%

See 2 more Smart Citations

Forensic Analysis of Tor Browser on Windows 10 and Android 10 Operating Systems

et al. 2021

View full text Add to dashboard Cite

Smartphones and Internet have become prevalent in our society with various applications in businesses, education, healthcare, gaming, and research. One of the major issues with the Internet today is its lack of security since an eavesdropper can potentially intercept the communication. This has contributed towards an increased number of cyber-crime incidents, resulting in an increase in users' consciousness about the security and privacy of their communication. One example is the shift towards using private browsers such as Tor. Tor is a well-recognized and widely used privacy browser based on The Onion Router network that provisions anonymity over the insecure Internet. This functionality of Tor has been a major hurdle in cybercrime investigations due to the complex nature of its anonymity. This paper investigates artifacts from the Tor privacy browser on the latest Windows 10 and Android 10 devices to determine potential areas where evidence can be found. We examine the registry, storage, and memory of Windows 10 devices and the memory, storage, logs, and Zram of Android 10 devices for three possible scenarios i.e. before, during, and after use of the Tor browser. Our results do not support the claims made by the Tor Project regarding user privacy and anonymity. We find that it is possible to retrieve significant details about a user's browsing activities while the Tor browser is in use as well as after it is closed (on both operating systems). This paper also provides an investigative methodology for the acquisition and analysis of Tor browser artifacts from different areas of the targeted operating systems. Therefore, it can serve as a base to expand research in the forensic analysis of other privacy browsers and improve the efficiency of cybercrime investigations efficiency.

show abstract

“…This research methodology is primarily based on earlier work by A. Jadoon et.al. [9] and R.Nelson et.al. [10] with NIST SP 800-63 guidelines.…”

Section: Iiiproposed Methodologymentioning

confidence: 98%

Section: Iirelated Workmentioning

confidence: 99%

Section: Comparison With Existing Researchmentioning

confidence: 99%

See 1 more Smart Citation

Forensic Analysis of Tor Browser on Windows 10 and Android 10 Operating Systems

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Mailbox [17] shared by multiple nodes to receive packets can hide authentic destination IP addresses, but it lacks source privacy. Onion networks (Tor [18][19][20]) are assumed to be efficient techniques that provide sufficient privacy, but these solutions are challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices [21]. Moreover, they have drawbacks with regard to achieving perfect privacy [22] and high performance.…”

Section: Security and Communication Networkmentioning

confidence: 99%

Security-Oriented Network Architecture

Jiang

Liu

Wang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Internet benefits societies by constantly connecting devices and transmitting data across the world. However, due to the lack of architectural built-in security, the pervasive network attacks faced by the entire information technology are considered to be unending and inevitable. As Internet evolves, security issues are regularly fixed according to a patch-like strategy. Nevertheless, the patch-like strategy generally results in arms races and passive situations, leaving an endless lag in both existing and emerging attacking surface. In this paper, we present NAIS (Network Architecture with Intrinsic Security)—a network architecture towards trustworthiness and security. By solving stubborn security issues like IP spoofing, MITM (man-in-the-middle) attacks, and DDoS (distributed denial of service) attacks at architectural level, NAIS is envisioned to provide the most secure end-to-end communication in the network layer. This paper first presents a comprehensive analysis of network security at Internet range. Then, the system design of NAIS is elaborated with particular design philosophies and four security techniques. Such philosophies and techniques intertwine internally and contribute to a communication environment with authenticity, privacy, accountability, confidentiality, integrity, and availability. Finally, we evaluate the security functionalities on the packet forwarding performance, demonstrating that NAIS can efficiently provide security and trustworthiness in Internet end-to-end communication.

show abstract

“…The update period T is a key parameter affecting the overhead of message exchange. Referring to the Tor network, the Tor browser changes its path after every ten minutes to ensure users anonymity 24 ; we can also set the value of T in minute level. If we also assume T is 10 minutes, the authorized user easily sends at least a dozen requests within T. Under the same setting of Section 4.1 (hops is 3 and Td is 10 ms), we can find the time overhead is less than 10 ms.…”

Section: Analysis Of Added Overheadmentioning

confidence: 99%

BEAcM‐DP: A broadcast encryption anti‐censorship mechanism based on directory proxy

Zhu

Tao

Huang

2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

As a typical representative of the next generation Internet, named data networking (NDN) solves many problems in IP network by adopting content‐oriented architecture. However, NDN also faces with severe challenges in the aspect of name and content privacy. One important privacy threat is the name censorship. By maintaining a blacklist at the hijacked router, an attacker can filter the received interest packets with sensitive content names. To solve this problem, we propose a broadcast encryption anticensorship mechanism, which is based on directory proxy. In our design, a directory proxy is deployed in the network, which provides a periodic updated directory file to all authorized users. In the directory file, a one‐to‐one mapping list of fake names with the censored names is given. By obtaining the directory file, the authorized user can request the censored content with its fake name. In addition, the directory proxy plays the role of translating the received fake name and then retrieving the target with real name. To guarantee the reusability of retrieved contents, the directory proxy returns them to the authorized users through broadcast encryption. The users within one broadcast group can share the encrypted censored contents at nearby routers. Simulation results show that, compared with ANDaNA, this mechanism can effectively avoid censorship in the network, while ensuring the utilization of in‐network caching and reducing the request delay.

show abstract

Forensic Analysis of Tor Browser: A Case Study for Privacy and Anonymity on the Web

Cited by 27 publications

References 9 publications

Forensic Analysis of Tor Browser on Windows 10 and Android 10 Operating Systems

Forensic Analysis of Tor Browser on Windows 10 and Android 10 Operating Systems

Security-Oriented Network Architecture

BEAcM‐DP: A broadcast encryption anti‐censorship mechanism based on directory proxy

Contact Info

Product

Resources

About