Abstract
Copyright © 2025 Inderscience Enterprises Ltd.The increasing usage of Tor Browser, a popular tool for anonymous web browsing, has presented unique challenges for forensic investigators in analysing digital evidence. This research paper introduces Dark_Extract, an open-source tool designed to simplify the identification and analysis of host-based artefacts left by Tor Browser. The purpose of this study is to address the challenges associated with forensic analysis of Tor Browser traces by providing a user-friendly and efficient solution. The methodology employed in developing Dark_Extract involved the analysis of Tor Browser’s architecture and the identification of key host-based artefacts relevant to forensic investigation. The tool was then developed to automate the extraction and analysis of these artefacts, eliminating the need for extensive knowledge of Tor Browser’s intricate structure. The major findings of this study demonstrate the effectiveness of Dark_Extract in simplifying the forensic analysis of Tor Browser traces. The tool successfully extracts and presents crucial host-based artifacts such as downloads, cookies, browsing history, and bookmarks, which can be of significant importance in forensic investigations. The results obtained through the use of Dark_Extract indicate its accuracy and efficiency in identifying and organising these artefacts.
NETL
NSTL
Inderscience Enterprises Ltd