Popov et al. go inside the dark web ecosystem to find more practical and more effective ways of making digital evidence within the invisible Internet infrastructure. Most people who have heard the term “dark web” don’t really know much about it; hence, it is sometimes thought of as being mystical. However, it is not so much mystical as it is technological. It is known that the origin of the dark web idea was in the privacy and anonymity of its users who wanted to stay away from tracking and similar activities that exist inside the Internet infrastructure. During the short history of anonymity and privacy concerns of Internet users, there is the Tor network, a tool that is often used to overcome problems in staying anonymous and with private communications over the Internet. Although Tor (or onion routing) is used as a synonym for such activities, it should be known that Tor is not alone and there are other very useful tools allowing censorship-resistant communication and anonymity achieved with end-to-end encryption of a user’s traffic over public networks. Such activities could not be made inside the deep web, which provides anonymity to its users as well, but within the dark web that relies on dark nets where connections are made between trusted parties. Such a scenario opens the space for illegal, harmful, and other unwanted activities, since the dark net is a closed network in some way, allowing members to stay hidden or undiscoverable in illegal file sharing, pirated software, and illicit content distribution.

The authors find that cybercrime investigation in the dark web is a big challenge since we now have communication systems in which all of the users and services are anonymous and where it is too hard, sometimes almost impossible, to find devices or persons that are outside of legal and honest activities. It is also true with digital evidence that should be forensically sound, that is, forensic soundness should provide reasonable assurance that digital evidence was not corrupted or destroyed during investigative processes. The authors also clearly state that many people who suspect they are being tracked on the Internet show increased interest in anonymous services that hide identity and network activity from others who may wish to uncover information about them. Unfortunately, such services are also used and have applications in the criminal world through well-known services such as Silk Road and Utopia. However, services such as Silk Road and Utopia make up a very small part of the whole dark web ecosystem, making them harder to investigate. Harvesting data for digital evidence that could be used in crime investigations and even in court presents the ultimate challenge for professionals in cybercrime prosecution. The problem arises because all users and activities, as well as services, are anonymous, so identification of the location, computer, or person within the dark web is pretty hard and almost impossible when dark web networked devices and persons operate internationally.

The crucial task of law enforcement in cybercrime situations is to have strong digital evidence that is forensically sound, so the authors identify data harvesting as the critical path in overcoming these issues: “developing spiders for the deep web which are effective and efficient, while capable of inducing and exhibiting a kind of ‘intelligent’ behavior is far from being trivial.” In order to extend digital forensics to dark web forensics, they use a design science methodology where the design and development of the artifact follows the 16 basic requirements on which the finding, retrieving, analyzing, preserving, and forensic soundness processes are executed. Such a framework opens the space for new possibilities in investigating illegal activities over the dark web, for example, using principles of forensic soundness to ensure that data is not mishandled, tampered with, lost, or otherwise modified to jeopardize the successful outcome of a cybercrime investigation. With this framework, the authors provide advanced analytics on the communications and information by harvesting the dark web based on the fact that dark web users sometimes, without their knowledge, produce information on whom they communicate with and how.

It is undoubtedly interesting reading that most professionals in the cybercrime investigation field as well as law enforcement professionals dealing with illegal or criminal activities in cyberspace could find very useful.