A Forensic Audit of the Tor Browser Bundle
This addresses the problem for digital forensic investigators dealing with privacy-protecting technologies like Tor, but it is incremental as it builds on existing forensic methods.
The paper tackled the challenge of investigating encrypted Tor protocol usage by identifying digital artifacts left by the Tor Browser Bundle, providing experimental results for evidence trails usable in real-life investigations.
The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its local footprint within a host and over a network connection. The Tor browser, though, can leave behind digital artefacts which can be used by an investigator. This paper outlines an experimental methodology and provides results for evidence trails which can be used within real-life investigations.