top of page
Search

Dark Web Searching

Updated: May 11

The dark web is a subset of the internet that is accessed via special means, such as a TOR browser, and not immediately available from the clear net. The term dark web and darknet are often used interchangeably. For reference during this article, we will refer to the darknet as the network infrastructure, such as the TOR network or I2P network, and dark web as the content aspect that is accessed and viewed by users.


There are a lot of great resources that explain what the dark web is, where it originated from and the nefarious activity that occurs there on a daily basis. This article is focused on identifying safe access options and then the multiple search options available using freely available dark web search engines that crawl the dark web.


Investigators looking to conduct traditional search techniques on the dark web need to operate in a safe manner and be aware of the variation in results that are presented by different search engines & also actors who are active in different types of darknets.



Different "Dark Nets"

Most dark web articles refer to The Onion Router (TOR) as it is the most popular and researched. However, it is important to note that there are many darknets and below is an example of three common ones:

Another common darknet is Zeronet. Each has different access requirements or methods.


Different darknet details:


Focusing on TOR, the browser bundle to connect can be downloaded here: https://www.torproject.org/download/


Simply accessing TOR from your standard machine is not advised due to possible security implications. For a lot of users, they will favor ease-of-use over security and connect directly from their standard workstation, but this has serious security considerations. The TOR browser is built on Firefox as a base, and therefore it is subject to the same vulnerabilities that Firefox has. Whilst the Firefox team might patch vulnerabilities regularly, there can be a delay for the update to reach the TOR bundle and therefore exposure users to risks. Given the nature of the content & site hosts on the dark web, this should be a critical consideration so as to not compromise your machine from both an attribution or malware perspective.


It is recommended to apply safe connection methods so as to protect your attribution and host machine from compromise.


Safe Browsing Options

There are many opinions and options for how to access darknets. Below is a simple chart for three options that you can use when connecting to a darknet to provide a safer level of protection. Each has varying barriers to entry and users will have different requirements, budgets, or considerations as part of their connection approach.


Option 1:

Option 2:

  • Install and configure a local virtual machine using a platform such as VirtualBox (https://www.virtualbox.org/) and downloading pre-configured VM's (such as the TL VM: https://www.tracelabs.org/initiatives/osint-vm) or installing an operating system from scratch

  • Install TOR/darknet access on the virtual machine

  • Configure a VPN on your standard workstation

  • Connect to the darknet from within the virtual machine

Option 3:

  • Provision a standalone research laptop/computer (consider using bootable operating systems such as Tails for lower-attribution)

  • Configure a VPN on your research laptop

  • Install TOR/darknet access natively on the research laptop

  • Connect to the darknet natively from your research laptop