A Forensic Audit of the Tor Browser Bundle

Muir, Matt; Leimich, Petra; Buchanan, William J.

doi:10.1016/j.diin.2019.03.009

A Forensic Audit of the Tor Browser Bundle

Muir, Matt; Leimich, Petra; Buchanan, William J.

Authors

Matt Muir

Dr Petra Leimich P.Leimich@napier.ac.uk
Lecturer

Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor

Abstract

The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its local footprint within a host and over a network connection. The Tor browser, though, can leave behind digital artefacts which can be used by an investigator. This paper outlines an experimental methodology and provides results for evidence trails which can be used within real-life investigations.

Citation

Muir, M., Leimich, P., & Buchanan, W. J. (2019). A Forensic Audit of the Tor Browser Bundle. Digital Investigation, 29, 118-128. https://doi.org/10.1016/j.diin.2019.03.009

Journal Article Type	Article
Acceptance Date	Mar 23, 2019
Online Publication Date	Mar 30, 2019
Publication Date	2019-06
Deposit Date	Apr 8, 2019
Publicly Available Date	Mar 31, 2020
Journal	Digital Investigation
Print ISSN	1742-2876
Publisher	Elsevier
Peer Reviewed	Peer Reviewed
Volume	29
Pages	118-128
DOI	https://doi.org/10.1016/j.diin.2019.03.009
Keywords	Digital forensics, Tor, Windows 10,
Public URL	http://researchrepository.napier.ac.uk/Output/1715664
Publisher URL	https://www.sciencedirect.com/science/article/pii/S1742287619300829

Files

A Forensic Audit of the Tor Browser Bundle (1.1 Mb)
PDF

Licence
http://creativecommons.org/licenses/by-nc-nd/4.0/

Copyright Statement
This manuscript is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) license.