Image forensics, the dark web, and why we do it

22 July, 2022

By Freddie Lichtenstein

Image forensics, the dark web, and why we do it

The dark web continues to be an area of interest within image forensics, but why? 

Originally developed in the late 1990s by the US Department of Defence (DoD), the dark web provides users with the ability to anonymously and securely communicate, and is often defined by the need for specialist software to access it, such as the TOR browser.  

In 2022, the dark web is now host to a wide range of legitimate and illegitimate sites – from top-level security communications to the sale of illegitimate material.  

Presenting a wide range of challenges for image forensics analysis, many offenders take to the dark web in search of anonymity and evasion. But how can image forensics fight back? 

lmage forensics and the dark web

Partnering with Web-IQ to efficiently crawl the dark web, as well as an external CSAM classifier, we can make sure that we uncover relevant and meaningful insights while navigating the native challenges of the dark web.  

While it differs greatly from the open web, image forensics can still function according to the same principles on dark web domains. Crawlers scour sites and uncover images, before indexing them for future reference.  

Dark web forensics and strategic intelligence 

The dark web may prioritise anonymity, but one of the greatest advantages of crawling these domains is a direct result of this.  

When crawling illegitimate sites, the concentration of sensitive imagery is much higher than anywhere on the open web due to the perceived ‘security’ of uploading. This in turn equips us with a large amount of new material.  

As a consequence, many offenders have gone to lengths to remove corresponding metadata, reducing the amount of immediate intelligence that we can access. However, by turning to other advanced tools, we can gain intuitive insights into operational processes and more. 

One such tool is PhotoDNA – which can reveal similar images network-wide. By doing so, we can help identify other previously undetected illegitimate sites, as well as understand the path that an image takes when uploaded online.  

Uncovering contextual identifiers 

We can also help law enforcement agencies to uncover the identities of perpetrators on the dark web. A large number of sensitive images are uploaded to anonymised forums, but traces of identity may remain in the form of bitcoin payment addresses or other contextual information. By analysing and cross-referencing this content, investigators may still be able to uncover illegitimate uploaders of content, and safeguard exploited victims.  

We recently explored PhotoDNA in detail in our monthly newsletter. why not sign up today to get the latest information and expertise delivered straight to your inbox? 

The dark web and its challenges  

With care and attention to detail, we can find the source of uploaded material, potentially identify those responsible, and discover new illegitimate sites.  

However, the dark web also presents some core challenges that aim to disrupt investigative work and limit the amount of intelligence that we can achieve. Some current challenges facing dark web image forensics include:  

Reappearing sites 

It is extremely difficult to monitor the dark web in the same way that the open web may be monitored, due to the increased privacy and anonymisation tools utilised.  

For law enforcement agencies, this can be frustrating. For example, if a site is shut down, it is very possible, and likely, that the site will simply reappear. With a small change to their source code, dark web sites can immediately be differentiated from the original and made available again. For vulnerable victims, this can lead to long-term revictimisation.  

Time-consuming processes 

Another challenge that comes from attempting to crawl the dark web is a result of the dark web’s inherent design.  

To access the dark web, tools such as Tor browsers must be used, which connect you to various worldwide IP addresses before finally granting you access. For users, it means that your IP address, and therefore approximate location, cannot be traced back to you. 

For crawlers, this means increasing complexity, time-consuming processes, and sacrificing resources. To overcome this issue, we partner with Web-IQ, who crawl the dark web on our behalf and pass the images for use. This navigates the issue of time spend for our team, while also helping to solidify a great global partnership.  

Operational ethics 

Technical challenges aren’t the only things we encounter on the dark web. Ethical questions are also prevalent.   

The documentary ‘The Children in the Pictures’, discussed an issue that arises when operatives encounter a new site – do we flag the site for removal, or infiltrate the site and leave it operating in the hopes of finding case-closing information?  

We hope that through global discussion and collaboration, we can reach a solution that puts the victims first and ensures long-term aid and safeguarding. 

Committed to focusing global efforts 

The dark web continues to present a very real and highly populated landscape for illegitimate activities of all manners. However, it can also be used as a force for good, such as when Twitter launched on the dark web to provide Russians with a platform to voice non-traditional and anti-state sympathies.  

We hope to continue working with our innovative partners to develop extensive R&D projects aimed at enhancing the insights available to us from the dark web and beyond to source new intelligence, and drive change. 

Read more about our R&D capabilities here, or get in touch with any queries or questions you may have!


Subscribe to the Newsletter