Deep Web Investigation

Deep web investigation involves probing the hidden parts of the Internet. These include the surface web, dark web, and TOR networks. These hidden networks are used by cybercriminals for activities like stealing and selling stolen data.


OSINT tools can be used to conduct dark and surface web investigations. This will enable law enforcement agencies to stay ahead of cybercriminals and identify potential threats.


In an investigation, a detective may turn to the Surface Web or Dark Web for information. The Surface Web is what most people think of when they use the term “Internet”. It’s the information that can be accessed with any web browser and includes websites such as Google, Facebook and Instagram. However, much of the Internet is not indexed by search engines and can only be accessed through specialized browsers. This information is called the Deep Web or Dark Web.

To access the deep web, you must use a browser like Tor. The Tor browser works by connecting through a network of encrypted servers that route your data anonymously and prevent it from being traced. It was originally developed to protect spy communications but is now available for anyone to use.

While most people access surface web websites a few times a day (to check email, log in to their Fidelity Investments account or review health or school records), the vast majority of Internet content is found on the deep web. The deep web is comprised of the websites that are behind a paywall or require login credentials and includes everything from private social media content to electronic bank statements.

The deep and dark webs contain quintillions of bytes of data, but are only the tip of the iceberg when it comes to the totality of online information. Nonetheless, these two areas are growing in importance for threat actors and investigators alike.


While many think of the internet as one monolithic structure accessible by search engines, billions of web pages are hidden from traditional browsers. These are known as the deep and dark webs. The deep web is comprised of sites that refuse to be indexed by standard search engines and can only be accessed via specific browsers such as TOR.

This allows users to bypass restrictions and access content that would otherwise be unavailable. For example, people can use the deep web to bypass geographical restrictions and watch movies or TV shows that are not available in their region. It can also be used to download illegal files like pirated music or movies. The dark web is much more hazardous and contains criminal and paedophile websites. It is difficult to navigate, and requires specialised software to access.

These websites are often used to sell stolen information. When data breaches occur, hackers can use this information to target organisations and individuals. Cybercriminals can also share and trade malware, ransomware and new exploit trends on the dark web. It is therefore important for organisations to keep track of threats on the dark web and take proactive steps to protect their employees, customers and business.

Modern OSINT investigations require seamless access to a variety of different OSINT sources across the surface, deep and dark web. This requires a suite of tools that can help investigators map networks and follow connections.


The Dark Web is a hidden section of the Internet where criminal marketplaces operate. These websites are not indexed by search engines and can only be accessed via a Tor browser. They contain illicit content and activity, such as piracy sites or political radical forums. If you use a Tor-enabled device to access the Deep Web, it is important to take precautions to protect your security. You should also consult your legal department regarding the possible ramifications of unauthorized use of this tool.

Conducting a thorough dark web investigation requires digital forensic tools and cyber threat intelligence. This data can reveal cybercriminal activities and give insight into digital threats, bolstering cybersecurity and creating a safer online environment for businesses. While this process may seem daunting, it is possible for all organizations to mitigate risks.

It is important to note that the dark web is a treasure trove of information for investigators. However, this information must be gathered carefully and without leaving a footprint. Otherwise, you will be marked as a suspect.

Fortunately, a few simple tips can help you navigate the dark web safely. First, make sure that you have a secure computer. Use a non-admin local user account and limit browsing privileges to trusted sites. This will prevent malware from taking advantage of your systems and stealing sensitive data. Moreover, you should always hide your IP address and digital footprint during an investigation. This will prevent other users from identifying you as a suspect and mark you as an accomplice.


The Deep Web is a portion of the Internet that is not indexed by search engines like Google. It’s accessed by using a specialized browser such as Tor, which anonymizes users. This portion of the Internet allows users to communicate privately and is used by hackers, cybercriminals, and people seeking anonymity to avoid backlash from government critics or those who have endured online harassment.

Unlike the Surface Web, which is largely accessible to anyone with a standard browser and is dominated by SEO, the Deep Web requires authentication to access information. This is why it’s a valuable resource for OSINT investigations. It can provide a more complete picture of an individual or topic, especially when information is hidden from the public.

Investigators can use the Dark Web to identify criminal activity and disrupt it. They can also monitor the sites for stolen or leaked data that may have been shared by cybercriminals and attackers. This can include credentials, passwords, intellectual property, and classified documents.

Workshop participants identified the need for additional training on dark web monitoring and investigation as one of the highest priority needs. This training should focus on the types and scope of illicit dealings and the methods that criminals use to avoid detection. They also need to understand how to use digital forensic tools and new processes for capturing evidence.