Uncovering the Dark Web: The Power of Digital Footprints in Cyber Investigations

In a fascinating presentation on leveraging digital footprints for dark web investigations and attack surface management, Saumay Srivastava, a threat intelligence researcher and visiting faculty at CDTI (Central Detective Training Institute) Bureau of Police Research and Development, shared insights on identifying and predicting cyber threats.

Srivastava underscored the importance of operational threat intelligence, highlighting various sources used for gathering this intelligence, including threat intelligence feeds, threat actor forums, and social media platforms. He emphasized how important it is to stay proactive while monitoring and investigating the dark web.

The speaker spoke about the significance of various sources of information for dark web investigations such as dark web forums, Indicators of Compromise (IOCs), and various tactics, techniques, and procedures (TTPs) used by threat actors. The importance of exploring and analyzing data from different archives like paste pins, PastePen, and Deep Paste, to gain intelligence on specific individuals, was also discussed.

Srivastava stressed the need for a proactive approach when monitoring digital forums and groups, like Telegram and Discord, for potential threats and data breaches. He highlighted the importance of having a clear strategy for data gathering and analysis and the need to filter out irrelevant information.

The importance of public platforms in gathering information during digital footprint investigations was emphasized. Details such as phone numbers, email addresses, and even resume information that can be found online through search engines can prove invaluable to investigators.

Srivastava discussed the importance of experimenting with different queries, leveraging automated platforms, and being proactive in investigating different data archives. He also highlighted the importance of a human-based approach, such as creating sock puppet accounts to investigate and interact with threat actors on the dark web.

He discussed different approaches when interacting with threat actors on the dark web, stressing the importance of maintaining strong operational security measures. He also shared interesting anecdotes, like how the FBI caught the Breeze Forum Administration, a popular forum on the dark web, by investigating the IP address and logging into their ProtonMail account.

One of the most intriguing parts of the presentation was the discussion on the process of reverse image lookup and how it can be used for dark web investigations. The speaker emphasized the importance of trying different search engines and aggregators to get accurate results.

The speaker ended the talk by discussing the importance of leveraging digital footprints for dark web investigations and attack surface management. He emphasized the need to stay vigilant when dealing with digital footprints and data privacy and the importance of maintaining a strong cybersecurity posture.

This enlightening presentation by Saumay Srivastava underscores the increasing importance of digital footprints in the realm of dark web investigations and attack surface management. It serves as a reminder to all cybersecurity professionals of the power of digital footprints, the importance of vigilance, and the need to stay proactive in their investigative approach.

Know more. Investigate better.