In chapter 2 of Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis (Syngress ISBN 978-0128033401), authors Brett Shavers and John Bair discuss the Tor browser and how it can offer tremendous levels of security and privacy. Their goal in the book is to help security professionals and investigators use investigative techniques against those employing such tools for nefarious purposes.
A perfect example is from 2013 where a Harvard student used Tor and other privacy tools to send in a false bomb threat. Investigators noted that while the student used Tor, it was his other sloppy security measures that led to his arrest. In the book, the authors show how an investigator can capitalize on such mistakes to find a perpetrator.
A persistent theme thoughtful the book is that while the tools criminals use get better and more sophisticated over time, the mistakes criminals make are constant. The odds of discovery increase the longer they use any system of communications. The authors show the reader how they can make the most of those mistakes to find a perpetrator.
Shavers is a former law enforcement officer while Bair currently works in law enforcement and the book take a very hands-on, real-world approach to using these tools and techniques in the field. The book is light on theory, and heavy on actionable forensic analysis.
At 225 pages, the 11 chapters cover a broad range of topics from evidence and extraction, cryptography and encryption, anti-forensics and more. It’s far from a comprehensive guide to the topic, and there topics the authors don’t cover. Other areas need a more detailed approach for mastering of the topic.
For those looking for an introductory text on various investigative tools and techniques, Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis is an excellent resource.