Australian Digital Forensics Conference

Document Type

Conference Proceeding


SRI Security Research Institute, Edith Cowan University, Perth, Western Australia


The Onion Routing (TOR) project is a network of virtual tunnels that facilitates secure, private communications on the internet. A recent article published in “The Registry” claims that TOR bundle browser usage has increased in recent years; statistics show that in January 2012, there were approximately 950,000 users globally and now in August 2013 that figure is estimated to have reached 1,200,000 users. The report also illustrates that The United states of America and the United Kingdom are major contributors towards the massive increase in TOR usage. Similarly, other countries like India and Brazil have increased usage to 32,000 and 85,000 respectively. This research paper will be an introduction and identifies the need for research in this area, and provides a literature review on existing research. The objective of this paper is to discuss the existing methodologies for analysing forensic artefacts from RAM from the use of the TOR browser bundle and to propose a synthesized forensic analysis framework that can be used for analysing TOR artefacts.


Originally published in the Proceedings of the 11th Australian Digital Forensics Conference. Held on the 2nd-4th December, 2013 at Edith Cowan University, Perth, Western Australia