Dark  Web  Investigation  Setup  Guide  

www.hunch.ly  
 
What the hell is the dark web?

There is a lot of confusion about what the dark web is vs. the deep web. The dark web is part of the Internet
that is not accessible through traditional means. It requires that you use a technology like Tor (The Onion
Router) or I2P (Invisible Internet Project) in order to access websites, email or other services.

The deep web is slightly different. It is simply all of the web pages, or websites that have not been crawled
by a search engine, is hidden behind paywalls or requires a username and password to access.

We are going to be working on covering how to get setup to access the dark web with a focus on the
Tor network. We are going to accomplish this in two different ways.

The first way is to use some features of the Tor Browser bundle to get Google Chrome connected to the the
Tor network. This is the less optimal solution when it comes to remaining anonymous online, but it is the
easiest and for a number of investigators is sufficient to gain access to the hidden services they are
researching.

The second way is to use a virtual machine setup to create a much more secure environment to perform
investigations. Don’t be afraid of the terminology, this is pretty straightforward and just requires a modern
PC, Mac or Linux machine to perform. If you have a machine that is 5+ years old, you might have
performance issues, but you should try it anyways.

If you run into any issues or need help, please email me: [email protected]

 
 WHOAH! Hold Up.

This is important.

This guide is NOT a guide on how to remain hidden, anonymous or how to perform undercover
operations online.

In the dark web or otherwise.

This guide is here to help you get setup using Google Chrome to access Tor resources, and how to
leverage Hunchly to capture evidence while you do it.

There are numerous references online that you can find that will help you with staying hidden.

This is not one of them.

Quick and Easy Setup: TOR Browser Bundle

PREREQUISITES  
 
   
1. Download  and  install  Google  Chrome:  
 
https://www.google.com/chrome/browser/desktop  
 
2. Download  and  install  TOR  Browser  Bundle:  
 
https://www.torproject.org/download/download-­‐easy.html.en  
 
3. Download  and  install  Hunchly.  Don’t  have  a  copy?  Get  one:  
 
https://www.hunch.ly/  
 
 
 

dfsdsfsdfsdfsdfdfdsfsdf  
 Quick and Easy Setup: TOR Browser Bundle
We are going to do a quick and dirty setup of Chrome and Tor. This is the least secure setup but can be
appropriate for a number of users who are more concerned with just accessing Tor hidden services than
they are with anonymity.

Setup for Microsoft Windows

1. Create a new Chrome shortcut on your Desktop. This can be as simple as copying the existing
Chrome shortcut on your Desktop, or if you don’t have one already:

Start Menu -> Right click on Chrome -> Send to -> Desktop (create shortcut)
 2. Now we are going to edit the shortcut and change some of the options that are passed to Chrome
when it starts. This will tell it to access the local TOR port and to also allow access to the Hunchly
dashboard. Right-click the shortcut and select Properties. Now you will paste the text below into the
Target field in the Chrome shortcut. This should replace what text was already there. Copy the
below:

"C:\Program  Files\Google\Chrome\Application\chrome.exe"  -­‐-­‐proxy-­‐server="socks5://localhost:9150"  -­‐-­‐host-­‐resolver-­‐

rules="MAP  *  ~NOTFOUND  ,  EXCLUDE  localhost"  -­‐-­‐proxy-­‐bypass-­‐list="localhost:9999"  

 
 
 
 
 Quick and Easy Setup: TOR Browser Bundle
3. Start the TOR Browser by double clicking it.
4. Start your special Chrome instance by double clicking the shortcut you created.
5. Browse to https://check.torproject.org and you should receive a congratulations message.
6. Verify you can reach the Facebook Onion URL: https://www.facebookcorewwwi.onion
7. Verify the Hunchly dashboard is reachable by clicking on the Chrome extension and clicking View
Dashboard.

If Hunchly was already turned on you should see that it has captured your browsing history for the .onion
URLs that you browsed to. Congratulations, you are all setup!

   
 Advanced Setup: Linux Virtual Machines

PREREQUISITES  
 
 
1. Download  and  install  VirtualBox    
(use  the  VirtualBox  Platform  Packages  links  at  the  top  of  the  page):  
 
https://www.virtualbox.org/wiki/Downloads  
 
 
2. Download  the  Whonix  Gateway  Virtualbox  Image  (Use  the  Download  Whonix-­‐Gateway  Link)  
 
https://www.whonix.org/wiki/VirtualBox#Landing  
 
 
3. Download  Mint  Linux  ISO  file:  
 
http://mirrors.kernel.org/linuxmint/stable/18/linuxmint-­‐18-­‐cinnamon-­‐64bit.iso  
 
 
4. Download  and  install  Hunchly.  Don’t  have  a  copy?  Get  one:  
 
https://www.hunch.ly/  
 
 

Don’t  fret  if  you  are  seeing  terms  like  “virtual  machine”  or  other  words  that  don’t  feel  familiar.  Worry  less  
about  the  words  and  more  about  just  following  along  through  the  steps  and  you’ll  see  that  running  a  virtual  
machine  is  no  tougher  than  running  a  calculator  application.    
 
Make  sure  you  get  VirtualBox  installed  and  reboot  if  necessary  before  continuing.  

 
Advanced Setup: Linux Virtual Machines
This  advanced  setup  will  utilize  two  Linux  virtual  machines  to  provide  a  way  for  you  to  have  
access  to  the  Tor  network  beyond  just  Chrome.    
 
You  will  have  the  Whonix  Gateway  virtual  machine  that  will  pass  ALL  traffic  along  to  the  Tor  
network,  and  an  investigation  machine  where  you  will  have  Chrome  installed  and  where  you  
will  do  your  investigative  work.    
 
This  will  provide  a  much  higher  level  of  security  and  anonymity  than  the  previous  configuration,  
but  of  course  with  a  bit  more  work!  
 
If  you  have  never  used  Linux  before,  don’t  worry,  we  only  need  to  cover  the  basics  of  getting  it  
setup  and  from  there  you  will  use  Linux  much  like  you  use  Windows  or  Mac  OSX.    
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
Open  up  VirtualBox  and  you  will  see  the  startup  screen.  Click  the  New  button  as  shown:  
 
   
 
 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
In  the  next  screen  you  will  be  asked  to  specify  what  type  of  virtual  machine.  Enter  the  following  
values:  
 
 
 
Name:        Investigation  VM  
Type:            Linux  
Version:  Linux  2.6  /  3.x  (64-­‐bit)  
 
 

 
 
Click  the  Continue  button.  
 
 
 
  
 
In  the  next  screen  you  will  be  asked  to  enter  how  much  memory  to  give  the  virtual  machine.  
 
I  typically  set  this  number  to  2048  as  shown  in  the  diagram  below.    
 
If  you  are  unsure  or  if  you  have  an  older  computer  set  the  number  to  1024.  
 
 
 

 
 
 
 
 
Click  the  Continue  button.  
 
 
  
 
The  next  screen  is  going  to  ask  you  about  the  hard  drive.    
 
Make  sure  you  have  selected  the  “Create  a  virtual  hard  drive  now”  option  as  shown:  
 
 
 

 
 
 
 
 
Now  click  the  Create  button.  
 
 
 
 
  
 
 
 
Leave  the  default  option  on  the  next  screen  set  to:  “VDI  (VirtualBox  Disk  Image)”  as  shown.  
 

 
Click  the  Continue  button.  
 
 
 
 
 
 
 
 
 
 
  
 
 
In  the  next  screen  select  the  option:  “Dynamically  Allocated”.    
 
 
 

 
 
 
Click  the  Continue  button.  
 
 
 
 
 
 
 
  
 
 
 
In  the  next  screen  set  the  hard  drive  size  to:  20  GB  as  shown  in  the  diagram.  
 

 
 
 
Click  the  Create  button.  Your  virtual  machine  will  now  be  created!    
 
 
 
 
 
 
 
 
  
 
 
You  should  see  your  new  virtual  machine  in  the  virtual  machine  list  on  the  left  hand  side  of  the  
main  VirtualBox  screen  as  shown:  
 
 
 

 
 

Now  we  need  to  get  Linux  installed.    

 
 
 
 
  
 
 
You  may  need  to  first  add  a  virtual  CD  drive  to  your  virtual  machine  in  order  to  get  Linux  
installed.    
 
Click  on  the  word  Storage  as  shown  below:  
 
 

 
 
 
 
 
 
 
  
In  the  next  screen  you  will  click  the  little  disk  with  a  plus  sign  as  shown  and  select  Add  CD/DVD  
Device  as  shown:  
 

 
 
 
In  the  popup  menu  be  sure  to  click  Choose  Disk  as  shown.  
 

 
 
 
 
 
In  the  subsequent  dialog  window,  find  your  Linux  Mint  ISO  file  that  you  downloaded  and  click  
OK.    
 
Next  select  the  CD  drive  and  check  the  box  that  says  Live  CD/DVD.  
 

 
 
 
Now  click  OK  to  close  this  dialog.  
 
 
 
 
 
 
 
 
 
 
  
Now  we  are  finally  going  to  boot  this  badboy  up!    
 
Click  the  Start  button  in  the  VirtualBox  toolbar  and  you  should  see  the  Mint  operating  system  
starting  in  a  new  Window.  
 

 
 
How  cool  is  that?  You  have  an  operating  system  running  inside  an  operating  system!    
 
At  this  point  you  are  running  in  a  “live  environment”.  That  means  that  it  is  running  off  of  your  
virtual  CD  drive.    
 
You  can  still  install  software  and  do  other  things  on  the  machine  like  normal,  however,  when  
you  reboot  you  will  lose  everything  and  have  to  do  it  over  again.    
 
Performance  will  also  be  lacking  in  this  type  of  setup.  The  handy  thing  is  that  the  Desktop  inside  
of  Mint  should  show  you  that  you  can  install  Linux  Mint.  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Let’s  double  click  that  and  get  the  installer  running.  
 

 
 
You  can  literally  keep  clicking  Continue    
 
When  you  get  to  the  screen  that  asks  if  you  want  to  “Erase  disk  and  install  Linux  Mint”  make  
sure  it  is  selected  and  click  the  Install  Now  button.    
 
The  rest  of  the  installation  you  can  just  keep  clicking  Continue.    
 
You  will  need  to  enter  a  username  and  a  password  before  finalizing  the  install.    
 
Make  sure  you  keep  these  as  you  will  need  them.  You  will  then  see  a  progress  bar  that  shows  
Linux  Mint  installing.  
 
 
 
 
When  Mint  is  finished  installing  you  will  see  a  dialog  that  says  as  much  and  then  you  click  the  
Restart  Now  button.  
 

 
 
It  will  ask  you  to  remove  the  installation  medium  and  press  ENTER.  Just  hit  ENTER  on  your  
keyboard  and  Mint  will  reboot.    
 
If  all  goes  well,  it  should  reboot  and  you  should  be  presented  with  your  login  screen,  just  click  
on  your  username  and  enter  your  password.  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
If  it  does  not  give  you  a  login  screen  you  might  need  to  remove  the  virtual  CD  drive.    
 
With  your  Mint  virtual  machine  running,  go  to  the  Machine  menu  and  select  ACPI  Shutdown.  
This  will  shutdown  the  machine.  
 
Once  the  VM  is  shutdown  go  back  to  the  main  VirtualBox  screen  and  click  on  Storage  again.  
Right-­‐click  and  select  Remove  Attachment  and  then  click  the  Remove  button.  
 

 
 
 
 
Now  start  the  Mint  virtual  machine  again.  
 
 
 
 
 
 
Now  let’s  get  Google  Chrome  and  Hunchly  installed  into  your  Investigation  VM.  
 
Fire  up  and  Firefox  browser  (bottom  left  of  your  Mint  desktop  there  is  a  little  Firefox  icon)  and  
head  to:  https://www.google.com/chrome  
 
•   Click  the  big  blue  Download  Chrome  button.  
•   Ensure  that  the  x64  .deb  file  is  selected  and  click  Accept  and  Install.  
•   In  the  resulting  dialog  ensure  you  select  to  install  using  GDebi  as  shown  and  click  OK.  
 

 
 
The  download  will  begin.  
 
 
 
 
 
 
 
  
The  Mint  package  installer  will  open  and  you  can  click  the  Install  Package  button  as  shown.  
 

 
The  package  installer  will  run  and  you  can  click  the  Close  button  when  it  is  finished.  
 
You  can  now  access  Chrome  by  clicking  on  the  Menu  button  in  the  lower  left  hand  side,  and  
then  typing  in  Chrome  in  the  search  box  or  by  hovering  over  the  Internet  section.  
 
 
 
 
 
 
 
 
 
 
 
  
Now  to  install  Hunchly  refer  to  your  Hunchly  install  email  and  make  sure  you  grab  the  link  for  
the  Linux  installer.  You  may  have  to  type  out  the  entire  download  key.  
 
If  you  have  never  installed  Hunchly  on  Linux,  no  worries.  In  the  bottom  left  hand  side  of  your  
desktop  you  can  click  the  Terminal  application.    
 

 
 
 
 
 
 
 
 
 
 
 
 
  
When  it  opens  enter  the  following  commands  hitting  ENTER  on  your  keyboard  after  each  one:  
 
cd  ~/Downloads  
 
sudo  dpkg  –i  hunchly.deb  
 

 
 
 
 
This  will  install  the  Hunchly  package  for  you.    
 
 
 
 
 
 
 
  
Close  Chrome  and  re-­‐open  it.  You  should  see  Hunchly  enabled  in  your  toolbar.  
 
 

 
 
 
Don’t  have  a  copy  of  Hunchly  yet?  Head  here:  https://www.hunch.ly/hunchlysignup  
 
 
 
 
 
 
 
 
 
Now  it  is  time  to  setup  the  Whonix  Gateway.  
 
  
In  your  main  VirtualBox  screen  click  on  the  File  menu  and  select  Import  Appliance.  Locate  the  
Whonix  Gateway  OVA  file  that  you  downloaded.  
 

 
 
Click  the  Continue  button.    
 
Then  just  click  the  Import  button  and  click  the  Accept  button  when  the  dialog  appears.    
 
VirtualBox  will  begin  importing  the  Whonix  Gateway  for  you.  
 
 
 
 
 
 
 
When  the  import  is  complete  you  should  now  see  the  Whonix  Gateway  show  up  in  your  list  of  
virtual  machines  as  shown.  Highlight  it  and  click  the  Start  button.  
 

 
You  will  now  see  the  Whonix  Gateway  begin  to  boot.    
 
 
 
 
 
 
 
 
 
 
 
 
 
You  will  be  presented  with  a  number  of  dialogs.  Feel  free  to  read  through  them,  and  click  
Understood  and  then  Accept.    
 
The  final  dialog  will  ask  you  if  you  are  ready  to  enable  Tor  and  you  will  click  Next  and  then  
Finish.  
 
You  will  see  a  new  dialog  come  up  that  shows  the  Whonix  Gateway  setting  itself  up  and  joining  
the  Tor  network  as  shown.  
 

   
 
Make  sure  to  leave  it  run  until  it  is  finished.  
 
 
 
 
 
 
You  might  be  shown  a  dialog  that  indicates  there  are  some  packages  out  of  date  on  the  system.  
It  will  also  tell  you  the  steps  to  perform  in  order  to  update  these  packages.  I  will  leave  it  up  to  
you  to  decide  whether  you  want  to  perform  the  updates  but  it  is  recommended  you  do  so.  
 
 

 
 
You  can  now  minimize  the  Whonix  Gateway  window,  but  make  sure  you  don’t  close  it.  We  need  
to  leave  it  running.  
 
 
 
 
 
 
 
 
 
Go  back  to  your  main  VirtualBox  screen  and  highlight  your  Mint  Investigation  VM  and  click  the  
Settings  button  in  the  toolbar.    
 
Click  on  the  Network  tab.  
 
From  the  Attached  to:  drop  down  select  Internal  Network  
 
From  the  Name:  drop  down  select  Whonix  
 
Click  the  OK  button.  
 

 
 
 
 
 
 
 
Now  jump  back  in  to  your  Mint  virtual  machine  and  click  on  the  network  connection  icon  in  the  
bottom  right  and  then  select  Network  Connections.    
 

 
 
Select  the  Wired  Connection  1  from  the  list  and  click  the  Edit  button.  
 
 
 
 
 
 
 
 
 
 
 
 
 
In  the  next  dialog  box  click  the  IPv4  Settings  tab.    
 
From  the  Method  drop  down  select  Manual.  
 
In  the  Addresses  section  click  the  Add  button.    
 
Set  the  Address  field  to:  10.152.152.11  
Set  the  Netmask  field  to:  255.255.192.0  
Set  the  Gateway  field  to:  10.152.152.10  
 
Below  the  Addresses  section  set  the  DNS  Servers  field  to:  10.152.152.10  
 

 
 
Click  the  Save  button  and  you  should  see  a  message  pop  up  that  the  connection  was  successful.    
 
If  you  hover  your  mouse  over  the  connection  icon  in  the  lower  right  you  should  see  “Connected  
to  the  wired  network”.  
 
  
Now  we  can  test  that  we  are  properly  setup  using  the  Tor  network  through  our  Whonix  
gateway.  Open  Chrome  and  browse  to:  
 
https://check.torproject.org  
 
 
 
You  should  receive  this  message  that  the  browser  is  configured  to  use  Tor.    
 

 
 
You  are  all  setup!  One  last  thing  on  troubleshooting  your  Tor  connection  on  the  next  page.  
 
 
 
 
 
 
Occasionally  it  will  seem  like  you  have  lost  your  connection  to  the  Tor  network  when  you  are  
browsing  around.  The  quickest  way  to  resolve  this  is  to  just  restart  the  Tor  service  on  your  
Whonix  Gateway.  
 
Jump  to  your  Whonix  Gateway  virtual  machine  and  there  is  a  big  button  on  the  desktop  that  
you  can  double-­‐click  as  shown.  
 

 
This  will  pop  open  a  terminal  window  and  run  some  commands  and  then  will  tell  you  that  you  
can  close  the  window.  Go  to  the  File  menu  and  select  Close  Window.  
 
Return  to  your  Mint  investigation  virtual  machine  and  try  reloading  the  site  you  were  on  or  try  
browsing  to  https://check.torproject.org  to  test  your  new  connection.  You  should  see  that  your  
IP  address  has  changed.  
 
 
 
 
Congrats! You’re Done!
You now have access to the Tor network to perform dark web investigations. This does not provide you
perfect anonymity but it is a great start!

Was this guide helpful? Did I miss anything? Send me an email and let me know:

[email protected]

Don’t forget to send this guide to your colleagues, friends and fellow investigators.

Thanks for reading,

Justin Seitz