About
This site is a collaborative, community activity with a mission to create, maintain, and promote a standardized taxonomy of terms used in forensic investigations related to the Dark Web and Virtual Assets.
History
The initial idea and concept arose during the delivery of the H2020 Project TITANIUM. Under this project one of the key performance indicator was related to the automated exchange. Data produced by one tools is enriched by going though another tools For this purpose, the project stakeholders and solution providers needed a common language and some communication protocols.
The TITANIUM consortium consulted several teams working on potential candidates for such a taxonomy. The closest one to the requirements and needs of Law Enforcement was found to be the Unified Cybercrime Ontology and the Cyber-investigation Analysis Standard Expression (CASE). While these Ontologies describe everything related to Digital Forensics they did not include Forensics applied to Dark Web and Cryptocurrencies.
At this stage (July 2019), at its 3rd meeting, the INTERPOL Working Group on Darknet and Cryptocurrencies, acknowledged the lack of such a standard and suggested the establishment of a dedicated Task Force. The first meeting of this Task Force was held in December 2019, in Singapore at the INTERPOL Global Complex for Innovation (IGCI). The Task Force designed the broad concepts and an initial version of this taxonomy while a core group of founding partners was tasked to continue and maintain this collaborative work.
Refining further the taxonomy, we changed its name to reflect the Financial Action Task Force (FATF) vocabulary and now use the terms "Dark Web" and "Virtual Assets".
Purpose
This taxonomy aims at providing a scheme for data exchange and analysis for any tools and datasets involving artifacts from Dark Web and Virtual Assets. It shall be suitable for tagging and documenting metadata around scrapped contents, ledgers, clustered transactions and wallets and their affiliated resources.
Founding Partners
Austrian Institute of Technology (AIT)
AIT is one of the founding members of this project and also develops GraphSense.
www.ait.ac.atINTERPOL
An initiative by the Innovation Centre, its Darknet and Cryptocurrencies Working Group and its Taskforce.
Users and Contributors
Dark Web Monitor (DWM)
This open source tool is designed to support analysts and investigators in the Dark Web. DWM developers use our taxonomy and actively contribute to it.
dwm.pm
GraphSense
Cross-Ledger Cryptocurrency Analytics Platform. This tools was further developped under the European Union H2020 Project TITANIUM.
Linked Projects
Cyber-investigation Analysis Standard Expression (CASE)
a community-developed evolving standard, which is intended to serve the needs of the broadest possible range of cyber-investigation domains, including digital forensic science, incident response, counter-terrorism, criminal justice, forensic intelligence and situational awareness. The primary motivation for CASE is interoperability - to advance the exchange of cyber-investigation information between tools and organizations. CASE aligns with and extends the Unified Cyber Ontology (UCO).
Malware Intelligence Sharing Platform (MISP)
This community of Cybersecurity experts and Computer Emergency Response Teams worldwide maintain the MISP a platform for Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing. Within their Galaxies, the MISP community maintains a list of Taxonomies and Ontologies they adhere to.
