Skip to content

Police Investigations and Cyber Crime: How to Find Intelligence Safely

One of law enforcements’ largest barriers to cyber investigations is its inability to access online intelligence quickly and safely. This information can be critical to finding who committed the crime, whether it’s a drug bust or identity theft.

It’s been over a decade since the Computer Fraud and Abuse Act, the United States’ main federal computer crime law, was last revised. This outdated approach to a quickly evolving family of crime sets the stage for some of the biggest police challenges in the 21st century: discovering, investigating, and charging cyber criminals.

New call-to-action

This article explores why online investigations are the new norm for police, where to find actionable intelligence online, and how to access these networks safely.

Why Do Police Need to Do Online Investigations?

police car lightsThe criminal world is vastly changing. More and more crimes of every type involve some level of cyber activity. Bad actors can achieve total anonymity on the dark web for conducting previously non-digital crimes, from drug trafficking to child pornography. Hacking, data breaches, and hate crimes have expanded into an entirely new category of crime. Online forums, such as the defunct 8chan, have become platforms for extremist views, radicalization, and publishing hate documents before mass shootings. 

In addition to these crimes, police themselves have become greater targets for criminal activity. They are targeted for:

  • Computer systems hacking and data breaches, leaving evidence databases and personal information exposed
  • Doxxing
  • Phishing

Due to the quick evolution of technology and cyber crime, law enforcement agencies are now taxed with finding resources to develop cyber investigation techniques. Agencies often need to consult separate IT departments for support, creating a disconnect between law enforcement strategies and applied technical knowledge. This further fuels disconnection between real world crimes and corresponding cyber intelligence—which further motivates cyber criminals to increase and adapt their efforts.


These challenges require a shift in how law enforcement approaches cyber crime: police officers need access to user-friendly tools that allow them to safely navigate crime on different levels of the web.

The Layers of Cyber Crime

As people surf the web using Google, many of them are unaware that the web is comprised of a much more vast collection of data that can’t be discovered using conventional search engines. 

All levels of the web contain content that is relevant for criminal investigations—but not all of this content is easily discoverable. There are several “layers” to the web (shown by the infamous iceberg analogy). Each layer differs in the types of criminal evidence they host, and the way they can be accessed.

The Surface (or Open) Web

The surface web is the easiest to define because it’s what billions of us experience everyday—it’s everything that is public and indexed on the internet. Any content that an individual can find using Google is considered the surface web. The surface web only constitutes about 10% of all web content.

Law enforcement can utilize the surface web to find content relevant to criminal investigations. For example, in the event of an active shooter, police can find public social media posts containing images or videos from the incident.

The Deep Web

The deep web is all the other non-indexed pages: about 90% of all web content. This includes content that is private or password-protected. It includes things like:

  • Email pages
  • Online banking pages
  • Internet archives
  • Some forums and classifieds sites
  • Paste site posts (used to publicly share plain text and code)

The deep web contains a lot of information useful for police investigations. For example, there are forum discussion threads on the deep web inciting hate speech, being used to target individuals, organize physical threats, host precursory documents, or discuss illegal activities like shoplifting and drug use/sales. Paste sites, such as Pastebin, are good places to look for evidence of data breaches. If police are investigating a human trafficking ring, they can use unindexed adult classifieds sites to find related individuals.

The Dark Web

The term “dark web” is often used interchangeably with “deep web,” but they are not the same. The dark web could be considered a “sub-section” of the deep web, where users intentionally achieve total anonymity, usually to conduct illegal activities.

The dark web is comprised mainly of either marketplaces, discussion forums, or news/commentary sites. This is where law enforcement can find vendors selling goods and services illegally. As with deep web forums, it’s also useful for finding suspect chatter about a range of illegal activities and extremism.

The dark web achieves user anonymity by using the Tor (The Onion Router) network. A Tor browser looks much like Chrome or Firefox—but it routes internet traffic through several randomized servers, making it nearly impossible to track who or where the original traffic came from. Tor site URLs (which have .onion as their top-level domain) are also randomized and constantly changing, making them difficult to find and use.

Safe Online Investigations Require Specialized Tools

Beacon Home pageThe “library” analogy is often used to compare the surface web and dark web: using the surface web is like finding books in a regular library where everything is organized using the Dewey Decimal System. Navigating the dark web is like finding information in a library where all the books are placed on shelves randomly with no labeling; it would take the user a long time to find what they’re looking for, and they never know what they’re going to see when they open a new book.

New call-to-action

Finding relevant content on deep web sites that don’t need Tor still require users to know which sites contain relevant information, and to search those sites manually until they find what they’re looking for.

You can imagine that finding relevant information for a police investigation on these computer networks is an extremely cumbersome, lengthy, and dangerous process. Not only can the user easily stumble into traumatizing content, but they can also implicate their own safety if they do not navigate Tor properly.

This issue raises a huge demand for tools that make dark and deep web searching efficient and safe for law enforcement. Tools like Beacon help users build searches and quickly discover relevant information on the deep web and dark web. The platform also gives users a plain text version of whatever content they find, along with site links and pertinent information such as date posted and author handles. These features allow users to access content without using Tor—but if they do use it, they know exactly where they’re going and what content to expect when they get there.

How to Safely Access Tor

corporate office open working desksIf you are using a tool like Beacon to access .onion sites, here’s how to safely get onto the Tor network. Use Tor at your own risk—we don’t recommend surfing it without proper training or experience.

  1. Navigate to your app store and purchase and install a virtual private network (VPN) such as Avast. This gives you an added layer of security. Ensure the VPN is always connected when using Tor.
  2. Navigate to The Tor Project and install Tor. Never maximize the Tor browser on your screen.
  3. Enter any links found in Beacon directly into the Tor browser. Darknet Live is also useful for finding dark web sites and links.
  4. Use a secure email service such as ProtonMail and register for an account. Use this to register for dark web marketplaces and forums that require a login.
  5. Always use a random username generator and password generator to create your ProtonMail handle and any new user accounts on the dark web. Never reuse a username or password, and keep them stored in a safe place.

Police have one of the most dangerous professions in the world—and this won’t change, even as more crimes rely on cyber activity. As cybercrime increases, officers need to understand where they occur online, and how to access this valuable information safely. The tools and knowledge necessary for navigating the deep and dark webs is an inevitable investment for law enforcement agencies around the world.

Learn more about how you can safely conduct digital investigations with Beacon