# Introduction to Digital Forensics - **Assignment 1**

By Beatrice Beretta (s2584891), Rodrigo Carvalho (s2379821), Alison Brandt (s2367815), Chris Bleeker (s2462648), Allen Sirkin (s2293153) and Julia Naastepad (s2483068)

## Introduction and motivation

The goal of this analysis is to gain a better understanding of the black market. This ranges from seeing what kind of items and services are being offered, the general price ranges, the different sellers and their inventories, and what items we find most surprising. In addition to this we will attempt to classify the legality of the items identified. Finally, we will show who we believe are the top sellers from the investigated sites in order as well as who are the top three sellers who should be investigated by the police.

## Methodology

We used the site https://darknetone.com/markets/ to find a list of black markets located on the dark web. We acessed these websites using the Tor Browser, because they aren't accessible using your normal web browser. Some of the black markets required us to have a registered account. If this happened, we simply created a temporary throwaway account with no leads back to our real identities.

Once we entered the black markets, we started browsing. We chose a random, but diverse list of items from the websites, and put them in the table, filling in the appropriate columns. In one of these columns, we noted down if we thought the _selling_ of these products is illegal, which we discussed in our group. If the legality is questionable, we put our reasoning why it could be illegal or legal in the additional notes column.

While going through the posts, we select some of the posts we have chosen, and look at the seller. We look at some relevant information about the seller and put it in another table.

To determine the top 10 sellers, we look at their amount of posts and the lowest cost to calculate what minimum revenue they would generate if each post would sell once. In addition to this we determine the top 3 sellers we believe should be investigated further based on how much harm their items can cause to other people.

Since these results are random by nature, repeating this analysis wouldn't give exactly the same results, but still very similar. There is a bit of objectivity in the Legality column, because this is based on how you interpret the law.

## Results

### Import the required libaries

In [1]:
import pandas as pd

# Display all table entries fully.
pd.set_option('display.max_colwidth', None)
pd.set_option('display.max_rows', 500)

### Import and show the posts table

In [2]:
df = pd.read_csv('posts.csv')

# We sort the list by category, seller and then price
df = df.sort_values(by=['Category', 'Site', 'Seller'])

# Reset the index column
df.reset_index(drop = True, inplace = True)
df

Unnamed: 0,Title,Price,Category,Seller,Legality,Additional Notes,Site
0,Ipvanish Vpn Account[LIFETIME]★★ Auto Delivery★★,$3.50,Accounts,bulkversion,Depends,illegal if the account was stolen,ASAP market
1,-== Spotify PREMIUM Accounts ==-,$2.99,Accounts,digitalworld,Illegal,account accessed without consent from the account owner,Tor2door
2,-== Skillshare Premium Account ==-,$4.99,Accounts,digitalworld,Illegal,account accessed without consent from the account owner,Tor2door
3,*COVID-19 Vaccination Record Card CDC USA Authentic Vaccine Passport*,$226.15,Counterfeit,dannyboys,Illegal,would only be used to pretend that user is vaccinated in places where it was needed (like travel thru international borders...no jurisdiction would be pleased),ASAP market
4,Slovenia Fake Driving License,$174.05,Counterfeit,fakeideurope,Illegal,,ASAP market
5,Washington New Driver License Hologram,$25.15,Counterfeit,falloutb0y,Depends,having it probably isn't legal (unsure) but using it to help fake an ID is,ASAP market
6,75x counterfeit 20 dollar bills 1500 for 400 dollars,$402.00,Counterfeit,fraudbuddy,Illegal,,ASAP market
7,Polish police report,$5.05,Counterfeit,misspocahontas,Illegal,template fillable by buyer that then allows impersonation of police,ASAP market
8,Ladies Rolex DateJust Model 179174 1:1 Replica. Identical to Original A+,$150.40,Counterfeit,thejuicedoctor,Depends,"It's clearly stated that it's counterfeit, but the intention may be to resell it as real. Also it might be copyright infringement.",ASAP market
9,Rolex - GMT‑Master II ALL Ice S【UltimateAAA+】,$600.00,Counterfeit,sexyhomer,Illegal,"advertises that it comes with Rolex box and certificate, but at price point it is fake-copyright",DarkFox


### Determine the three products that made you the most suprised

Most of the products in the list are pretty ordinary, things you would expect to see on a black market. Then there are a lot of products that fall in categories you wouldn't necessarily expect to see in a black market, but it still appears a lot. Finally, there is a small subgroup of products which even on the black market appear only once or twice. This category contains the three items that we were most suprised by.

Our top three of most suprising posts are:

- **R.A.T. Setup and Mentoring Service - Make Money. Fast. Simple.:** This was surprising because it was not expected that someone on one of the darkmarket sites would be offering to actively teach a person as well as offering to give follow up help for some time after.
- **YOUTUBE: How To Become Rich || HQ eBook With ECourses:** This post seems peculiar, because if such a guide is uploaded to YouTube, it most likely doesn't contain any illegal methods, since that is against the ToS of YouTube. But if it doesn't contain any illegal methods, why would it be on the black market? What is the difference between this and any other (public) guide or video on YouTube that explains ways on how to get rich.
- **Forged Xfinity Comcast Statement:** On first sight, this makes no sense. You would think an official statement from Xfinity or Comcast would we useless. But this can actually be used to prove to the respective company that you own, live at or in any other way are affiliated with the address listed on the statement. This can then be used to impersonate the house owner.

### Import and show the sellers table

In [3]:
sf = pd.read_csv('sellers.csv')

# Sort by the amount of posts and rating
sf = sf.sort_values(by = ['Amount of posts'], ascending = False)

# Reset the index column
sf.reset_index(drop = True, inplace = True)
sf

Unnamed: 0,Name,Amount of posts,Rating,Low price ($),High price ($),Primary category,Site
0,DangerousTomato,2235,64%,2.0,5,Fraud and Software,Tor2door
1,prettypacks,1667,99%,50.0,500,Drugs,ASAP market
2,HarleyQuinn,450,no reviews,1.0,45,software and guids,Quest Market
3,timmiroll56,415,100%,500.0,2000,"counterfeit, fraud and drugs",Quest Market
4,g3cko,282,100%,1.0,990,software and guides,Quest Market
5,Fraudway,251,100%,1.72,387,software and guides,Quest Market
6,fraudbuddy,187,80%,50.0,50000,Counterfeit,ASAP market
7,GoldApple,150,94%,1.0,25,Fraud and Software,Tor2door
8,trusteelucky,148,96%,10.0,100,fraud and guids,Quest Market
9,HappyShopOrigi,121,80%,1.0,20,Fraud and Software,Tor2door


### Determine the top 10 sellers

In [4]:
sf['Estimated revenue'] = sf['Amount of posts'] * sf['Low price ($)']
top10 = sf.sort_values(by = ['Estimated revenue'], ascending = False)
top10 = top10.head(10)
top10.reset_index(drop = True, inplace = True)
top10

Unnamed: 0,Name,Amount of posts,Rating,Low price ($),High price ($),Primary category,Site,Estimated revenue
0,timmiroll56,415,100%,500.0,2000,"counterfeit, fraud and drugs",Quest Market,207500.0
1,prettypacks,1667,99%,50.0,500,Drugs,ASAP market,83350.0
2,fraudbuddy,187,80%,50.0,50000,Counterfeit,ASAP market,9350.0
3,thejuicedoctor,62,99%,150.0,250,Counterfeit,ASAP market,9300.0
4,DangerousTomato,2235,64%,2.0,5,Fraud and Software,Tor2door,4470.0
5,namedeclined,78,100%,20.0,800,"Fraud, Software, Drugs",Tor2door,1560.0
6,trusteelucky,148,96%,10.0,100,fraud and guids,Quest Market,1480.0
7,lordfinnese,42,93%,20.0,727,fraud and guids,WeTheNorth,840.0
8,biochemshop,97,91%,8.0,10000,counterfeit and drugs,Quest Market,776.0
9,thedangeroustomato,100,98%,6.0,52,fraud and guids,WeTheNorth,600.0


### Determine which 3 sellers should be reported to the police

Fraud and counterfeit could be very harmful to others, so the worst sellers probably sell products in this category. Malware is also a big thing which could lead to fraud.

The 3 sellers which sell the most of these products and thus we think should be reported to the police are:
- **timmiroll56** on Quest Market
- **DangerousTomato** on Tor2door
- **namedeclined** on Tor2door

We believe that these are the worst sellers within our results. Shutting down these sellers would remove a lot of fraud from the black market, which in turn makes it so that less people are victim of fraud.

# Conclusion

In conclusion, we have found a very wide selection of different items in very different price ranges from an assortment of sellers that seem to specialize in multiple categories, with the most surprising ones being the things that seemed to be the most out of place. The black markets seam to be just be lowly regulated online marketplaces where yo can look for or offer nealy any service and if one site won't allow you to sell what you want you can just find one that will. While not everything sold on the sites are inherantly illegal many things are and most of what isn't is likely to be used illegally.