本文說明洋蔥路由的組成及運作,並利用案例實作,使用鑑識工具來進行相關實驗,了解藉由記憶體萃取分析,可以從中還原企圖者曾使用Tor browser所瀏覽的網頁,查看其是否有利用Tor browser進入非法網站,並藉此在未來藉由分析網路流量,以及Registry變化,可以更加確切得知企圖者的動機目的。
In this paper, we give the introductions of compositions and operations as to the onion router (Tor), firstly. Then there are several forensic tools conducted in forensic experiments, so as to realize the evidence investigations in the memory for extraction and analysis. In this way, we could reveal pages browsed by Tor browsers. According to our proposed method observed in the empirical experiments, we could perceive the criminals if accessing to illegal pages to commit the criminal facts. In our further plans, the analyses of network traffic and the changes of registry are going to be exploited to watch out the motivations of the criminal offense.