In CEH v13 Module 02: Footprinting and Reconnaissance, Dark Web Footprinting is discussed as an advanced form of reconnaissance where attackers access hidden services and data using anonymity networks such as Tor (The Onion Router), I2P, or Freenet. These networks enable access to the deep web and dark web, where unindexed, and often illicit, content resides.
Key points relevant to this scenario:
The attacker encrypted browsing traffic and navigated anonymously, which strongly implies the use of tools like Tor or VPNs to mask identity.
The attacker used specialized tools/search engines like:
Torch
Ahmia
DarkSearch
Candle
The goal was to find sensitive or hidden information in government or federal systems — a common dark web footprinting objective.
The final step involved an attack that left no trace, which aligns with using the dark web for anonymity and obfuscation.
Option Analysis:
A. Dark web footprinting
Correct. This matches the behavior described: encrypted, anonymous access to sensitive information through dark web tools.
B. VoIP footprinting ❌
Incorrect. VoIP footprinting relates to identifying vulnerabilities or metadata in Voice over IP systems, not anonymous browsing or dark web activities.
C. VPN footprinting ❌
Incorrect. While VPNs may be used as part of anonymity, VPN footprinting refers to identifying systems using VPNs — not the act of gathering data anonymously.
D. Website footprinting ❌
Incorrect. Website footprinting involves gathering information from public-facing websites, like WHOIS data, robots.txt, and HTML metadata — not hidden dark web content.
Reference from CEH v13 Study Guide and Courseware:
Module 02 – Footprinting and Reconnaissance, Section: Footprinting through Dark Web and Deep Web
CEH v13 iLabs: Using Tor and Dark Web Search Engines for Reconnaissance
CEH Engage – Phase 1 (Reconnaissance): Dark Web Intelligence Gathering
