At DFRWS yesterday you gave a talk about Tor forensics on Windows. Could you briefly outline some of the main challenges associated with Tor forensics for our readers?
I think that nowadays there are new challenges related to encryption, anonymity and stuff like that. After a real case in which we had to find evidence of usage of Tor, we decided to go in-depth on the analysis of usage of Tor on that particular device. Not traces of Tor from a network point of view, but traces of Tor left on the device itself, because in our daily work we mainly perform post-mortem analysis of devices.