Dissertation leads to full patent on technological intellectual property
May 27, 2025
After six years of research and development, Dr. Arica Kulm secured a full technological intellectual property patent for her digital forensics framework that helps identify evidence of a user's access to the dark web.
Dr. Arica Kulm, Director of Digital Forensics in the Digital Forensics for Cyber Enforcement (DigForCE) Lab, began researching what is left behind when a user accesses the dark web, which ultimately became her dissertation, leading her to develop a digital forensics tool simultaneously. Kulm previously received a provisional patent for the same work.
“Arica’s patent reflects the kind of innovation we value at Dakota State University—cutting-edge research with real-world application,” said Dr. Ashley Podhradsky, vice president of research and economic development.
“Her work in dark web forensics and host-based artifact analysis is advancing the field and strengthening national security. This patent is a testament to her expertise and to DSU’s leadership in cybersecurity research.”
To better understand what the dark web is, Kulm explained that the internet is made up of three parts. There’s the surface web, the part of the web that can be accessed with a Google search, which is only about 4% of the web. Next is the deep web, anyone can access it, but credentials are required. This is the part of the internet, like news sites with articles behind paywalls, or accounts requiring logins, like streaming services or bank accounts.
The dark web is a part of the World Wide Web that is only accessible through special software, specifically a TOR browser, and networks that allow users to remain anonymous through relays and encryption.
While TOR is just a browser and the dark web can be used legally, for example, to communicate securely in countries where governments surveil and censor dissenting opinions, it is also used by criminals to buy and sell things like illegal drugs, weapons, credentials, and stolen identities. The anonymity of the dark web presents difficulties for law enforcement investigating these crimes.
“Originally, it was thought that there were few or no artifacts left behind on a computer when someone accesses the dark web,” she explained.
To help disprove this and find artifacts left behind, Kulm utilized the OSINT Framework during her research, which stands for Open-Source Intelligence, which gathers information from free tools and resources and developed the Dark Web Artifact Framework. That framework can discover if a Tor browser has been installed or uninstalled on a computer or run off a USB stick. Sometimes it may even find some of the sites visited.
“The framework just reaffirms that you can’t really do anything without leaving some kind of evidence behind,” she said.
The Dark Web Artifact Framework can be used with both Windows and macOS operating systems.
This initial confirmation then allows law enforcement and the experts who work with them to do a deeper analysis of the computer. Additionally, the tool can be used by businesses and organizations if they suspect someone has infiltrated their systems, or suspect a ransomware event, Kulm said.