Cyber criminals, hacktivists, and the occasional state actor tend to congregate in underground forums and come in many forms - in clear, deep, and dark web, focused geographically and linguistically, and focused by areas - carding, reverse engineering, hacking, etc. In this presentation we analyze a very large corpus of forum posts from surface and deep web spanning more than 3 years - including forums originating in the United States, Russia, Palestine/Gaza, Ukraine, Iran, China (in local language), etc. Based on this corpus we establish a series of patterns of actor behavior that can be used for targeting illicit behavior and actors, establish research pivot points, and detect actor focus on products, technologies, and vulnerabilities. The analysis will lay out techniques for how to analyze forum and actor behavior based on meta data analysis, without detailed human analysis of individual messages/posts. We will demonstrate how we can use the below techniques to establish patterns both inside and across forums (tracking actor traversals of the web), and crossing boundaries of clear/deep/dark web.:Natural language processingTemporal pattern analysisSocial network analysis, etc.