Peer-to-peer networks are the most popular mechanism for the criminal acquisition and distribution of child pornography (CP). This study examined observations of peers sharing known CP on the eMule and Gnutella networks. Data were collected by law enforcement officers using forensic tools developed by the authors.
The authors characterize a year's worth of network activity and evaluate different strategies for prioritizing investigators' limited resources. The highest impact research in criminal forensics works within, and is evaluated under, the constraints and goals of investigations. The authors follow that principle, rather than presenting a set of isolated, exploratory characterizations of users. First, this article focuses on strategies for reducing the number of CP files available on the network by removing a minimal number of peers. A metric is presented for peer removal that is more effective than simply selecting peers with the largest libraries or the most days online. Second, the authors characterize six aggressive peer subgroups, including peers that use Tor, peers that bridge multiple p2p networks, and the top 10 percent of peers who contribute to file availability. These subgroups have been found to be more active in their trafficking and have more known CP and more uptime than the average peer. Finally, although in theory Tor presents a challenge to investigators, in practice offenders use Tor inconsistently. Over 90 percent of regular Tor users send traffic from a non-Tor IP at least once after first using Tor. (Publisher abstract modified)
Downloads
Similar Publications
- Development of a Non-destructive Technique for the Restoration of Defaced Serial Numbers
- Further Development of Raman Spectroscopy for Body Fluid Investigation: Forensic Identification, Limit of Detection, and Donor Characterization
- Post-burn and Post-blast Rapid Detection of Trace and Bulk Energetics by 3D-printed Cone Spray Ionization Mass Spectrometry