Peer-to-peer networks are the most popular mechanism for the criminal acquisition and distribution of child pornography (CP). This study examined observations of peers sharing known CP on the eMule and Gnutella networks. Data were collected by law enforcement officers using forensic tools developed by the authors.
The authors characterize a year's worth of network activity and evaluate different strategies for prioritizing investigators' limited resources. The highest impact research in criminal forensics works within, and is evaluated under, the constraints and goals of investigations. The authors follow that principle, rather than presenting a set of isolated, exploratory characterizations of users. First, this article focuses on strategies for reducing the number of CP files available on the network by removing a minimal number of peers. A metric is presented for peer removal that is more effective than simply selecting peers with the largest libraries or the most days online. Second, the authors characterize six aggressive peer subgroups, including peers that use Tor, peers that bridge multiple p2p networks, and the top 10 percent of peers who contribute to file availability. These subgroups have been found to be more active in their trafficking and have more known CP and more uptime than the average peer. Finally, although in theory Tor presents a challenge to investigators, in practice offenders use Tor inconsistently. Over 90 percent of regular Tor users send traffic from a non-Tor IP at least once after first using Tor. (Publisher abstract modified)
Downloads
Similar Publications
- A Comparison of Laser Ablation Inductively Coupled Plasma Mass Spectrometry (LA-ICP-MS) Micro X-Ray Fluorescence (uXRF) and Laser Induced Breakdown Spectroscopy (LIBS) for the Discrimination of Automotive Glass
- Reliability and Validity of the Lichtenberg Financial Decision Screening Scale
- Evaluating the Efficiency of Primer Extension Capture as a Method to Enrich DNA Extractions