Peer-to-peer networks are the most popular mechanism for the criminal acquisition and distribution of child pornography (CP). This study examined observations of peers sharing known CP on the eMule and Gnutella networks. Data were collected by law enforcement officers using forensic tools developed by the authors.
The authors characterize a year's worth of network activity and evaluate different strategies for prioritizing investigators' limited resources. The highest impact research in criminal forensics works within, and is evaluated under, the constraints and goals of investigations. The authors follow that principle, rather than presenting a set of isolated, exploratory characterizations of users. First, this article focuses on strategies for reducing the number of CP files available on the network by removing a minimal number of peers. A metric is presented for peer removal that is more effective than simply selecting peers with the largest libraries or the most days online. Second, the authors characterize six aggressive peer subgroups, including peers that use Tor, peers that bridge multiple p2p networks, and the top 10 percent of peers who contribute to file availability. These subgroups have been found to be more active in their trafficking and have more known CP and more uptime than the average peer. Finally, although in theory Tor presents a challenge to investigators, in practice offenders use Tor inconsistently. Over 90 percent of regular Tor users send traffic from a non-Tor IP at least once after first using Tor. (Publisher abstract modified)
Downloads
Similar Publications
- Third-Party Policing: A Randomized Field Trial to Assess Drug Crime Reduction and Police-Hotel Partnerships
- Assessment of the Effectiveness of Emergency Lighting, Retroreflective Markings, and Paint Color on Policing and Law Enforcement Safety
- An efficient clustering-based retrieval framework for real crime scene footwear marks