iCOP: Live forensics to reveal previously unknown criminal media on P2P networks

Simple item page
dc.contributor.authorPeersman, Claudia
dc.contributor.authorSchulze, Christian
dc.contributor.authorRashid, Awais
dc.contributor.authorBrennan, Margaret
dc.contributor.authorFischer, Carl
dc.contributor.funderEuropean Commissionen
dc.contributor.funderUniversiteit Antwerpenen
dc.date.accessioned2019-10-26T07:28:36Z
dc.date.available2019-10-26T07:28:36Z
dc.date.issued2016-07-16
dc.description.abstractThe increasing levels of criminal media being shared in peer-to-peer (P2P) networks pose a significant challenge to law enforcement agencies. One of the main priorities for P2P investigators is to identify cases where a user is actively engaged in the production of child sexual abuse (CSA) media – they can be indicators of recent or on-going child abuse. Although a number of P2P monitoring tools exist to detect paedophile activity in such networks, they typically rely on hash value databases of known CSA media. As a result, these tools are not able to adequately triage the thousands of results they retrieve, nor can they identify new child abuse media that are being released on to a network. In this paper, we present a new intelligent forensics approach that incorporates the advantages of artificial intelligence and machine learning theory to automatically flag new/previously unseen CSA media to investigators. Additionally, the research was extensively discussed with law enforcement cybercrime specialists from different European countries and Interpol. The approach has been implemented into the iCOP toolkit, a software package that is designed to perform live forensic analysis on a P2P network environment. In addition, the system offers secondary features, such as showing on-line sharers of known CSA files and the ability to see other files shared by the same GUID or other IP addresses used by the same P2P client. Finally, our evaluation on real CSA case data shows high degrees of accuracy, while hands-on trials with law enforcement officers demonstrate the toolkit's complementarity to extant investigative workflows.en
dc.description.sponsorshipEuropean Commission Safer Internet Programme project (iCOP: Identifying and Catching Originators in Peer-to-Peer Networks, SI-2010-TP-2601002); Antwerp University (DAPHNE: Defending Against Paedophiles in Heterogeneous Network Environments);en
dc.description.statusPeer revieweden
dc.description.versionPublished Versionen
dc.format.mimetypeapplication/pdfen
dc.identifier.citationPeersman, C., Schulze, C., Rashid, A., Brennan, M. and Fischer, C. (2016) 'iCOP: Live forensics to reveal previously unknown criminal media on P2P networks', Digital Investigation, 18, pp. 50-64. (15pp.) DOI: 10.1016/j.diin.2016.07.002en
dc.identifier.doi10.1016/j.diin.2016.07.002en
dc.identifier.endpage64en
dc.identifier.issn1742-2876
dc.identifier.journaltitleDigital Investigationen
dc.identifier.startpage50en
dc.identifier.urihttps://hdl.handle.net/10468/8886
dc.identifier.volume18en
dc.language.isoenen
dc.publisherElsevieren
dc.relation.urihttps://www.sciencedirect.com/science/article/pii/S1742287616300779?via%3Dihub
dc.rights©2016 The Authors. Published by Elsevier Ltd. This is an open access article under the CCBY license (http://creativecommons.org/licenses/by/4.0/)en
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/en
dc.subjectComputer crimeen
dc.subjectPeer-to-peer computingen
dc.subjectImage classificationen
dc.subjectText analysisen
dc.subjectForensic triageen
dc.titleiCOP: Live forensics to reveal previously unknown criminal media on P2P networksen
dc.typeArticle (peer-reviewed)en
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
1-s2.0-S1742287616300779-main.pdf
Size:
533.41 KB
Format:
Adobe Portable Document Format
Description:
Published version
Download
License bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
license.txt
Size:
2.71 KB
Format:
Item-specific license agreed upon to submission
Description:
Download
Collections
Applied Psychology - Journal Articles