10.09.2012

Investigating Internet Crime: How Cases of Pedophilia and Related Criminal Activities are Intertwined and Investigated for Internet Crimes.



by Elizabeth Hall
Image representing Windows as depicted in Crun...
Image via CrunchBase
Operating Systems Data Used in Criminal Investigation of Pedophilia
In this case, the pedophile in question is a 48-year-old man, who used computers to find victims, usually those boys who had troubles at home or had problems (Deirmenjian, 2002).  The model of victim enticement used is the trust-based seductive model.  This is also the worst type of pedophile, as they are not satisfied with collecting child pornography or just chatting, they actually intend to go through with the meeting in person and being a supplier of child pornography.  When arrested, officers found and seized a total of five computers and videocassette recorders, along with many computer disks and almost three hundred video cassettes all with evidence of the crimes.  The operating systems of the computers is Microsoft Windows, and the data that is important to collect from this evidence is those files which contain pictures, chat, emails, and other evidence of crimes against children or pedophiliac behavior.  Even though this suspect believed that he deleted the file, the log file is still present in the system, and there are tools to detect this activity.  
Some of these tools are places that the investigator may know to look such as the recycle bin.  This is because some perpetrators do not know that files stay until you actually empty the trash.  Other times this data is hidden in the root systems of the computer where data is also collected pertaining to the operating system’s tasks.  Other tools can be purchased for use from a manufacturer or retailer such as MacLockPick 3.0 from Mac Forensics Lab (2010), which can manage a triage of operating systems that are both live and off.  Investigators have tools in their Forensics Lab Models, Social Agent, and Web Agent, which afford their investigator speedy recovery of files by a host of tools.  These tools, range from picking up skin tones present in files to explicit wording in text to expedite the dissemination of files in the operating system that pertain to the investigation (Mac Forensics Lab 2010).  

Credit Card Data: Source
Published by the American Psychiatric Associat...
Published by the American Psychiatric Association, the DSM-IV-TR provides a common language and standard criteria for the classification of mental disorders. (Photo credit: Wikipedia)
Another thing found with the suspect’s things were, credit card numbers with names and expiration dates in a journal on the suspect’s desk.  It is discovered that these are the methods, that he uses to pay for his internet services, private chat rooms, and pornography sites used to lure these victims.  Possibly, to keep him suspended when there are no live victims available, as well, since pedophilia is an actual mental disease listed in the Diagnostic and Statistical Manual of Mental Disorders IV.  These credit card numbers can be found on the internet for sale in some of the places on the internet such as Internet Relay Chat rooms or Yahoo Groups, and in Google platforms that cater to these types of people that sell credit card information and utilize or sell child pornography (Knetzger and Muraski, 2008).  
E-mail tracking is also useful for investigating online crimes based on pedophilia. Usually when a pedophile has a victim that they are working on, as in the case of our suspect it is usually a certain type or age of victim.  They will gain the trust of the intended victim by exchanging emails and chats often, but not all criminals know that emails can be tracked.  Each email is equipped with a header and sub headers that trace the entire path of the email, disclosing the networks and source of the email even if it is bounced through programs designed to hide that from the immediate eyes (Knetzger and Muraski, 2008).  The full header contains the IP addresses and they can be traced to specific locations. Protocol for this is to conduct a lookup of the IP address and then obtain the individual user data associated with the account by subpoena (Knetzger and Muraski, 2008).  
Chat Investigation Protocol
When investigating online sexual predators, particularly those looking for victims that are minors, there are protocols that investigating officers should follow for best practices (Knetzger and Muraski, 2008).  This helps keep clear timelines of data that shows violations, instigation, protect the investigation from entrapment allegations, and they will show the personality of the offender when in these situations.  The steps to follow are pretty clear; first the officer will create an online persona that would appeal to these types of offenders, complete with emails, chat room id’s, and photos that would normally be found on a child’s account.  Next, they should make sure that all social media, emails, blogs tied to that persona are set up to auto log all correspondence in and out (Knetzger and Muraski, 2008). 
Once they have things set up the investigator should go to rooms in chat platforms, which they can find the preferred age of their victims and participate reactively to the chats going on in the room (Knetzger and Muraski, 2008).  The investigator should document any attempts to transmit any type of pornographic material, or invitations to meet in person.  Following these steps will ensure the integrity of the investigation should it become challenged in court.  These steps should be followed with all digital forms of media including emails, chats, and phone conversations, relating to our investigation (Knetzger and Muraski, 2008).
Online Intelligence Gathering
English: Screenshot of Chat Rooms in Paltalk Scene
English: Screenshot of Chat Rooms in Paltalk Scene (Photo credit: Wikipedia)
When gathering intelligence online there are elements that may make the search easier considering the amount if information on the internet (Knetzger and Muraski, 2008).  Investigators know that there are websites that cater to almost any fetish or need, and there are ways to search to make your results more specific to the search. Along with looking in IRC, Groups, or on Google blindly, one can narrow the search easily.  This is done by placing quotation marks around your specific search terms and separating them with “and”, “or”, or a like word accepted in Boolean terms. There is also open source data that may not be protected from searching such as Facebook and other social media, along with closed source data such as private groups that require passwords (Knetzger and Muraski, 2008).
Search Warrant Requirements/Exceptions/Procedures
Search Warrants usually require two parts the affidavit that supports the reasoning for the search warrant and lists the requesting officer’s qualifications and reasons for requesting the warrant (Knetzger and Muraski, 2008).  The affidavit also describes exactly what place and items that may be searched.  The other part is the warrant itself.  This must not just be an address alone, but must be descriptive to color, make, model etc.  Items to be seized must also be listed explaining the relation of the digital items to the criminal activity. Execution of warrant must be well considered, but can be served in person, by knock and announce, or no knock exceptions.  Another thing that is important is that a copy of the warrant must be left at the scene with the place to be searched or persons there that live there (Knetzger and Muraski, 2008).
Personal Computer Data Extraction and Preservation/ File Recovery Research
A little diagram of an IP address (IPv4)
A little diagram of an IP address (IPv4) (Photo credit: Wikipedia)
When coming across a personal computer or smart phone before unplugging the device or touching a part of the computer including the mouse or screen an investigator should clone the drive then work from the clone.  The original evidence must be preserved at all costs, so it should be cloned then packed up into safe evidence handling boxes and materials.  An investigator should never just unplug a computer from anywhere, but should disconnect the main power switch at the back of the tower alone. Files can be recovered from the root systems and pathways in the original operating systems along with any applications along the way.  

References:
Deirmenjian, J.M. MD, (2002).  Pedophilia on the Internet.  Journal of Forensic Scie
nce, Sept 2002.  Vol 47, № 5.  Retrieved From: http://www.hawaii.edu/hivandaids/Pedophilia_on_the_Internet.pdf
Knetzger, M. & Muraski, (2008).  Investigating High-Tech Crime.  New Jersey Prentice Hall, Pearson Education.  ISBN:  0-536-08577-3
Mac Forensics Lab, (2010).  Software.  Retrieved From: http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=index&cPath=1


Enhanced by Zemanta

This is

0 comments:

Post a Comment

All comments and feedback appreciated!

Criminology & Justice Headline Animator

Psychology

Law Books

Corrections

Sociology

Crime

Serial Killers

Criminology

LinkWithin

Related Posts Plugin for WordPress, Blogger...