Academic journal article International Journal of Cyber Criminology

OSINT by Crowdsourcing: A Theoretical Model for Online Child Abuse Investigations

Academic journal article International Journal of Cyber Criminology

OSINT by Crowdsourcing: A Theoretical Model for Online Child Abuse Investigations

Article excerpt

Introduction

Since the advent of the Internet, online child sexual abuse has become a global concern, continually growing and diversifying. In addition to the dissemination of child abuse materials throughout cyberspace (Taylor & Quayle, 2003), new forms such as online grooming (Whittle, Hamilton-Giachritsis, Beech, & Collings, 2013), sexual extortion (Kopecký, 2017) and webcam child prostitution (Açar, 2017a) have come to the attention of the public as online offences against children. While some aspects of the subject matter, such as the psychosocial and legal dimensions, have been studied extensively in the literature, by comparison, the development of practical methods to advance the global fight against online child sexual abuse seems to be neglected (Açar, 2017b).

High capacity but low-cost data storage options have resulted in the common use of terabyte-sized hard disks and cloud services. It is now unexceptional for a person to have a large amount of digital information spread throughout separate personal devices and cloud-based personal accounts. In addition to the unprecedented increase in average data per person, awareness of digital evidence has grown substantially among law enforcement agencies (LEAs). Currently, even in relation to petty crimes such as shoplifting, investigators are fully aware of the fact that the digital belongings of the suspect and victim may be highly beneficial for increasing the rates of apprehension or conviction. For these reasons, the backlog of seized devices has increased to unparalleled levels, leading to delays in the trial process of up to years, even for online child abuse investigations (Goldberg, 2015; Netclean, 2017). In order to solve this problem to some extent, a range of technological methods has been proposed, such as data mining, data reduction and triage (Quick & Choo, 2014; Lillis, Becker, O'Sullivan, & Scanlon, 2016). However, unlike in the case of less serious criminal acts, for online child abuse investigations reliance on triage and completely automated processes may have grave consequences.

In addition to child abuse materials, the digital belongings of an abuser might contain more minor yet important pieces of information such as nicknames, e-mails and names of places. A thorough digital examination and appropriate analysis of this set of information might reveal the exact locations or real identities of criminal associates or victimized children. While highly convenient for investigators, triage is essentially a quick, on-the-spot digital forensic evaluation, for time-sensitive cases in particular (Rogers, Goldman, Mislan, Wedge, & Debrota, 2006). In most of these cases, investigators do not even know whether they will be able to extract incriminating evidence from seized digital materials before the operation takes place. However, for online child abuse investigations, investigators generally have a solid idea of what and where the suspect might possess the illicit materials beforehand. Even in the absence of such firm knowledge, the possibility of failing to notice incriminating evidence of significant importance makes LEAs extra cautious. Consequently, due to these complications, triage is an extremely risky method of digital forensics examination and rarely preferred in relation to online child abuse investigations.

On the other hand, completely automated methods of extracting digital evidence are highly efficient for revealing some types of information, such as e-mail addresses and Internet browser history. However, finding such information through the examination of digital evidence is only the beginning of the judicial process. E-mail addresses, nicknames and other relevant details should be properly investigated through open sources, to identify the real identities of possible owners and discover whether their relationships with a suspect are crime-related (Gibson, 2016). For each clue, on average, an hour-long open source intelligence investigation (OSINT) should be conducted, including the time-consuming report writing stage. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.