Measurements of the Internet for law enforcement purposes must be
forensically valid. We examine the problems inherent in using various network-
and application-level identifiers in the context of forensic measurement, as
exemplified in the policing of peer-to-peer file sharing networks for sexually
exploitative imagery of children. First, we present a one-year measurement
performed in the law enforcement context. Our proposed tagging method offers
remote machines application- or system-level data that is valid, but which
covertly has meaning to investigators. These tags, when recovered, allow
investigators to link network observations with physical evidence in a legal,
forensically strong, and valid manner. We present a detailed model and analysis
of our method, show how tagging can be used in several specific applications,
discusses the general applicability of our method, and detail why the tags are
strong evidence of criminal intent and participation in a crime. We then
describe the tagging mechanisms that have we implemented using the eMule file
sharing client.
No comments:
Post a Comment