This is a presentation I gave to the DE Association of Criminal Defense Lawyers on December 6, 2013. Main themes include: Digital Technology and Child Pornography, Digital Investigations, Introduction to Computer Forensics, and Defending Child Pornography Cases.
With 1.2 billion monthly active users on Facebook alone, it’s not surprising that social media networks can be a rich source of information for investigators. And because Americans spend more time on social media than any other major Internet activity, including email, social media information and evidence is plentiful. You just need to know how to get it.
Finding, preserving and collecting social media evidence often requires some forensic skills, as well as an understanding of the laws that govern its collection and use. It’s important for investigators to be aware of both the possibilities and limitations of social media forensics.
I was invited in Web Tech Talk Event as a Speaker. The event was organized by Tech Speakers Bangladesh. On that event, I gave a speech on Deep and Dark Web. I made this slide for that speech.
All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers).
We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.
Investigating online conducting pre-interview researchCase IQ
Going into an investigation interview with no knowledge of the interview subject is like going into a job interview with no knowledge about the company. You’re unlikely to get the information you need (or the job you want).
Before meeting an interview subject an investigator should do some online research on the interview subject. Background information can help the investigator establish rapport, identify areas of vulnerability and determine questioning strategies.
With 1.2 billion monthly active users on Facebook alone, it’s not surprising that social media networks can be a rich source of information for investigators. And because Americans spend more time on social media than any other major Internet activity, including email, social media information and evidence is plentiful. You just need to know how to get it.
Finding, preserving and collecting social media evidence often requires some forensic skills, as well as an understanding of the laws that govern its collection and use. It’s important for investigators to be aware of both the possibilities and limitations of social media forensics.
I was invited in Web Tech Talk Event as a Speaker. The event was organized by Tech Speakers Bangladesh. On that event, I gave a speech on Deep and Dark Web. I made this slide for that speech.
All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers).
We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.
Investigating online conducting pre-interview researchCase IQ
Going into an investigation interview with no knowledge of the interview subject is like going into a job interview with no knowledge about the company. You’re unlikely to get the information you need (or the job you want).
Before meeting an interview subject an investigator should do some online research on the interview subject. Background information can help the investigator establish rapport, identify areas of vulnerability and determine questioning strategies.
Cyber pornograpghy (with special reference to child pornography)gunpreet kamboj
containing all provisions of Indian Penal Code & IT act 2000 related to pornography & child pornography. Prepared by Gunpreet kaur kamboj, law student of GNDU (asr) . if u like it then please like it or comment it...as i did alot of hardwork
2013-12-18 Digital Forensics and Child Pornography (inc. 1 hour ethics)Frederick Lane
This is a presentation I delivered to the Federal Defenders Program for the District of Indiana (N.D.) on December 18, 2013. It is a 6-hour CLE presentation covering the following topics: overview of the law of child pornography, methods of distribution, digital investigations, hash values, trial issues, and the ethics of client data.
This is a copy of my presentation at the 2013 VT Family Law Conference. This lecture discusses the growing importance of electronic evidence in divorce litigation, and provides suggestions on how to locate, recover, and preserve emails, social media posts, pictures, and computer files. It also covers the legal risks that attorneys and their clients face if they are too aggressive in pursuing electronic evidence.
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to the Joint Meeting of ISACA and IIA North Texas on January 12, 2017.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference
Presenter: Amelia Phillips, Highline Community College
E-discovery is defined as “gathering electronically stored information (ESI) for use in litigation”. At first glance, this appears to be a straightforward statement, but upon further examination one finds that it encompasses a broad range of items. Over 90% of documents produced by companies now are electronic. Older paper files have been converted to microfiche or PDF files. Add to this email, text messages, social media (yes, even the IRS has a Facebook page) and you have an idea of the amount of information that becomes this new term called “Big Data”. Terabytes of data will soon become petabytes of data. Are we ready? Are our students prepared for this new era? E-Discovery is a field that affects not only the lawyers, but the IT support staff, and how companies do business. In this talk you will be introduced to some of the new technology in the field such as predictive coding, forensic linguistics, and social media archiving. You will also be shown some of the new tools on the market that you can use in your classrooms to prepare your students and yourself for this fast evolving arena. What does a company need to do when a litigation hold is in place? What response needs to come from the legal staff, the IT support staff, the managers, and the average employee? How does this affect the BYOD (Bring Your Own Device) policies? Which comes first - employee privacy, freedom of information or corporate security? You will walk away from this talk with a methodology to incorporate this new topic into your curriculum. You will also be given ideas of how to make this affordable for your labs, what foundations your students need, and how to deliver this in a way that appeals to the business, IT or legal oriented student. This topic affects them all. Come and find out why this is something they need to be successful in tomorrow's market.
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...APNIC
APNIC General Counsel Craig Ng discusses legal cooperation to overcome jurisdictional and territorial limits in cybercrime investigations at the 33rd TWNIC IP OPM in Taipei, Taiwan, on 5 December 2019.
Data Privacy and Security in the Digital age Ukraine - Patrick BellUBA-komitet
Зустріч в рамках Комітету АПУ з питань телекомунікацій, інформаційних технологій та Інтернету з юристом з США Патріком М. Беллом щодо обговорення питань конфіденційності та безпеки даних, 26.07.2017, м.Київ
Cyber pornograpghy (with special reference to child pornography)gunpreet kamboj
containing all provisions of Indian Penal Code & IT act 2000 related to pornography & child pornography. Prepared by Gunpreet kaur kamboj, law student of GNDU (asr) . if u like it then please like it or comment it...as i did alot of hardwork
2013-12-18 Digital Forensics and Child Pornography (inc. 1 hour ethics)Frederick Lane
This is a presentation I delivered to the Federal Defenders Program for the District of Indiana (N.D.) on December 18, 2013. It is a 6-hour CLE presentation covering the following topics: overview of the law of child pornography, methods of distribution, digital investigations, hash values, trial issues, and the ethics of client data.
This is a copy of my presentation at the 2013 VT Family Law Conference. This lecture discusses the growing importance of electronic evidence in divorce litigation, and provides suggestions on how to locate, recover, and preserve emails, social media posts, pictures, and computer files. It also covers the legal risks that attorneys and their clients face if they are too aggressive in pursuing electronic evidence.
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to the Joint Meeting of ISACA and IIA North Texas on January 12, 2017.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference
Presenter: Amelia Phillips, Highline Community College
E-discovery is defined as “gathering electronically stored information (ESI) for use in litigation”. At first glance, this appears to be a straightforward statement, but upon further examination one finds that it encompasses a broad range of items. Over 90% of documents produced by companies now are electronic. Older paper files have been converted to microfiche or PDF files. Add to this email, text messages, social media (yes, even the IRS has a Facebook page) and you have an idea of the amount of information that becomes this new term called “Big Data”. Terabytes of data will soon become petabytes of data. Are we ready? Are our students prepared for this new era? E-Discovery is a field that affects not only the lawyers, but the IT support staff, and how companies do business. In this talk you will be introduced to some of the new technology in the field such as predictive coding, forensic linguistics, and social media archiving. You will also be shown some of the new tools on the market that you can use in your classrooms to prepare your students and yourself for this fast evolving arena. What does a company need to do when a litigation hold is in place? What response needs to come from the legal staff, the IT support staff, the managers, and the average employee? How does this affect the BYOD (Bring Your Own Device) policies? Which comes first - employee privacy, freedom of information or corporate security? You will walk away from this talk with a methodology to incorporate this new topic into your curriculum. You will also be given ideas of how to make this affordable for your labs, what foundations your students need, and how to deliver this in a way that appeals to the business, IT or legal oriented student. This topic affects them all. Come and find out why this is something they need to be successful in tomorrow's market.
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...APNIC
APNIC General Counsel Craig Ng discusses legal cooperation to overcome jurisdictional and territorial limits in cybercrime investigations at the 33rd TWNIC IP OPM in Taipei, Taiwan, on 5 December 2019.
Data Privacy and Security in the Digital age Ukraine - Patrick BellUBA-komitet
Зустріч в рамках Комітету АПУ з питань телекомунікацій, інформаційних технологій та Інтернету з юристом з США Патріком М. Беллом щодо обговорення питань конфіденційності та безпеки даних, 26.07.2017, м.Київ
Courts are rapidly becoming a gold mine of information for private companies that re-sell case information for such purposes as credit, criminal record, and rental history checks. This session will address issues surrounding the use of court information for public purposes, including what information should be available to non-parties, who is responsible for ensuring its accuracy, whether courts should charge for access and on what basis, and how long information should be available?
Presented by EndCoder Denise Fouche, this presentation describes South Africa's legal response to cyber security threats, particularly in the banking industry.
We Know What You Did Last Summer (and Last Night) - ForgeRock Identity Live A...ForgeRock
Stacey Higginbotham - Journalist - As we add the internet to more devices, we're also making more information about ourselves available online. Not necessarily to the public, but to family, marketers, and even law enforcement. What are we sharing? With whom? And what should we do about it?
Current Privacy and Data Issues (for people who care about open data!)EmilyDShaw
Open data and privacy law often conflict. What issues are people discussing in the realm of privacy and government-held data? What can open data advocates do to increase access to government data when privacy is a concern?
Similar to 2013-12-06 Digital Forensics and Child Pornography (20)
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Introduction to AI for Nonprofits with Tapp Network
2013-12-06 Digital Forensics and Child Pornography
1. Digital Forensics and
Child Pornography
Frederick S. Lane
DE Assoc. of Criminal Defense Lawyers
Wilmington, DE
6 December 2013
www.FrederickLane.com
www.ComputerForensicsDigest.com
1
2. Seminar Overview
• Introduction and
Overview
• Digital Technology and
CP
• Digital Investigations
• Defending Child
Pornography Cases
www.FrederickLane.com
www.ComputerForensicsDigest.com
2
3. Introduction and Overview
• Background and
Expertise
• What Is Child
Pornography?
• Digital Technology and
the Spread of Child
Pornography
www.FrederickLane.com
www.ComputerForensicsDigest.com
3
4. Background and Expertise
• Attorney and Author of 7
Books
• Computer Forensics
Expert -- 15 years
• Over 100 criminal cases
• Lecturer on ComputerRelated Topics – 20+
years
• Computer user
(midframes, desktops,
laptops) – 35+ years
www.FrederickLane.com
www.ComputerForensicsDigest.com
4
5. What Is Child Pornography?
•
•
•
•
Federal Laws
State Laws
International Law
Determining Age of
Person Depicted
www.FrederickLane.com
www.ComputerForensicsDigest.com
5
6. Federal CP Laws
• 18 U.S.C. c. 110 – Sexual
Exploitation and Other Abuse
of Children
• 18 U.S.C. § 2251 – Production
• 18 U.S.C. § 2252 – Possession,
Distribution, and Receipt
• 18 U.S.C. § 2256 -- Definitions
www.FrederickLane.com
www.ComputerForensicsDigest.com
6
7. “Child Pornography”
18 U.S.C. § 2256(8): “any visual depiction, including
any photograph, film, video, picture, or computer or
computer-generated image or picture, whether made
or produced by electronic, mechanical, or other
means, of sexually explicit conduct, where—
(A) the production of such visual depiction
involves the use of a minor engaging in sexually
explicit conduct; [or]
(B) such visual depiction is a digital image,
computer image, or computer-generated image that is,
or is indistinguishable from, that of a minor engaging in
sexually explicit conduct; or
(C) such visual depiction has been created,
adapted, or modified to appear that an identifiable
minor is engaging in sexually explicit conduct.”
www.FrederickLane.com
www.ComputerForensicsDigest.com
7
8. Other Relevant Definitions
• “Minor” [18 U.S.C. § 2256(1)]: <18
• 18 U.S.C. § 2257: Record-keeping requirements
• “Sexually Explicit Conduct” [18 U.S.C. §
2256(2)(A)]:
• (i) sexual intercourse, including genital-genital, oral-genital,
anal-genital, or oral-anal, whether between persons of the
same or opposite sex;
• (ii) bestiality;
• (iii) masturbation;
• (iv) sadistic or masochistic abuse; or
• (v) lascivious exhibition of the genitals or pubic area of any
person.
• Slightly Different Definitions for Computer
Images [18 U.S.C. § 2256(2)(B)]
www.FrederickLane.com
www.ComputerForensicsDigest.com
8
9. NCMEC
• “National Center for Missing
and Exploited Children”
• Created by Congress in 1984
• Child Recognition and
Identification System –
database of hash values of CP
images
• Child Victim Identification
Program
www.FrederickLane.com
www.ComputerForensicsDigest.com
9
10. State CP Laws
• All 50 states have their own CP
laws
• Age of minority varies: 16 (30
states); 17 (9 states); and 18
(12 states)
• Prosecution can be federal or
state, or both.
• Can include “harmful to
minors” standard (states only)
www.FrederickLane.com
www.ComputerForensicsDigest.com
10
11. Delaware CP Laws
• DEL CODE § 1103 – Definitions
Relating to Children
• DEL CODE § 1108 – Sexual
Exploitation of a Child
• DEL CODE § 1109 – Dealing in Child
Pornography
• DEL CODE § 1110 – Subsequent
Convictions …
• DEL CODE § 1111 – Possession of
Child Pornography
www.FrederickLane.com
www.ComputerForensicsDigest.com
11
12. DEL CODE
1103
•
“Child”: Anyone under age of 18 or any individual intended to appear
<14.
•
“Prohibited Sexual Acts”:
• (1) Sexual intercourse;
• (2) Anal intercourse;
• (3) Masturbation;
• (4) Bestiality;
• (5) Sadism;
• (6) Masochism;
• (7) Fellatio;
• (8) Cunnilingus;
• (9) Nudity, if such nudity is to be depicted for the purpose of the sexual stimulation or
the sexual gratification of any individual who may view such depiction;
• (10) Sexual contact;
• (11) Lascivious exhibition of the genitals or pubic area of any child;
• (12) Any other act which is intended to be a depiction or simulation of any act described
in this subsection.
www.FrederickLane.com
www.ComputerForensicsDigest.com
12
13. International CP Laws
• Over last 7 years, 100 countries
have adopted new CP laws
• 53 countries still have no CP law
at all
• International Center for Missing
and Exploited Children
• 2012 Child Pornography Model
Laws: http://bit.ly/19eWJPz
www.FrederickLane.com
www.ComputerForensicsDigest.com
13
14. Determining Age
Is expert testimony need?
Tanner Stage: Outmoded?
Role of environmental factors
Bait and switch
Defendant’s subjective belief
is irrelevant
• Prosecutors prefer clear cases
•
•
•
•
•
www.FrederickLane.com
www.ComputerForensicsDigest.com
14
15. Digital Technology and CP
A Brief Background
Digital Production of CP
Digital Distribution of CP
Digital Consumption
(Receipt and Possession)
• Societal Changes
•
•
•
•
www.FrederickLane.com
www.ComputerForensicsDigest.com
15
16. A Brief Background
•
1978: Protection of Children Against Sexual
Exploitation Act
•
1982: New York v. Ferber – Upholding state
law banning child pornography
•
1984: Child Protection Act (prohibiting noncommercial distribution)
•
1992: Jacobson v. United States – Postal
Service entrapment
•
2000: Poehlman v. United States – FBI
entrapped defendant after lengthy email
correspondence
www.FrederickLane.com
www.ComputerForensicsDigest.com
16
17. Digital Production of CP
• Scanners
• Digital Cameras (still and
video)
• Cameraphones (dumb and
smart)
• Web cams
www.FrederickLane.com
www.ComputerForensicsDigest.com
17
18. Digital Distribution of CP
• One-to-One
• Sneakernet
• E-mail / Personal File-Sharing
• Instant Messaging / Chat Rooms
• One-to-Many
•
•
•
•
Newsgroups and Forums
Peer-to-Peer Networks
Torrent Networks / File-Hosting
Underground Web Sites
www.FrederickLane.com
www.ComputerForensicsDigest.com
18
19. Digital Consumption of CP
• Producer of CP may be in
possession without having
“received” it
• Defendant may be in “receipt” of
CP without “knowingly”
possessing it
• The challenges of determining
“intentionally” and “knowingly” in
the context of Internet activity
www.FrederickLane.com
www.ComputerForensicsDigest.com
19
20. Societal Changes
• Computers and the
Internet
• The Democratization of
Porn Production
• “Porn Chic”
• The “Selfie”
www.FrederickLane.com
www.ComputerForensicsDigest.com
20
21. Digital Investigations
• Discovery of Possible Child
Pornography
• The Role of IP Addresses
• Intro to Computer
Forensics
www.FrederickLane.com
www.ComputerForensicsDigest.com
21
22. Discovery of Possible CP
•
•
•
•
•
Angry Spouse or Girlfriend
Geek Squads
Chat Rooms
Hash Flags
P2P and Torrent
Investigations
• Server or Payment Logs
www.FrederickLane.com
www.ComputerForensicsDigest.com
22
23. Overview of IP Addresses
• Assigned to Every InternetConnected Device
• Two Flavors:
• IPv4: 196.172.0.1
• IPv6:
2001:0db8:85a3:0042:1000:8a2
e:0370:7334
• Leading to “Internet of Things”
www.FrederickLane.com
www.ComputerForensicsDigest.com
23
24. IP → Physical Address
• Ranges of IP Addresses
Assigned to ISPs by Internet
Assigned Numbers Authority
• Online Tools to Look Up ISP
• Dynamic vs. Static
• Subscriber Records Show
Date, Time, IP Address,
Limited Activity
www.FrederickLane.com
www.ComputerForensicsDigest.com
24
25. Limitations of IP Addresses
• Links Online Activity to
Device, Not Necessarily a
Specific User
• Data May Not Be Available
from ISP
• Possibility of War-Dialing
www.FrederickLane.com
www.ComputerForensicsDigest.com
25
27. Increasingly Specialized
• Computer Forensics
• Windows
• Mac OS
• Linux
• Network Forensics
• Mobile Forensics
• Dozens of Mobile OSs
• Hundreds of Models
• Cloud Forensics
• Many Questions, No Clear Answers
www.FrederickLane.com
www.ComputerForensicsDigest.com
27
29. A Typical Forensics Report
• There should be at least two
reports:
•
•
•
•
•
• Acquisition
• Evaluation of Evidence
Bowdlerized
Detailed procedures
Hash value checks
Bookmarks of possible contraband
Evidence of user ID
www.FrederickLane.com
www.ComputerForensicsDigest.com
29
30. Defending CP Cases
• Pre-Trial Issues
• Trial Issues
• Typical Defenses in CP
Cases [Some More Viable
than Others]
www.FrederickLane.com
www.ComputerForensicsDigest.com
30
31. Pre-Trial Issues
• Retaining a Defense Expert
• Deposition of Government
Experts
• Motion(s) to Produce
• Motion(s) to Suppress or
in limine
www.FrederickLane.com
www.ComputerForensicsDigest.com
31
32. Trial Issues
• Should There Be a
Trial?
• Motion(s) in limine
• Cross-Examination of
Government Expert
www.FrederickLane.com
www.ComputerForensicsDigest.com
32
33. Typical Defenses (1)
• Lack of Possession or Receipt
• Mere Browsing
• The Phantom Hash
• Accident or Lack of Intent
• Ignorance or Mistake as to Age
• Not a Real Child / Morphed /
Computer-Generated
www.FrederickLane.com
www.ComputerForensicsDigest.com
33
34. Typical Defenses (2)
• Multiple Persons with Access
to Device
• Used Equipment with PreExisting CP
• Viral Infection
• Planting of Evidence by Spouse
or Police
• Entrapment
www.FrederickLane.com
www.ComputerForensicsDigest.com
34
35. Slides and Contact Info
• Download a PDF of slides
from:
SlideShare.net/FSL3
• E-mail or Call Me:
FSLane3@gmail.com
802-318-4604
www.FrederickLane.com
www.ComputerForensicsDigest.com
35
36. Digital Forensics and
Child Pornography
Frederick S. Lane
DE Assoc. of Criminal Defense Lawyers
Wilmington, DE
6 December 2013
www.FrederickLane.com
www.ComputerForensicsDigest.com
36