Man with face in hands behind computer
Child Pornography Defense Forensics – ICAC Task Force – Part 2 of 8
August 28, 2019
Man with face in hand behind computer
Child Pornography Defense Forensics – Child Victim Identification Program – Part 4 of 8
August 28, 2019
Man with face in hands behind computer
Child Pornography Defense Forensics – ICAC Task Force – Part 2 of 8
August 28, 2019
Man with face in hand behind computer
Child Pornography Defense Forensics – Child Victim Identification Program – Part 4 of 8
August 28, 2019
Show all

Child Pornography Defense Forensics – ICAC Deconfliction – Part 3 of 8

Man with face in hand behind computer

 

 

ICAC Cops is a website that can be used to search for IPs that have been designated as possibly hosting child pornography by specific geography.  The results of such searches display the IP addresses that have been previously entered into the ICAC Data Exchange from previous investigations by an automated process and function of the investigative software.

The site displays the IP address of suspects to the requestor based on geographies, but should not be used as fact, as the IP addresses it displays are based on a certain date and time in the past.

You may ask yourself; how does one get an IP address.  Internet Service Providers assign IP addresses to modems.  As an example, the modem at my home is a cable modem.  My local Internet Service provider is Comcast and when they installed my modem, they assigned it a public IP address.  This public IP address is what the rest of the world sees when I send data out of my network.  The IP address in most cases is assigned only for a limited time.  For instance, sometimes 3 days up to permanent.  Most home based modems do not have static IP addresses.  Therefore, the IP address changes on the interval prescribed by the internet service provider.

If John Doe has a cable modem with IP Address 74.139.50.51 and is being monitored by law enforcements child pornography detection tools, John Doe could be registered in the ICAC Cops database for life at that IP address.  If the internet service provider changes John Doe’s IP address and recycles his IP address by assigning it to a new customer Peter Rabbit it could result in Mr. Rabbit receiving a search warrant.  Now law enforcement usually sends the subpoena requests quickly after the online detection, but there is no way to guarantee that the address for the search warrant is correct without basing it off of a certain date and time.  I often see search warrants that do not seek the subscriber information based on a certain date and time and this could very well lead to the wrong person.

I have yet to see law enforcement provide as part of the investigative file the entries made into the ICAC Cops Deconfliction site.  This is critical to show that often law enforcement does not know whether or not someone has downloaded known child pornography material as the database does not show the files that were download.

I will continue to write more about Child Pornography Defense forensics.