Child Pornography Defense Forensics – Search Warrants – Part 1 of 8
August 28, 2019
Man with face in hand behind computer
Child Pornography Defense Forensics – ICAC Deconfliction – Part 3 of 8
August 28, 2019
Show all

Child Pornography Defense Forensics – ICAC Task Force – Part 2 of 8


The Internet Crimes Against Children Task Force Program is a national network ​of 61 coordinated task forces representing over 4,500 federal, state, and local law enforcement and prosecutorial agencies.  These agencies are continually engaged in proactive and reactive investigations and prosecutions of persons involved in child abuse and exploitation involving the I​nternet.  This group of law enforcement officers primarily work performing online investigations and do so with tools that are not law enforcement sensitive, but are difficult to obtain as they have tried to restrict their distribution.  A few of these tools were created by the University of Massachusetts.

Cases that come into the ICAC pipeline come from many sources such as:

  1. Other Law Enforcement (Foreign, Domestic, Interpol, CBP)
  2. Social Media Companies (Facebook, Instagram, Snapchat)
  3. Cloud Storage Providers (Dropbox, Google Drive, Amazon AWS, One Drive)
  4. National Center for Missing and Exploited Children

ICAC provides training to law enforcement personnel that apply for membership.  The process is a simple one and the majority of the training is available online.  The training topics taught on the ICAC Cops website is:

  1. Tracing IP Addresses
  2. Case Management
  3. Craigslist Investigations Part 2
  4. Craigslist Investigations Update Part 2
  5. Griffeye DI Analyze and Hubstream
  6. Griffeye DI Analyze Part 2
  7. Griffeye DI Analyze Part 3 Advanced
  8. Griffeye DI Analyze
  9. Interrogating Wireless Routers
  10. Interviewing Peer to Peer Child Porn Subjects
  11. IPv6 and Cyber Investigations
  12. Legal Update for ICAC Investigators
  13. Optimizing Undercover Investigations with Port Forwarding
  14. Roundup Ares A Forensic Perspective
  15. RoundUp eMule Update Webinar Part 2
  16. TCP IP Networking Port Forwarding and P2P Investigations

Most of these courses are less than an hour long and are designed to give an investigator an introduction into cases involving child pornography possession and distribution.

I have found from working on these types of cases for over 12 years that in almost all investigative files there is no mention of the referring agency.  If the receiving agency has the proper tools and resources to conduct an online investigation the typically follow a protocol similar to this:

  1. Online Investigation using a software tool
  2. Obtain a Search Warrant
  3. Execute Warrant and Seize digital devices
  4. Examine devices
  5. Submit files to a higher authority (CVIP, NCMEC)
  6. Make a recommendation to the prosecutor
  7. Charge Suspect

In other cases, the investigative agency will solicit the assistance of the Attorney General’s office, State Crime Lab, FBI or Regional Computer Forensics Labs among many others.  Be sure to obtain all discovery related to the referral, bench notes and case management.

You will find that many of the agencies working on digital crime cases have abandoned their standard operating procedures or failed to follow prescribed protocols.

I will continue to write more about Child Pornography Defense forensics and the failures to follow protocol in the next posting.