Measurement, modeling, and analysis of a peer-to-peer file-sharing workload
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Privacy and Rationality in Individual Decision Making
IEEE Security and Privacy
Content availability, pollution and poisoning in file sharing peer-to-peer networks
Proceedings of the 6th ACM conference on Electronic commerce
Peer-to-Peer: Is Deviant Behavior the Norm on P2P File-Sharing Networks?
IEEE Distributed Systems Online
Understanding churn in peer-to-peer networks
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
I tube, you tube, everybody tubes: analyzing the world's largest user generated content video system
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
Supporting Law Enforcement in Digital Communities through Natural Language Analysis
IWCF '08 Proceedings of the 2nd international workshop on Computational Forensics
Collusive Piracy Prevention in P2P Content Delivery Networks
IEEE Transactions on Computers
Content availability and bundling in swarming systems
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Strengthening forensic investigations of child pornography on P2P networks
Proceedings of the 6th International COnference
Do incentives build robustness in bit torrent
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Unraveling the BitTorrent Ecosystem
IEEE Transactions on Parallel and Distributed Systems
Click Trajectories: End-to-End Analysis of the Spam Value Chain
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
On blind mice and the elephant: understanding the network impact of a large distributed system
Proceedings of the ACM SIGCOMM 2011 conference
Effective digital forensics research is investigator-centric
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Measuring pay-per-install: the commoditization of malware distribution
SEC'11 Proceedings of the 20th USENIX conference on Security
Dirty jobs: the role of freelance labor in web service abuse
SEC'11 Proceedings of the 20th USENIX conference on Security
Show me the money: characterizing spam-advertised revenue
SEC'11 Proceedings of the 20th USENIX conference on Security
Detecting pedophile activity in bittorrent networks
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Demystifying porn 2.0: a look into a major adult video streaming website
Proceedings of the 2013 conference on Internet measurement conference
Hi-index | 0.00 |
Peer-to-peer networks are the most popular mechanism for the criminal acquisition and distribution of child pornography (CP). In this paper, we examine observations of peers sharing known CP on the eMule and Gnutella networks, which were collected by law enforcement using forensic tools that we developed. We characterize a year's worth of network activity and evaluate different strategies for prioritizing investigators' limited resources. The highest impact research in criminal forensics works within, and is evaluated under, the constraints and goals of investigations. We follow that principle, rather than presenting a set of isolated, exploratory characterizations of users. First, we focus on strategies for reducing the number of CP files available on the network by removing a minimal number of peers. We present a metric for peer removal that is more effective than simply selecting peers with the largest libraries or the most days online. Second, we characterize six aggressive peer subgroups, including: peers using Tor, peers that bridge multiple p2p networks, and the top 10% of peers contributing to file availability. We find that these subgroups are more active in their trafficking, having more known CP and more uptime, than the average peer. Finally, while in theory Tor presents a challenge to investigators, we observe that in practice offenders use Tor inconsistently. Over 90% of regular Tor users send traffic from a non-Tor IP at least once after first using Tor.