Using file and folder naming and structuring to improve automated detection of child sexual abuse images on the Dark Web

Authors

Bryce Westlake, San Jose State UniversityFollow
Enrique Guerra, Alumni

Publication Date

12-1-2023

Document Type

Article

Publication Title

Forensic Science International: Digital Investigation

Volume

47

DOI

10.1016/j.fsidi.2023.301620

Abstract

Increasing dissemination of child sexual abuse material (CSAM), especially on the Dark Web, has necessitated greater reliance on automated detection tools. These tools typically match images and videos to known CSAM databases, which is an ineffective method for identifying unknown CSAM. To identify potential complimentary methods, we analysed 162 unique known images, displayed 7289 times on 988 Dark Web websites, to determine if patterns in file/folder naming and structuring tendencies existed on websites. Overall, websites prioritised organisation (ease of access) over obfuscation (security) and hosted almost all images they displayed. File/folder names were commonly alphanumeric, however, there was evidence of sequence file naming patterns. Webpages displaying CSAM were explicitly named, often using underage and/or incest-related keywords. Structuring patterns revealed presence of website copies (mirrors) which can impede effective CSAM removal. Recommendations for supplementing automated detection techniques are discussed.

Keywords

Automated detection, Child sexual abuse material, Child sexual exploitation, Dark web, Hash values

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License

Department

Justice Studies

Recommended Citation

Bryce Westlake and Enrique Guerra. "Using file and folder naming and structuring to improve automated detection of child sexual abuse images on the Dark Web" Forensic Science International: Digital Investigation (2023). https://doi.org/10.1016/j.fsidi.2023.301620