Bittorrent Case Study

Download as pdf or txt
Download as pdf or txt
You are on page 1of 65

ICAC TASK FORCE

A BitTorrent Case Study


Detective Robert Erdely

Webinar Information
This webinar is supported by grant 2014-MC-FXK003, provided by the Office of Juvenile Justice and
Delinquency Prevention (OJJDP), and is brought to
you by the ICAC Training & Technical Assistance
Program. Points of view or opinions in this
document are those of the author and do not
necessarily represent the official position or policies
of the U.S. Department of Justice or Fox Valley
Technical College.
ICAC Training & Technical Assistance is a program
of the Fox Valley Technical College-National
Criminal Justice Training Center (NCJTC).

During the Webinar


All attendees will be muted.
If you desire to ask a question, please use
the questions section of the GoToWebinar
dialogue box, typically on the right side of
your screen.
Please do not raise your hand for
questions, we can not unmute you.
Questions will either be answered directly
by a panelist or asked to the presenter
who will answer.

Poll Questions
Poll questions may be asked during the
webinar. They are asked so we can better
understand the audience and provide the
most useful information to you.
As they will only be open a short period of
time, please respond promptly.

Post Webinar Information


At the conclusion of the webinar, a short survey will
appear. We ask that you complete the survey in an
effort to gather information to better serve the
community in preparation for future webinars. Please
complete it before signing off.

You will receive a link to access our law enforcement


only webinar library where you can view the recording
and access related webinar material. Due to the
sensitivity of some of the material you must be a
registered law enforcement member of the NCJTC.org
or ICACTaskforce.org websites. If you are not
currently a member, you will need to register for
access at www.ncjtc.org.

ICAC TASK FORCE


A BitTorrent Case Study
Detective Robert Erdely

Objectives
Identify the torrents to investigate
Configure Torrential Downpour /
Torrential Downpour Receptor
Research on ICACCops.com

WWW.ICACCOPS.COM/USERS

Illinois ICAC first identified 817e


Requested a list of all offenders with that
torrent
Conducted numerous investigations
Conducted polygraph interviews on the
same day as the search warrant
80% of the offenders admitted to a contact
offense.

Lookup available to find offenders

Click on IP to see the history

Click on Show Direct Connects

This Client is Firewalled

Click on Show Direct Connects

This Client is not Firewalled

Manually Target IP in Torrential Downpour

Just Download targets with specific


infohashes

But Why Limit Yourself

ICACCops can list your downloads


which my help other investigators

What about Torrential Downpour Receptor

BitTorrent Case Study


ONE

BT Receptor

BT History

BT Logs

Suspect Viewer/Logs

ISP Subscriber Info

ISP Subscriber Info

Deconfliction

Deconfliction

Deconfliction

Deconfliction

Social Media

Social Media

Surveillance

Surveillance

Search of Residence
Entry made at 7pm via knock and talk
approach
Children getting ready for bed

Wife out shopping


Suspect was home and in the office of the
home (as seen through the window before

entry
Subject was downloading CP upon entry

Search of Residence

Search of Residence

Search of Residence

Forensic Interview

Forensic Interview

Forensic Interview

Outcry of Abuse
Oldest No outcry of abuse but stated
that father seemed closer to the younger
sibling
Youngest Outcried to digital and oral
penetration

Re-Interview of Suspect
Subject confessed to the sexual abuse of
the child.
Sentenced to life in prison for Aggravated
Sexual Assault of a Child

BitTorrent Case Study


TWO

BT Receptor

BT History

Background
It was learned the suspect was a
babysitter and a childrens gymnastics
coach for several gyms.
Provided babysitting services in your
home for your convenience

Search Warrant Conducted


Subject had pawned his laptop at a local
pawn shop
Subject had pawned his tablet at another
(different) pawn shop

Computer Forensics
Over 6,000 images and videos located in
the recycle bin on the laptop
Evidence of torrent searching located
laptop and tablet

Computer Forensics

Computer Forensics
Subject found to possess images from
various gyms talked about making
forts with the children and abusing the
children while they hid in the forts from
the other children.
Images found to support this

Building Forts

Building Forts

Building Forts

Computer Forensics
Information was found about how he
would drug the children to get them
sleepy so he could abuse them.
Images that he took were found to
support this.

Computer Forensics

Computer Forensics
Over 15,000 images of CP found
Over 1,200 videos of CP found
Production evidence recovered

More Background Found

Case Information
Canvas to Gyms that he was involved with
as well as daycares was made, asking for
anyone with information to come forward.
4 victims have been identified so far
Case is pending a plea agreement

Contact Information
Robert Erdely
(484) 727-8283
Jeff Rich
(972) 941-2631

You might also like