Research Article
Towards Efficient On-Site CSAM Triage by Clustering Images from a Source Point of View
@INPROCEEDINGS{10.1007/978-3-031-36574-4_2, author={Samantha Klier and Harald Baier}, title={Towards Efficient On-Site CSAM Triage by Clustering Images from a Source Point of View}, proceedings={Digital Forensics and Cyber Crime. 13th EAI International Conference, ICDF2C 2022, Boston, MA, November 16-18, 2022, Proceedings}, proceedings_a={ICDF2C}, year={2023}, month={7}, keywords={Digital Forensics Triage CSAM Clustering EXIF UMAP}, doi={10.1007/978-3-031-36574-4_2} }- Samantha Klier
Harald Baier
Year: 2023
Towards Efficient On-Site CSAM Triage by Clustering Images from a Source Point of View
ICDF2C
Springer
DOI: 10.1007/978-3-031-36574-4_2
Abstract
In digital forensics the Computer Forensics Field Triage Process Model (CFFTPM) addresses use cases, where an immediate on-site processing of digital evidence is necessary to impede ongoing severe criminal offences like child abuse, abduction or extortion. For instance in case of Child Sexual Abuse Material (CSAM) an instant in situ digital forensics investigation of seized devices may reveal digital traces to identify incriminated pictures produced by the suspect himself. In order to protect the victims from further violation the fast and reliable identification of such self produced CSAM files is of utmost importance, however, it is a non-trivial task. In this paper we propose an efficient and effective clustering method as part of the CFFTPM to identify self-produced incriminated images on-site. Our concept extends the classical hash-based identification of chargeable data and makes use of image metadata to cluster pictures according to their source. We successfully evaluate our approach on base of a publicly available image data set and show that our clustering even works in the presence of anti-forensics measures.
