High-Tech Crime Training Specialist SEARCH Group, Inc.
Ransomware containing embedded Child Sexual Abuse Material (CSAM) is an increasingly common problem for online child sexual exploitation investigators and examiners. The identification of malware on a device which contains embedded CSAM opens the door for a defense of “the malware did it.” This class will present a case study of a limited-scope examination of CSAM ransomware identified on an android device.
Discuss the impact of malware generally on CSAM investigations and forensic examinations
Specifically, discuss an android ransomware variant with embedded CSAM imagery frequently found by ICAC examiners
Discuss limited scope analysis of ransomware in ICAC investigations generally
Discuss/Demo several tools helpful in the examination of suspected malicious APK files