Testing a hybrid risk assessment model: Predicting CSAM offender risk from digital forensic artifacts

Abstract

BackgroundRecent research argues for a formalized hybrid risk assessment model that combines the current online child sex abuse risk measures with digital forensics artifacts. ObjectiveWe conducted a feasibility study as an initial step toward formalizing the hybrid risk assessment model by identifying high-level digital forensic artifacts that have the potential to be valid and reliable indicators of risk, with a focus on CPORT Items 5, 6, and 7. DataLaw enforcement investigators from a High Tech Crime Unit (HTCU) randomly selected seven closed cases; selection criteria included: male offender over 18, mobile device, child sexual abuse material (CSAM) offense, and 2019–2023 index offense. Investigation details related to probable cause, final charges, conviction, and offender risk were not disclosed. Statistical information (f, %) for the following digital forensics artifacts was examined: 1) pornography collection (e.g., % of media, content type, gender ratio) and 2) evidence of networking/grooming and other problematic online activities (e.g., number of native messages vs. application messages; type of installed apps). MethodThe analysis predicted whether the offender was a CSAM-only or dual offender and if our findings agreed with the level of risk for reoffending suggested by CPORT Items 5, 6, and 7. Results were shared with the HTCU and scored for accuracy. ResultsThe hybrid model was accurate in 6 of 7 cases. ConclusionWe conclude a hybrid model is feasible, and the findings illustrate the importance of analyzing app artifacts for context. Study limitations and future research recommendations are discussed.