The following is a sample affidavit.  Please use this only as a guideline when writting your own affidavit. 
(1) As a result of my training and experience, I am aware that computers are utilized by preferential sex 

offenders to produce, store and distribute child pornography. Computers enable preferential  sex offenders

to communicate with one another and afford anonymity when exchanging child pornographic images. 

Computers can also store images that have been sent to and/or received by others engaged in trading 

pornographic pictures. A modem allows computers to be linked through the use of telephone lines. By 

connection to the host computer attached to a dedicated network of  computers, electronic contact can be

made to millions of computers around the world. Commercial service providers such as America on line

(AOL) and others allow subscribers to dial a local telephone number to connect to a network which, in 

turn, connects to the host system. These service providers allow electronic mail services between 

subscribers and between subscribers of other networks. Some of these systems offer their subscribers the 

ability to communicate publicly or privately with each other in a real-time interactive communication called 

"chat rooms." Contact with others in this on-line (real-time) format can be either anonymously open, that is,

accessible to everyone who happens to be in that same chat room at the same time, or very private and 

personal in the form of person-to-person real-time interactive communication. This communication

structure is ideal for the preferential sex offender. Anonymous, open communication allows the user to

locate others of similar inclination while maintaining anonymity. Once contact is established, it is then

possible to send text messages and graphic images.

The computer's ability to store images in digital form makes it an ideal repository for pornographic 

images. A single disk can store dozens of images and hundreds of pages of text. The capacity of the

electronic storage device (the hard drive) in home computers has grown tremendously within the last 

several years. Drives widely in use now can store thousands of these images in very high resolution. In

addition, magnetic storage devices in host computers greatly expand the ability of the collector and

trafficker in child pornography to store a very large number of images remotely, making detection and

seizure more difficult. It is only with careful examination by computer experts of the electronic storage

devices that it is possible to recreate the evidence trail.

Subscribers to the service provided by America On Line and others are able to make up user names which

appear on the screen during communication with other subscribers. In most cases, the user name is not the

full and/or actual name of the person. The subscriber can fill out a descriptive profile corresponding to the

user name. The profile describes the interests and characteristics of the user but need not identify him  by

user name.

As described in this affidavit, computer hardware, software, and data are instrumentality's and evidence in

the commission of this crime. Based on my training and experience, I know that searching and seizing 

information from computers requires all electronic storage devices (along with related peripherals) to be 

searched later by qualified computer experts in a controlled environment. A search of computer records

will need to be conducted off-site. An off-site search is necessary because computer storage devices (like

hard disks, diskettes, tapes, laser disks) can store the equivalent of thousands of pages of information.

Additionally, a suspect may try to conceal criminal evidence; he/she might store it in random order with

deceptive file names. This may require searching authorities to examine all the stored data to determine

which particular files are evidence or instrumentality's of crime. This sorting process can take weeks or

months, depending upon the volume of data stored, and it would be impractical to attempt this kind of data

search on site. Further, searching computer systems for criminal evidence is a highly technical process

requiring expert skill and a properly controlled environment. The vast array of computer hardware and 

software available requires even computer experts to specialize in some systems and applications, so it is

difficult to know before a search which expert is qualified to analyze the system and its data. Data search

procedures are exacting scientific procedures designed to protect the integrity of the evidence and to

recover even "hidden", erased, compressed, password protected, or encrypted files. 

Since computer evidence is extremely vulnerable to inadvertent or intentional modification or destruction 

(both from external sources or from destructive code imbedded in the system as a "booby trap") a 

controlled environment is essential to its complete and accurate analysis. 

Based on my training and experience and consultation with technical computer experts, I know that

searching computerized information for evidence or instrumentality's of crime commonly requires the seizure

of all of a computer system's input/output peripheral devices (including related documentation, passwords, 

and security devices) so that a qualified computer expert can accurately retrieve the system's data in a 

controlled environment. Peripheral devices which allow users to enter and retrieve data from storage 

devices vary widely in their compatibility with other hardware and software. Many system storage devices 

require particular input/output devices inorder to read the data on the system.  It is important that the 

analyst be able to properly retrieve the evidence listed above. In addition, the analyst needs the relevant 

system software (operating systems, interfaces, and hardware drivers) any applications software which may

have been usedto create the data (whether stored on hard drives or on external media), as well as all 

related instruction manuals or other documentation and data security devices. 


Hardware: "The physical components or equipment that make up a computer system...." Webster's 
Dictionary of Computer Terms 170(3d ed. 1988). Examples include keyboards, monitors, and printer.

Software: "The programs or instructions that tell a computer what to do." Id. at 350. This includes system programs which control the internal operation of the computer system (such as Microsoft's Disk Operating System, "MS-DOS," that controls IBM-compatible PCs) and applications programs which enable the 
computer to produce useful work (e.g., a word processing program such as WordPerfect).

Data: "A formalized representation of facts or concepts suitable for communication, interpretation, or 
processing by people or by automatic means." Id. at 84. Data are often used to refer to the information 
stored in the computer.

input/output Device: A piece of equipment which sends data to, or receives data from, a computer. 
Keyboards, monitors, and printers are all common input/output devices.

Network: "A system of interconnected computer systems and terminals." Id. at 253.

(2) That on January 27th, 1998 I went onto the Internet Relay Chat system representing myself  as a 

XX-year-old boy/man. I went onto a channel titled, “#channel name”.  I am familiar with this channel and 

have received over 500 child pornographic images in the last twelve months over this channel. While on this

channel a subject using the screen name of  “insert screen name” requested to have a private chat with

me. This was accepted and the following conversation took place: 

                                                               Insert Chat Log

During the conversation the subject sent five image files. One image file, titled “photo name”,  was

purported to be of the suspect and shows (describe photograph). The other four image files, (titled

“*.jpg”, “*.jpg”, “*.jpg” and “*.jpg”),  all show nude adolescent males/females engaged in sexual acts

and/or the lewd exhibition of their genitals, which may or may not be child pornography. Image files titled

(name files), would in my opinion (see attached resume), constitute child pornography and will be 

described later in this affidavit (see item #5 ).

During the above conversation and when the image files were sent by the suspect using the screen 

name of  (subjects screen name),  the Internet Protocol Number was recorded as []. 

I checked this number and found the suspect is using Internet access services by a company called, 

(identify the Internet Service Provider).  The subjects Internet Relay Chat identifier was recorded 

as (list identifier of suspect). 

(3) The subject using the screen name of (insert screen name of suspect) also engaged in the following 

email correspondence using the email address of:  (suspects email address)

   Note: do not include undercover identities, email address or US Mail undercover information
   here, since many affidavits become public record.

(4) The subject using the screen name of (screen name of suspect) also engaged in contact over the ICQ

communication system. This system allows users to download software. This software is used to access the

system and users enter information about themselves. This information is not verified in any way. The

information entered by the user is published in a membership data bank.

This subject, using account number (account number) has the following information on file: 

                       insert information.

On January 1st, 1999 the following conversation took place over ICQ:

                                                          Insert Chat Log

During the above conversation the Internet Protocol Number used by the suspect was recorded 

as []. 

(5) The below listed image files sent by the suspect are of children under the age of eighteen 

(note:  check your state statute). The below listed photographs, in my opinion (see attached resume),

would constitute child pornography using the guidelines in  US v. Robert S. Dost and Edwin E. Wiegand 

United States District Court, S.D. California (June 12, 1986):

"...this Court feels that, in determining whether a visual depiction of a minor constitutes a 'lascivious exhibition of the genitals or pubic area' under 2255(2)(E), the trier of fact should look to the following
factors, among any others that may be relevant in the particular case:

1) whether the focal point of the visual depiction is on the child's
genitals or pubic area;

2) whether the setting of the visual depiction is sexually suggestive,
i.e., in a place or pose generally associated with sexual activity;

3) whether the child is depicted in an unnatural pose, or in
inappropriate attire, considering the age of the child;

4) whether the child is fully or partially clothed, or nude;

5) whether the visual depiction suggests sexual coyness or a
willingness to engage in sexual activity;

6) whether the visual depiction is intended or designed to elicit a
sexual response in the viewer."

"Of course a visual depiction need not involve all of these factors to be a 'lascivious exhibition of the genitals or pubic area.' The determination will have to be made based on the overall content of the visual depiction, taking into account the age of the minor."

"For example, consider a photograph depicting a young girl reclining or sitting on a bed with a portion of her genitals exposed. Whether this visual depiction contains a 'lascivious exhibition of the genitals' will depend on other aspects of the photograph. If, for example, she is dressed in a sexually seductive manner, with her open legs in the foreground, the photograph would most likely constitute a lascivious exhibition of the genitals. The combined effect of the setting, attire, pose, and emphasis on the genitals is designed to elicit a sexual response in the viewer, albeit perhaps not the 'average viewer', but perhaps in the pedophile viewer. On the other hand, if the girl is wearing clothing appropriate for her age and is sitting in an ordinary way for her age, the visual depiction may not constitute a 'lascivious exhibition' of the genitals, despite the fact that the genitals are visible."

(list child pornography here)

The following image files sent over the IRC system on January 1st, 1999:


This image file shows a photograph of a nude prepubertal male child who is laying back on a bed and who has an erection.


This image file shows a photograph of a nude prepubertal female child who is kneeling in front of a nude adult male and engaged in fellatio.


This image file shows a nude pubescent male child and a nude prepubertal female child engaged in actual and/or simulated sexual intercourse.


This image file shows a nude pubescent male child laying back on a couch, with his legs apart, revealing his genitals, perineum and his anal opening.

The following photographs sent over the ICQ system on January 1st, 1999:

A photograph sent via the ICQ system on January 1st, 1999 of a nude prepubertal male child who has an erection.

The following photographs were received over email on January 1st, 1999:

A photograph of two nude prepubertal female children engaged in cunnilingus and analingus.

(6) On June 22nd, 1998 I sent a subpoena to Internet Provider asking them to research which account was

using the Internet Protocol Number recorded in items #2 in this affidavit. The company replied back on

June 30th, 1998 and identified the account as belonging to: 

                                           Insert account information here

On July 2nd, 1998 I sent a subpoena to Internet Provider  asking them to identify the Internet Protocol 

Number history for the email account of The company replied on July 13th, 1998 and

identified the Internet Protocol Number history as requested. A check of these Internet Protocol Numbers

revealed that the account was being used by a subject with the same Internet service, (insert Internet

Provider name),  as noted above. 

On July 14th, 1999 a subpoena was sent to (insert Internet Provider name) asking them to check the

following Internet Protocol  Numbers and to identify which account was being used:

   01/01/99 1500HRS/EST
   01/01/99 1600HRS/EST
   01/20/99 1530HRS/EST

On July 25th, 1999 the company reported back that these Internet Protocol Numbers, noted above,  were

used by the account in the name of  (account holders name here). 

Note: This is followed with the rest of the documentation of the investigation. This, at a minimum, should include information to establish probable cause that a specific individual is using a computer at a particular address to commit crimes. 


The Internet Crimes Against Children website is maintained by the Keene Police Department Web Team.  Send comments or questions to: