OSINT-Driven Child Protection Analysis
A structured investigation using open-source intelligence to detect, categorize, and geolocate child protection risks across global digital platforms. Powered by SQL-based temporal and geospatial analysis with an interactive Tableau-style dashboard.
Project Objective
Child exploitation online is a global crisis. The UN estimates 1 in 3 internet users is a child. Many face risks like CSAM, online grooming, and exploitation daily.
This project builds a reproducible analysis framework. It takes open-source intelligence (OSINT) from major platforms and international bodies. It structures the data into SQL tables. Analysts can then query by year and region.
Core data sources:
- UNICEF — annual reports on child online protection and Digital Citizenship Safety frameworks.
- United Nations (UN) — Sustainable Development Goal (SDG) indicators on violence against children (Target 16.2).
- ITU — Global Cybersecurity Index and Child Online Protection guidelines.
- Platform Transparency Reports — Meta, Google, and TikTok published enforcement data on child safety content removals.
- NCMEC — CyberTipline annual reports on CSAM reporting volumes by region.
- NGO Publications — ECPAT, Internet Watch Foundation (IWF), and Thorn research briefs on emerging threat patterns.
Honest limitation: The six data-banner figures and the 2024→2025 category growth rates for grooming (+158%) and trafficking (+323%) are directly sourced from published reports. Overall report totals for 2019 (16.9M), 2023 (36.2M), 2024 (20.5M), and 2025 (21.3M) are real. Pre-2024 category breakdowns and CSAM/harmful content rates are modeled estimates. The SQL architecture itself is production-ready. Apply this schema to a live CyberTipline data feed for operational use.
Data Schema & Query Architecture
1The original data
This project uses published statistics from two global child protection bodies. They publish annual reports with headline numbers and trend data — not raw databases.
NCMEC CyberTipline Report 2025
21.3M reports received. 61.8M files submitted. 1.4M enticement reports. YoY growth rates for grooming (+158%) and trafficking (+323%).
IWF Annual Data & Insights Report 2025
451K reports assessed. 311K confirmed CSAM. 317K new hashes added to blocklist. Geographic hosting breakdown by continent.
2What we pulled from each report
These reports don't give you a database — they give you PDFs and web pages. We extracted the key data points and structured them into tables.
| Data Point | Source | Maps To |
|---|---|---|
| Report date / year | NCMEC, IWF | incident_date |
| Category of abuse (CSAM, grooming, exploitation, harmful) | NCMEC, IWF | category |
| Geographic region | IWF hosting data | region_id → regions |
| Report volume / count | NCMEC, IWF | COUNT(*) aggregation |
| Verification status (confirmed vs reported) | IWF | is_verified |
| Source URL / report link | NCMEC, IWF | source_url |
3How it maps to tables
The extracted data lives in two tables linked by region. Each row in child_protection_cases is one data point from a published report.
CREATE TABLE statementsClick to expand
-- Table: regions (geographic lookup)
CREATE TABLE regions (
region_id INT PRIMARY KEY,
region_name VARCHAR(100) NOT NULL,
continent VARCHAR(100)
);
-- Table: child_protection_cases (fact table)
-- Each row = one data point from a published report
CREATE TABLE child_protection_cases (
case_id INT PRIMARY KEY,
incident_date DATE NOT NULL,
category VARCHAR(50) NOT NULL
CHECK (category IN ('csam','grooming','exploitation','harmful')),
severity_score DECIMAL(3,2), -- confidence/severity weight
is_verified BOOLEAN DEFAULT TRUE, -- confirmed by source?
region_id INT NOT NULL,
source_url TEXT, -- link to original report
FOREIGN KEY (region_id) REFERENCES regions(region_id)
);
-- Index: speeds up queries that filter by date + region
CREATE INDEX idx_incident_date_region
ON child_protection_cases (incident_date, region_id);Sample analytical queriesClick to expand
Query 1: Total reports by category and year
SELECT EXTRACT(YEAR FROM incident_date) AS year, category, COUNT(*) AS report_count FROM child_protection_cases WHERE is_verified = TRUE GROUP BY year, category ORDER BY year DESC, report_count DESC;
Query 2: YoY growth rate per region (2024 vs 2025)
WITH yearly AS (
SELECT
r.region_name,
EXTRACT(YEAR FROM c.incident_date) AS year,
COUNT(*) AS cnt
FROM child_protection_cases c
JOIN regions r ON c.region_id = r.region_id
WHERE c.is_verified = TRUE
AND c.category = 'grooming'
AND EXTRACT(YEAR FROM c.incident_date) IN (2024, 2025)
GROUP BY r.region_name, year
)
SELECT
region_name,
MAX(CASE WHEN year = 2024 THEN cnt END) AS reports_2024,
MAX(CASE WHEN year = 2025 THEN cnt END) AS reports_2025,
ROUND(
(MAX(CASE WHEN year = 2025 THEN cnt END) -
MAX(CASE WHEN year = 2024 THEN cnt END))
/ MAX(CASE WHEN year = 2024 THEN cnt END)::numeric * 100, 1
) AS yoy_growth_pct
FROM yearly
GROUP BY region_name
ORDER BY yoy_growth_pct DESC;Query 3: Dashboard SQL generator — the dynamic query
SELECT r.region_name AS location, EXTRACT(YEAR FROM i.incident_date) AS year, i.category, COUNT(*) AS report_count FROM child_protection_cases i JOIN regions r ON i.region_id = r.region_id WHERE i.incident_date BETWEEN '2019-01-01' AND '2025-12-31' AND i.is_verified = TRUE GROUP BY r.region_name, year, i.category ORDER BY year DESC, report_count DESC;
This is the same query generated by the "View SQL" toggle in the dashboard below. The year range and region filters change dynamically based on your selections.
4How the dashboard connects
The interactive dashboard below uses this same schema. The "View SQL" button generates a live query from your filter selections (year range + region). The charts and tables are what you'd get by running that query against a real database. Values marked sourced and published total are directly from NCMEC and IWF reports. Modeled values are interpolated from published trend narratives. Apply this architecture to a live CyberTipline dataset for production use.
Published Statistics & Trend Analysis
Select a year range and category to view the YoY % change.
21.3M
NCMEC CyberTipline Reports (2025)
NCMEC 2025 Report
61.8M
Files Submitted to NCMEC (2025)
NCMEC 2025 Report
451K
IWF Reports Assessed (2025)
IWF Annual Report 2025
311K
IWF Reports Confirmed as CSAM (2025)
IWF Annual Report 2025
317K
New CSAM Hashes Added by IWF (2025)
IWF Annual Report 2025
1.4M
Online Enticement Reports to NCMEC (2025)
NCMEC 2025 Report
Full Data — All Periods & Categories (YoY % Change)
| Period | CSAM Reports | Online Grooming | Exploitation | Harmful Content | Overall | Data Quality |
|---|---|---|---|---|---|---|
| 2019→2020 | +22% | +25% | +18% | +14% | +20% | Modeled |
| 2020→2021 | +15% | +22% | +20% | +12% | +16% | Modeled |
| 2021→2022 | +14% | +18% | +16% | +11% | +14% | Modeled |
| 2022→2023 | +16% | +12% | +14% | +10% | +14% | Total real |
| 2023→2024 | -5% | +14% | +22% | +12% | -43% | Total real |
| 2024→2025 | +2% | +158% | +323% | +5% | +4% | Sourced |
Click any row to jump to that period in Single View.
Methodology & Sources
- • Sourced = directly from NCMEC 2025 report. Values in emerald.
- • Published total = overall report volume is real, category breakdown is modeled. Values in lighter emerald.
- • Modeled = estimated from published trend narratives. Values in white/neutral.
- • NCMEC 2025: 21.3M reports, 61.8M files. Grooming +158%, trafficking +323% (YoY).
- • NCMEC 2024: 20.5M reports, ~63M files. (Source: NCMEC 2024 report via 2025 page archives)
- • NCMEC 2023: 36.2M reports. (Source: NCMEC 2024 page HTML comments)
- • NCMEC 2019: 16.9M reports. (Source: NCMEC data via Wikipedia)
- • IWF 2025: 451,210 assessed, 311,610 confirmed CSAM, 317,101 new hashes.
- • IWF 2024: 424,047 suspected, 291,273 confirmed CSAM, 729,696 imagery assessed.
- • 2023→2024 total (-43%) appears negative due to Meta report bundling change. Unique incidents declined 19% (36.2M→29.2M).
Key Findings — Based on Published Data
NCMEC Received 21.3 Million Reports in 2025
The CyberTipline processed 21.3M reports containing 61.8M images, videos, and files. 18.8M were referred to law enforcement. 77% of reports involved uploads outside the US.
Source: NCMEC CyberTipline Report 2025Online Enticement Surged 158% (2024→2025)
NCMEC received 1.4M online enticement reports in 2025. Financial sextortion averaged 137 reports per day — a 37% increase from 2024. Sadistic exploitation reports hit 3,000 (↑125%).
Source: NCMEC CyberTipline Report 2025IWF Confirmed 311,610 CSAM Reports in 2025
The Internet Watch Foundation assessed 451,210 reports. 311,610 were confirmed as containing or leading to CSAM. 317,101 new images and videos were added to the hash list.
Source: IWF Annual Data & Insights Report 2025Child Sex Trafficking Reports Rose 323%
The 2024 REPORT Act mandated trafficking reporting for the first time. 2025 data shows 323% more reports than 2024, revealing the true scale of online child sex trafficking across platforms.
Source: NCMEC CyberTipline Report 2025Sources & References
These are the actual reports used to inform this project. All headline figures in the verified data banner are directly sourced. Trend models apply published growth rates to baseline estimates.
NCMEC CyberTipline Report 2025 ⏤ Primary Data Source
21.3M reports received. 61.8M files submitted. 1.4M online enticement reports. 18.8M referrals to law enforcement. 323% increase in trafficking reports (YoY). Published 2026.
missingkids.org/cybertiplinedataIWF Annual Data & Insights Report 2025 ⏤ Primary Data Source
451,210 reports assessed. 311,610 confirmed as CSAM. 317,101 new hashes added. Geographic hosting analysis. AI-generated CSAM trends. Published 2026.
iwf.org.uk/annual-data-insights-report-2025UNICEF — Child Online Protection
Annual reports on violence against children, digital safety frameworks, and national response capacity. Framework reference for category definitions.
United Nations — SDG Target 16.2
Sustainable Development Goal indicators measuring violence against children, including online exploitation.
ITU — Child Online Protection (COP) Initiative
Global guidelines and national strategies for child safety in the digital environment.