+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

Investigating Cryptocurrencies. Understanding, Extracting, and Analyzing Blockchain Evidence. Edition No. 1

  • Book

  • 320 Pages
  • August 2018
  • John Wiley and Sons Ltd
  • ID: 4434505

Investigate crimes involving cryptocurrencies and other blockchain technologies

Bitcoin has traditionally been the payment system of choice for a criminal trading on the Dark Web, and now many other blockchain cryptocurrencies are entering the mainstream as traders are accepting them from low-end investors putting their money into the market. Worse still, the blockchain can even be used to hide information and covert messaging, unknown to most investigators.

Investigating Cryptocurrencies is the first book to help corporate, law enforcement, and other investigators understand the technical concepts and the techniques for investigating crimes utilizing the blockchain and related digital currencies such as Bitcoin and Ethereum.

  • Understand blockchain and transaction technologies  
  • Set up and run cryptocurrency accounts
  • Build information about specific addresses
  • Access raw data on blockchain ledgers
  • Identify users of cryptocurrencies
  • Extracting cryptocurrency data from live and imaged computers
  • Following the money

With nearly $150 billion in cryptocurrency circulating and $3 billion changing hands daily, crimes committed with or paid for with digital cash are a serious business. Luckily, Investigating Cryptocurrencies Forensics shows you how to detect it and, more importantly, stop it in its tracks.

Table of Contents

Foreword xxi

Introduction xxiii

Part I Understanding the Technology 1

Chapter 1 What Is a Cryptocurrency? 3

A New Concept? 3

Leading Currencies in the Field 8

Is Blockchain Technology Just for Cryptocurrencies? 9

Setting Yourself Up as a Bitcoin User 10

Summary 14

Chapter 2 The Hard Bit 15

Hashing 16

Public/Private Key Encryption 21

RSA Cryptography 23

Elliptic Curve Cryptography 28

Building a Simple Cryptocurrency in the Lab 32

Summary 36

Chapter 3 Understanding the Blockchain 39

The Structure of a Block 40

The Block Header 42

Deconstructing Raw Blocks from Hex 47

Applying This to the Downloaded Hex 51

Number of Transactions 55

Block Height 57

Forks 58

The Ethereum Block 61

Summary 65

Chapter 4 Transactions 67

The Concept behind a Transaction 67

The Mechanics of a Transaction 69

Understanding the Mempool 76

Understanding the ScriptSig and ScriptPubKey 77

Interpreting Raw Transactions 79

Extracting JSON Data 81

Analyzing Address History 82

Creating Vanity Addresses 83

Interpreting Ethereum Transactions 85

Summary 86

Chapter 5 Mining 87

The Proof-of-Work Concept 89

The Proof-of-Stake Concept 90

Mining Pools 90

Mining Fraud 92

Summary 93

Chapter 6 Wallets 95

Wallet Types 96

Software Wallets 96

Hardware Wallets 97

Cold Wallets or Cold Storage 98

Why Is Recognizing Wallets Important? 99

Software Wallets 100

Hardware Wallets 100

Paper Wallets 100

The Wallet Import Format (WIF) 101

How Wallets Store Keys 102

Setting Up a Covert Wallet 105

Summary 107

Chapter 7 Contracts and Tokens 109

Contracts 109

Bitcoin 110

Ethereum 110

Tokens and Initial Coin Offerings 112

Summary 116

Part II Carrying Out Investigations 117

Chapter 8 Detecting the Use of Cryptocurrencies 119

The Premises Search 120

A New Category of Search Targets 121

Questioning 124

Searching Online 125

Extracting Private and Public Keys from Seized Computers 130

Commercial Tools 130

Extracting the Wallet File 131

Automating the Search for Bitcoin Addresses 135

Finding Data in a Memory Dump 136

Working on a Live Computer 137

Acquiring the Wallet File 138

Exporting Data from the Bitcoin Daemon 140

Extracting Wallet Data from Live Linux and OSX Systems 144

Summary 145

Chapter 9 Analysis of Recovered Addresses and Wallets 147

Finding Information on a Recovered Address 147

Extracting Raw Data from Ethereum 154

Searching for Information on a Specifi c Address 155

Analyzing a Recovered Wallet 161

Setting Up Your Investigation Environment 161

Importing a Private Key 166

Dealing with an Encrypted Wallet 167

Inferring Other Data 172

Summary 173

Chapter 10 Following the Money 175

Initial Hints and Tips 175

Transactions on Blockchain.info 176

Identifying Change Addresses 177

Another Simple Method to Identify Clusters 181

Moving from Transaction to Transaction 182

Putting the Techniques Together 184

Other Explorer Sites 186

Following Ethereum Transactions 189

Monitoring Addresses 193

Blockonomics.co 193

Bitnotify.com 194

Writing Your Own Monitoring Script 194

Monitoring Ethereum Addresses 196

Summary 197

Chapter 11 Visualization Systems 199

Online Blockchain Viewers 199

Blockchain.info 200

Etherscan.io 201

Commercial Visualization Systems 214

Summary 215

Chapter 12 Finding Your Suspect 217

Tracing an IP Address 217

Bitnodes 219

Other Areas Where IPs Are Stored 226

Is the Suspect Using Tor? 228

Is the Suspect Using a Proxy or a VPN? 229

Tracking to a Service Provider 231

Considering Open-Source Methods 235

Accessing and Searching the Dark Web 237

Detecting and Reading Micromessages 241

Summary 244

Chapter 13 Sniffi ng Cryptocurrency Traffi c 245

What Is Intercept? 246

Watching a Bitcoin Node 247

Sniffi ng Data on the Wire 248

Summary 254

Chapter 14 Seizing Coins 255

Asset Seizure 256

Cashing Out 256

Setting Up a Storage Wallet 259

Importing a Suspect’s Private Key 261

Storage and Security 263

Seizure from an Online Wallet 265

Practice, Practice, Practice 265

Summary 266

Chapter 15 Putting It All Together 267

Examples of Cryptocurrency Crimes 268

Buying Illegal Goods 268

Selling Illegal Goods 268

Stealing Cryptocurrency 269

Money Laundering 269

Kidnap and Extortion 270

What Have You Learned? 270

Where Do You Go from Here? 273

Index 275

Authors

Nick Furneaux