Investigate crimes involving cryptocurrencies and other blockchain technologies
Bitcoin has traditionally been the payment system of choice for a criminal trading on the Dark Web, and now many other blockchain cryptocurrencies are entering the mainstream as traders are accepting them from low-end investors putting their money into the market. Worse still, the blockchain can even be used to hide information and covert messaging, unknown to most investigators.
Investigating Cryptocurrencies is the first book to help corporate, law enforcement, and other investigators understand the technical concepts and the techniques for investigating crimes utilizing the blockchain and related digital currencies such as Bitcoin and Ethereum.
- Understand blockchain and transaction technologies
- Set up and run cryptocurrency accounts
- Build information about specific addresses
- Access raw data on blockchain ledgers
- Identify users of cryptocurrencies
- Extracting cryptocurrency data from live and imaged computers
- Following the money
With nearly $150 billion in cryptocurrency circulating and $3 billion changing hands daily, crimes committed with or paid for with digital cash are a serious business. Luckily, Investigating Cryptocurrencies Forensics shows you how to detect it and, more importantly, stop it in its tracks.
Table of Contents
Foreword xxi
Introduction xxiii
Part I Understanding the Technology 1
Chapter 1 What Is a Cryptocurrency? 3
A New Concept? 3
Leading Currencies in the Field 8
Is Blockchain Technology Just for Cryptocurrencies? 9
Setting Yourself Up as a Bitcoin User 10
Summary 14
Chapter 2 The Hard Bit 15
Hashing 16
Public/Private Key Encryption 21
RSA Cryptography 23
Elliptic Curve Cryptography 28
Building a Simple Cryptocurrency in the Lab 32
Summary 36
Chapter 3 Understanding the Blockchain 39
The Structure of a Block 40
The Block Header 42
Deconstructing Raw Blocks from Hex 47
Applying This to the Downloaded Hex 51
Number of Transactions 55
Block Height 57
Forks 58
The Ethereum Block 61
Summary 65
Chapter 4 Transactions 67
The Concept behind a Transaction 67
The Mechanics of a Transaction 69
Understanding the Mempool 76
Understanding the ScriptSig and ScriptPubKey 77
Interpreting Raw Transactions 79
Extracting JSON Data 81
Analyzing Address History 82
Creating Vanity Addresses 83
Interpreting Ethereum Transactions 85
Summary 86
Chapter 5 Mining 87
The Proof-of-Work Concept 89
The Proof-of-Stake Concept 90
Mining Pools 90
Mining Fraud 92
Summary 93
Chapter 6 Wallets 95
Wallet Types 96
Software Wallets 96
Hardware Wallets 97
Cold Wallets or Cold Storage 98
Why Is Recognizing Wallets Important? 99
Software Wallets 100
Hardware Wallets 100
Paper Wallets 100
The Wallet Import Format (WIF) 101
How Wallets Store Keys 102
Setting Up a Covert Wallet 105
Summary 107
Chapter 7 Contracts and Tokens 109
Contracts 109
Bitcoin 110
Ethereum 110
Tokens and Initial Coin Offerings 112
Summary 116
Part II Carrying Out Investigations 117
Chapter 8 Detecting the Use of Cryptocurrencies 119
The Premises Search 120
A New Category of Search Targets 121
Questioning 124
Searching Online 125
Extracting Private and Public Keys from Seized Computers 130
Commercial Tools 130
Extracting the Wallet File 131
Automating the Search for Bitcoin Addresses 135
Finding Data in a Memory Dump 136
Working on a Live Computer 137
Acquiring the Wallet File 138
Exporting Data from the Bitcoin Daemon 140
Extracting Wallet Data from Live Linux and OSX Systems 144
Summary 145
Chapter 9 Analysis of Recovered Addresses and Wallets 147
Finding Information on a Recovered Address 147
Extracting Raw Data from Ethereum 154
Searching for Information on a Specifi c Address 155
Analyzing a Recovered Wallet 161
Setting Up Your Investigation Environment 161
Importing a Private Key 166
Dealing with an Encrypted Wallet 167
Inferring Other Data 172
Summary 173
Chapter 10 Following the Money 175
Initial Hints and Tips 175
Transactions on Blockchain.info 176
Identifying Change Addresses 177
Another Simple Method to Identify Clusters 181
Moving from Transaction to Transaction 182
Putting the Techniques Together 184
Other Explorer Sites 186
Following Ethereum Transactions 189
Monitoring Addresses 193
Blockonomics.co 193
Bitnotify.com 194
Writing Your Own Monitoring Script 194
Monitoring Ethereum Addresses 196
Summary 197
Chapter 11 Visualization Systems 199
Online Blockchain Viewers 199
Blockchain.info 200
Etherscan.io 201
Commercial Visualization Systems 214
Summary 215
Chapter 12 Finding Your Suspect 217
Tracing an IP Address 217
Bitnodes 219
Other Areas Where IPs Are Stored 226
Is the Suspect Using Tor? 228
Is the Suspect Using a Proxy or a VPN? 229
Tracking to a Service Provider 231
Considering Open-Source Methods 235
Accessing and Searching the Dark Web 237
Detecting and Reading Micromessages 241
Summary 244
Chapter 13 Sniffi ng Cryptocurrency Traffi c 245
What Is Intercept? 246
Watching a Bitcoin Node 247
Sniffi ng Data on the Wire 248
Summary 254
Chapter 14 Seizing Coins 255
Asset Seizure 256
Cashing Out 256
Setting Up a Storage Wallet 259
Importing a Suspect’s Private Key 261
Storage and Security 263
Seizure from an Online Wallet 265
Practice, Practice, Practice 265
Summary 266
Chapter 15 Putting It All Together 267
Examples of Cryptocurrency Crimes 268
Buying Illegal Goods 268
Selling Illegal Goods 268
Stealing Cryptocurrency 269
Money Laundering 269
Kidnap and Extortion 270
What Have You Learned? 270
Where Do You Go from Here? 273
Index 275