Investigating Cryptocurrencies

Understanding, Extracting, and Analyzing Blockchain Evidence
Standards Information Network (Verlag)
  • 1. Auflage
  • |
  • erschienen am 10. Mai 2018
  • |
  • 320 Seiten
E-Book | ePUB mit Adobe-DRM | Systemvoraussetzungen
978-1-119-48056-3 (ISBN)
Investigate crimes involving cryptocurrencies and other blockchain technologies

Bitcoin has traditionally been the payment system of choice for a criminal trading on the Dark Web, and now many other blockchain cryptocurrencies are entering the mainstream as traders are accepting them from low-end investors putting their money into the market. Worse still, the blockchain can even be used to hide information and covert messaging, unknown to most investigators.

Investigating Cryptocurrencies is the first book to help corporate, law enforcement, and other investigators understand the technical concepts and the techniques for investigating crimes utilizing the blockchain and related digital currencies such as Bitcoin and Ethereum.

Understand blockchain and transaction technologies
Set up and run cryptocurrency accounts
Build information about specific addresses
Access raw data on blockchain ledgers
Identify users of cryptocurrencies
Extracting cryptocurrency data from live and imaged computers
Following the money

With nearly $150 billion in cryptocurrency circulating and $3 billion changing hands daily, crimes committed with or paid for with digital cash are a serious business. Luckily, Investigating Cryptocurrencies Forensics shows you how to detect it and, more importantly, stop it in its tracks.
1. Auflage
  • Englisch
  • Newark
  • |
  • USA
John Wiley & Sons Inc
  • Für Beruf und Forschung
  • 19,54 MB
978-1-119-48056-3 (9781119480563)

weitere Ausgaben werden ermittelt
NICK FURNEAUX is a cybersecurity and forensics consultant specializing in cybercrime prevention and investigation for law enforcement and corporations throughout the United States, Europe, and Asia. He regularly speaks at industry conferences, including the F3 (First Forensic Forum), NPCC/ACPO Hi-Tech Crime conference, European Network Forensics and Security conference, many others.
Foreword xxi

Introduction xxiii

Part I Understanding the Technology 1

Chapter 1 What Is a Cryptocurrency? 3

A New Concept? 3

Leading Currencies in the Field 8

Is Blockchain Technology Just for Cryptocurrencies? 9

Setting Yourself Up as a Bitcoin User 10

Summary 14

Chapter 2 The Hard Bit 15

Hashing 16

Public/Private Key Encryption 21

RSA Cryptography 23

Elliptic Curve Cryptography 28

Building a Simple Cryptocurrency in the Lab 32

Summary 36

Chapter 3 Understanding the Blockchain 39

The Structure of a Block 40

The Block Header 42

Deconstructing Raw Blocks from Hex 47

Applying This to the Downloaded Hex 51

Number of Transactions 55

Block Height 57

Forks 58

The Ethereum Block 61

Summary 65

Chapter 4 Transactions 67

The Concept behind a Transaction 67

The Mechanics of a Transaction 69

Understanding the Mempool 76

Understanding the ScriptSig and ScriptPubKey 77

Interpreting Raw Transactions 79

Extracting JSON Data 81

Analyzing Address History 82

Creating Vanity Addresses 83

Interpreting Ethereum Transactions 85

Summary 86

Chapter 5 Mining 87

The Proof-of-Work Concept 89

The Proof-of-Stake Concept 90

Mining Pools 90

Mining Fraud 92

Summary 93

Chapter 6 Wallets 95

Wallet Types 96

Software Wallets 96

Hardware Wallets 97

Cold Wallets or Cold Storage 98

Why Is Recognizing Wallets Important? 99

Software Wallets 100

Hardware Wallets 100

Paper Wallets 100

The Wallet Import Format (WIF) 101

How Wallets Store Keys 102

Setting Up a Covert Wallet 105

Summary 107

Chapter 7 Contracts and Tokens 109

Contracts 109

Bitcoin 110

Ethereum 110

Tokens and Initial Coin Offerings 112

Summary 116

Part II Carrying Out Investigations 117

Chapter 8 Detecting the Use of Cryptocurrencies 119

The Premises Search 120

A New Category of Search Targets 121

Questioning 124

Searching Online 125

Extracting Private and Public Keys from Seized Computers 130

Commercial Tools 130

Extracting the Wallet File 131

Automating the Search for Bitcoin Addresses 135

Finding Data in a Memory Dump 136

Working on a Live Computer 137

Acquiring the Wallet File 138

Exporting Data from the Bitcoin Daemon 140

Extracting Wallet Data from Live Linux and OSX Systems 144

Summary 145

Chapter 9 Analysis of Recovered Addresses and Wallets 147

Finding Information on a Recovered Address 147

Extracting Raw Data from Ethereum 154

Searching for Information on a Specifi c Address 155

Analyzing a Recovered Wallet 161

Setting Up Your Investigation Environment 161

Importing a Private Key 166

Dealing with an Encrypted Wallet 167

Inferring Other Data 172

Summary 173

Chapter 10 Following the Money 175

Initial Hints and Tips 175

Transactions on 176

Identifying Change Addresses 177

Another Simple Method to Identify Clusters 181

Moving from Transaction to Transaction 182

Putting the Techniques Together 184

Other Explorer Sites 186

Following Ethereum Transactions 189

Monitoring Addresses 193 193 194

Writing Your Own Monitoring Script 194

Monitoring Ethereum Addresses 196

Summary 197

Chapter 11 Visualization Systems 199

Online Blockchain Viewers 199 200 201

Commercial Visualization Systems 214

Summary 215

Chapter 12 Finding Your Suspect 217

Tracing an IP Address 217

Bitnodes 219

Other Areas Where IPs Are Stored 226

Is the Suspect Using Tor? 228

Is the Suspect Using a Proxy or a VPN? 229

Tracking to a Service Provider 231

Considering Open-Source Methods 235

Accessing and Searching the Dark Web 237

Detecting and Reading Micromessages 241

Summary 244

Chapter 13 Sniffi ng Cryptocurrency Traffi c 245

What Is Intercept? 246

Watching a Bitcoin Node 247

Sniffi ng Data on the Wire 248

Summary 254

Chapter 14 Seizing Coins 255

Asset Seizure 256

Cashing Out 256

Setting Up a Storage Wallet 259

Importing a Suspect's Private Key 261

Storage and Security 263

Seizure from an Online Wallet 265

Practice, Practice, Practice 265

Summary 266

Chapter 15 Putting It All Together 267

Examples of Cryptocurrency Crimes 268

Buying Illegal Goods 268

Selling Illegal Goods 268

Stealing Cryptocurrency 269

Money Laundering 269

Kidnap and Extortion 270

What Have You Learned? 270

Where Do You Go from Here? 273

Index 275


"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"

Those 69 characters should be much more famous than they are. In the very first Bitcoin block, the enigmatic Satoshi Nakamoto, the inventor of Bitcoin, encoded that message in hexadecimal (see Figure Intro-1).

Figure Intro-1: Message in the Genesis block.

Either by design or coincidence (which seems unlikely), Satoshi both launched the first blockchain-based cryptocurrency and made the semi-covert statement as to the reasons for the development of his or her system (we do not definitively know the sex of Satoshi or even if Satoshi is an individual or a group). It seems that in Satoshi's view, the banks were failing, and his or her system could free people from the control of central banks and exchanges. On a cryptography mailing list, Satoshi wrote the following:

"You will not find a solution to political problems in cryptography.

Yes, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks like Napster, but pure P2P networks like Gnutella and Tor seem to be holding their own."


Although Satoshi wrote little about the Bitcoin system, the few comments on forums show that there was at least a small part of his or her motivation that wanted to enable people to step outside the traditional banking and currency systems.

Since those early days, Bitcoin has grown massively both in value and reach. Although at the time of writing, one could not assert that Bitcoin was a mainstream currency, it is certainly in the mainstream consciousness, regularly making headlines on conventional news channels and spawning thousands of column inches of editorial.

Aside from Bitcoin, hundreds of cryptocurrencies are now based on the blockchain concept. Some are very similar; others are trying to do things in very different ways. For example, although Ethereum is a cryptocurrency in its own right, it is based around a complex, programmable contract system. A transaction can include many contractual obligations and could be used for everything from buying a house to getting married. In fact, several couples have already embedded their marriage on the Bitcoin and Ethereum blockchains, including parts of their vows and links to an image of their marriage certificate. Blockchain technology is here to stay, and an investigation involving it is going to land on your desk soon, if it hasn't already.

Cryptocurrencies: Coming to a Lab near You

I've been working specifically in computer forensics and digital investigations for about 14 years. In that time, the equipment coming to the lab and the programs we have had to investigate have changed drastically. About 13 years ago, a computer investigation would focus almost solely on Internet activity in a web browser, perhaps some newsgroups or ICQ and, of course, good old e-mail. Fast-forward to 2018, and the equipment that lands on the check-in desk at the lab has changed beyond recognition. Most smartphones, such as the humble iPhone, have significantly more power and storage than the computers of the early 2000s, and instead of simply looking at visited websites, we now have encrypted chat, messaging programs that come in hundreds of flavors, and social media environments that are investigation centers in their own right, such as Facebook, Snapchat, and many others.

Throughout this time, criminals have continued to carry out nefarious deeds and have found ways to pay for illegal goods and acquire ill-gotten payments from the defrauded and unsuspecting. The problem for the 2005 criminal was the lack of options for sending or receiving monies in an anonymous, untraceable way. For example, criminals could easily carry out a "ransomware" attack where malware encrypts the victim's computer until money is paid and then they are "hopefully" provided with a decryption key. But to have the money sent to the criminal presented significant difficulties. You could publish a bank account number, but that's very hard to set up without ID, and when the money is transferred, the police can easily trace it and move in for the arrest. Because of these problems, criminals and criminal gangs took to setting up post-office (PO) boxes where money could be sent, but again, it was not difficult for the authorities to keep watch until someone turned up to collect the cash. Some went the route of using what amounted to cash mules, who would retain some percentage of the risk involved, adding a layer of misdirection to the payments and cutting into profits. The Internet, though, offered possibilities in the form of Western Union and PayPal, but those are also connected to real-world bank accounts, making it straightforward for the police to trace. I'm somewhat simplifying the methods used, but you get the idea: there was no easy way to pay or get paid without leaving a trail that is easily followed.

Then in January 2009, Satoshi launched the Bitcoin currency, based on a concept called the blockchain. This currency did not need any connections to the real-world banking system or require anyone to sign up to any central system-you could acquire a few bitcoin and pay for goods with seeming total anonymity. Add to this new ability the burgeoning underground marketplace the media loves to call the "dark web"-mostly because it has the word "dark" in it, which makes it sound mysterious, with a hint of evil. Of course, the dark web is anything but dark, with many legitimate services available to assist those in more restricted territories of the world to communicate and be informed online. It would be fair to say, though, that it certainly represents the rough side of town! Because of this association, Bitcoin became the bad guy of finance, and when a computer came into the lab with Bitcoin software on it, the owner was automatically viewed with significant suspicion.


I often see this attitude amongst investigators when it comes to anything that obfuscates computer communication or hides data. When investigating a computer with a VPN client on it, if storage encryption is turned on, a Tor client is installed, or even if a browser cache has been recently purged, the assumption is that the owner "must have something to hide." I regularly argue that many reasons exist why someone would have all or any of these software tools on their computer-they may have something to hide, but it's not actually illegal or they just value their right to privacy. Sadly, I'm usually wrong, and the computer owner generally does have something bad to hide-but it's nice to think the best of people, isn't it?

In recent years, Bitcoin has moved out of the figurative shadows of the dark web and into the light of mainstream commerce. It seems most owners of bitcoins are just holding them for investment as the bitcoin-to-dollar price fluctuates wildly, but generally in an upward direction. If you go to, you can see the bitcoin-to-dollar exchange rate from its inception in 2009 to now.

Although Bitcoin, Ethereum, and others could stand alone as a trading currency if enough traders accepted them, the reality is that even today, in 2018, what you can buy with a cryptocurrency is limited. Users wanted to be able to buy cryptocurrency with dollars and euros for use online and then sell coin that they had received for currency that they could use in Walmart, for example. To fill this void, currency exchanges began to pop up that would take your real-world money in exchange for commensurate Bitcoin. The process is the same as converting between any currencies. Head to an online site that offers conversion, pay your money by credit card or wire transfer, for example, and you will be credited with the Bitcoin or whatever currency you have asked for. As I discuss in this book, most sites have their own "wallet" system that stores your Bitcoin for you so you can then pay for goods using your coin directly from the website. This means that the company can both take your money and have access to your bitcoins.


The volatility of Bitcoin compared to its dollar value in 2017 and 2018, aligned with the growing fees involved to make a Bitcoin purchase, have led some economists to question Bitcoin's use as a currency, rather terming Bitcoin a crypto-asset. Time will tell if Bitcoin or another cryptocurrency manages to become widely available on the high street.

The problems have been significant. Anyone who knows anything about setting up a website that includes a bit of code to accept credit cards could set up a cryptocurrency exchange in very little time. A developer could construct a professional-looking interface, host it on servers in Belize, register it on the primary search engines, and wait for customers. Those customers give money to the website host who in turn transfers bitcoins into his or her wallet on the servers, waits until the wallet contains lots of money and bitcoins, and then quietly closes the door and tiptoes away. This happened early in the life of Bitcoin with the fraudulent Bitcoin Savings and Trust in 2012, and Global Bond Ltd in 2013.

Alternatively, the person who sets up this type of online payment might be completely legitimate but get hacked and lose all their...

Dateiformat: ePUB
Kopierschutz: Adobe-DRM (Digital Rights Management)


Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat ePUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Bitte beachten Sie bei der Verwendung der Lese-Software Adobe Digital Editions: wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!

Weitere Informationen finden Sie in unserer E-Book Hilfe.

Download (sofort verfügbar)

38,99 €
inkl. 7% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe-DRM
siehe Systemvoraussetzungen
E-Book bestellen