Bitcoin investigation and wallet seizure
Bitcoin investigation - and cryptocurrency investigations in general - benefit from access to a transparent ledger system - or blockchain - that investigators can directly monitor. There are many free tools for investigating transactions on the blockchain that are suitable for basic lookups of only a few addresses. We show the difference between a custodial wallet on an exchange (Coinbase) and a locally-installed wallet (Electrum).
00:00 Introduction
00:12 Cryptocurrency exchanges
00:25 Custodial wallet
00:50 Exchange wallet transaction information
01:13 Cryptocurrency ledger networks
01:46 Basic transaction tools online
02:15 Local cryptocurrency wallets
02:51 Electrum Bitcoin wallet
03:15 Bitcoin wallet vs address
03:34 Creating a new Bitcoin wallet - options
04:49 Bitcoin wallet Keystore - options
06:08 Important when seizing a wallet
06:20 Where can we find wallet info?
06:55 Unencrypted wallet
07:55 Encrypted wallet
08:18 What to do if encrypted?
08:58 Investigating cryptocurrency transactions
09:44 Combined transactions from an exchange
10:55 Forensic investigation approach and tips
11:34 Overview of wallet seizure and transaction information
12:04 Thank you, Patrons!
Transactions from an exchange normally occur within an overall exchange wallet rather than an individual user wallet. Getting access to the user's account either directly or through the exchange company will often give access to the assets associated with the account.
Thank you to all of our Patrons for sponsoring DFIR Science.
Especially The Ranting Geek. Thank you so much!
A local wallet, however, is controlled only by the wallet owner. The wallet has an associated master key and seed phrase that are useful for investigators. Each wallet can contain many Bitcoin (or other currency) addresses. Each Bitcoin address has a corresponding private key. Access to the private key would allow others to take over that Bitcoin address. Access to the private master key or see would allow others to take over the entire wallet. Look for private keys or seed phrases to seize a cryptocurrency wallet.
This video covers several cryptocurrency topics and tries to show how each topic is related. We then discuss cryptocurrency investigation from a digital forensic perspective. Seizing cryptocurrency addresses and wallets is possible. Ideally, an investigator would have access to an unencrypted wallet, which would provide all necessary information to seize all Bitcoin. Usually, however, an investigator will find an encrypted wallet and should consider live data forensics techniques, especially RAM acquisitions, as well as standard search and interrogation techniques.
https://bit.ly/2Ij9Ojc - π Subscribe for weekly videos
β€οΈ Get early access and bonus content - https://www.patreon.com/dfirscience
Links:
* https://www.coinbase.com/join/james_a81 (affillate)
* https://electrum.org
== Recommended Books ==
Investigating Cryptocurrencies: Understanding, Extracting, and Analyzing Blockchain Evidence (https://amzn.to/3r5jB4x)
Blockchain Bubble or Revolution: The Future of Bitcoin, Blockchains, and Cryptocurrencies (https://amzn.to/3zP3VGv)
#DFIR #Cryptocurrency #Bitcoin #Coinbase #Electrum
010001000100011001010011011000110110100101100101011011100110001101100101
Help make DFIR tutorials
π Subscribe β https://bit.ly/2Ij9Ojc
π Shop β https://swag.dfir.science
β€οΈ Patreon β https://www.patreon.com/dfirscience
πΈοΈ Blog β https://DFIR.Science
π€ Code β https://github.com/DFIRScience
π¦ Follow β https://www.twitter.com/DFIRScience
π° DFIR Newsletter β https://bit.ly/DFIRNews
010100110111010101100010011100110110001101110010011010010110001001100101
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing and will probably allow its use.
-
Category
No comments found