Bitcoin investigation and wallet seizure
Ғылым және технология
Bitcoin investigation - and cryptocurrency investigations in general - benefit from access to a transparent ledger system - or blockchain - that investigators can directly monitor. There are many free tools for investigating transactions on the blockchain that are suitable for basic lookups of only a few addresses. We show the difference between a custodial wallet on an exchange (Coinbase) and a locally-installed wallet (Electrum).
00:00 Introduction
00:12 Cryptocurrency exchanges
00:25 Custodial wallet
00:50 Exchange wallet transaction information
01:13 Cryptocurrency ledger networks
01:46 Basic transaction tools online
02:15 Local cryptocurrency wallets
02:51 Electrum Bitcoin wallet
03:15 Bitcoin wallet vs address
03:34 Creating a new Bitcoin wallet - options
04:49 Bitcoin wallet Keystore - options
06:08 Important when seizing a wallet
06:20 Where can we find wallet info?
06:55 Unencrypted wallet
07:55 Encrypted wallet
08:18 What to do if encrypted?
08:58 Investigating cryptocurrency transactions
09:44 Combined transactions from an exchange
10:55 Forensic investigation approach and tips
11:34 Overview of wallet seizure and transaction information
12:04 Thank you, Patrons!
Transactions from an exchange normally occur within an overall exchange wallet rather than an individual user wallet. Getting access to the user's account either directly or through the exchange company will often give access to the assets associated with the account.
Thank you to all of our Patrons for sponsoring DFIR Science.
Especially The Ranting Geek. Thank you so much!
A local wallet, however, is controlled only by the wallet owner. The wallet has an associated master key and seed phrase that are useful for investigators. Each wallet can contain many Bitcoin (or other currency) addresses. Each Bitcoin address has a corresponding private key. Access to the private key would allow others to take over that Bitcoin address. Access to the private master key or see would allow others to take over the entire wallet. Look for private keys or seed phrases to seize a cryptocurrency wallet.
This video covers several cryptocurrency topics and tries to show how each topic is related. We then discuss cryptocurrency investigation from a digital forensic perspective. Seizing cryptocurrency addresses and wallets is possible. Ideally, an investigator would have access to an unencrypted wallet, which would provide all necessary information to seize all Bitcoin. Usually, however, an investigator will find an encrypted wallet and should consider live data forensics techniques, especially RAM acquisitions, as well as standard search and interrogation techniques.
bit.ly/2Ij9Ojc - 👍 Subscribe for weekly videos
❤️ Get early access and bonus content - / dfirscience
Links:
* www.coinbase.com/join/james_a81 (affillate)
* electrum.org
== Recommended Books ==
Investigating Cryptocurrencies: Understanding, Extracting, and Analyzing Blockchain Evidence (amzn.to/3r5jB4x)
Blockchain Bubble or Revolution: The Future of Bitcoin, Blockchains, and Cryptocurrencies (amzn.to/3zP3VGv)
#DFIR #Cryptocurrency #Bitcoin #Coinbase #Electrum
010001000100011001010011011000110110100101100101011011100110001101100101
Help make DFIR tutorials
👍 Subscribe → bit.ly/2Ij9Ojc
🛒 Shop → swag.dfir.science
❤️ Patreon → / dfirscience
🕸️ Blog → DFIR.Science
🤖 Code → github.com/DFIRScience
🐦 Follow → / dfirscience
📰 DFIR Newsletter → bit.ly/DFIRNews
010100110111010101100010011100110110001101110010011010010110001001100101
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing and will probably allow its use.
Пікірлер: 21
Hi. Going trough few of your videos and really informative. How can i reach you without my conversation public
Definitely tuned in for this series. Been meaning to look at local wallets for a while and this was really easy to understand. Cheers.
@DFIRScience
2 жыл бұрын
Thanks a lot. A few more in the works. Let mek ow of you have any specifc topis you'd like to see.
how did you know its coinbase ? how do we figure out the exchanges involved in the transactions ?
Great Job Josh! But when you Seize the wallets what does that take over look like? Thanks
@DFIRScience
2 жыл бұрын
If you seize a wallet it looks just like a normal wallet but you can transfer funds from any address. If you. Seize an address, you add the address to your wallet and can transfer funds only from that address. Basically it "looks" like a normal wallet. You just have transfer permissions.
That checkmate sticker 🔥
Very helpful video. Regarding the seed phrase, is it possible to search for them using software or regex for words not in an actual sentence? Say the phrase was hidden in a word doc etc with 100's of actual text. Thanks.
@DFIRScience
Жыл бұрын
Yes! You can search for all or part of a seed phrase. If it is in a docx file, you will need to pre-process the data to 'extract from zip' since docx files are compressed containers. But if you are just searching the disk, something like grep would work fine!
Are you available to hire?
Need e mail address for you or website thank you for giving me knowledge of bitcoin analysis
Let's take a look at NFT's Let's take a quarter. Place it on a 2"X2" Square use any of the 16 million colors as a background. Place the quarter heads up with the head straight up, take a picture. Look at the serrations on the corner, there are 119. Turn the quarter one seriation to the right. Take another picture. Do this 117 more times. 119 X 16 million equals 1904000000 individual NFTs. Each one selling, or being resold will create an individual block, to add to the blockchain. Do this from 1796 the first year the quarter was minted. Do this with all the recent State and commemorative quarters minted. Do this with all the dimes minted from 1796 to today. Take the quarter, or dime move it to the upper left corner touching the edges of the 2X2, each of these is it NFT, do this to the upper right corner. Lower left, and right corners. All of them are NFTs. Each will add a block to the blockchain. Each one will mine the blockchain.
@DFIRScience
2 жыл бұрын
Yup. Except the images are not an NFT. The token attached to the blockchain - that does not include the contents - are the NFT. That's a really important distinction to make in investigations. If we were investigating intellectual property theft, investigations would be based on the image contents and reproduction. The NFT might help with "custody" but the IP ownership and scope would need to be established before the NFT was created. This is especially true since anyone can steal IP and mint an NFT from it. Making all NFTs... kinda worthless since providence cannot be established. Other important consideration is offline transactions. If NFT custody changed hands offline, then there is no record in the blockchain (yet) which can cause some interesting IP situations.
Could you investigate where my money went? Over $93,000.00 I have all the addresses from the broker.
@DFIRScience
2 жыл бұрын
Contact me and I'll see what I can do: dfir.science/contact
It is seriously sickening how scammers can do this I'm so glad there are people like you *Adrian notch* fighting for everyone else
I can't imagine how hard it would be to decide to take on a moneygetback role of scammed persons. The history need to be remembered though and the help that was born through such pain and suffering. Mad respect to these. *Adriannotch* that take on these roles
I would like to sincerely thank you from the bottom of my heart! So many from tough harsh living conditions that suffer and you helping and giving them something that they desperately need just to survive. I thank God for wonderful people like you that are making the differences that truly matter most! God bless THE ADRIAN NOTCH !
Hi there I was wondering if there was email contact or how to contact you. Im trying to understand this bitcoin and follow on blockchain. Because I recently came across some evidence this week that a man im dating online has probably been scamming me for almost 3 years. Im just lost on what to do and want to make sure ..