Cryptocurrencies are revolutionising the world of online transactions and contracts. This Cryptocurrencies for Investigators course focuses on the ability to fully investigate any cryptocurrency, not just bitcoin or Ethereum.

We will teach you the skills needed to understand the concepts behind a crypto currency, these can then be adapted to investigate any of the 1300+ coins available. By the end of the course you will not only be able to track transactions, but you will be able to identify addresses owned by the same person. You will understand the concepts behind the private public key relationship. We will also teach you how to find public keys, and most importantly private keys in certain situations.

The entire syllabus can be downloaded here: Cryptocurrencies for Investigators

A 4 day forensics course is also available on request.


  • Learn how to investigate cryptocurrencies for evidence
    • NOT just Bitcoin
    • NOT just about following address
  • A detailed description of hashing as it applies to cryptocurrencies, including the use of:
    • SHA256
    • Base58
  • A detailed understanding of blockchain cryptography including:
    • Public/Private Key encryption
    • RSA Cryptography
    • Elliptic Curve cryptography
  • Build, run and trade a pseudo-crypto currency (NickCoin!) in the classroom which will teach the basics of the distributed ledger, transactions, hashing and mining
  • Comprehensive understanding of the blockchain including:
    • Block structure
    • Block headers
    • Deconstructing blocks from raw hex
    • Hashing and Merkle Tree
    • Forks – Hard and Soft
    • Interpreting raw data from Bitcoin and Ethereum
  • Transactions
    • Pulling raw data via API’s
    • Breaking down a raw transaction
    • How Change works
    • How fees work
    • What is the Mempool
  • Mining – how it works
    • The Proof-Of-Work concept
    • The math’s behind it all
    • Pools
  • Wallets
    • Non-Deterministic
    • Deterministic
    • Hierarchical Deterministic Wallets (HD)
    • Hardware
    • Mobile Devices
    • Paper
  • Setting up a covert wallet – how does the criminal do it?
  • Scripting – Understanding
    • Bitcoin scripts
    • Ethereum Contracts
    • Tokens
    • ICO’s
  • Setting up a Wallet
    • Full node
  • Detecting the use of a cryptocurrency
    • Premises Search – What to look for
      • Paper based wallets
      • Hardware wallets
      • QR and Mnemonic Codes
  • OSI methods to locate addresses
  • Extracting information about a located adress
    • Using web based resources
    • Using an API to get the raw data
    • Time analysis
    • Searching for an address online
  • Extracting Private and Public keys (addresses) from seized computers
    • Searching a Computer for addresses
      • From an image
      • From RAM
      • Working on a live computer
    • Searching wallets for in backups
  • Opening and analyzing a recoverd wallet
    • Extracting all private and public keys
    • Discovering what keys have been used
      • Batch address look ups
    • Importing a third party public key
    • Cracking an encrypted wallet
  • Following a transaction through the blockchain manually
    • Using the Bitcoin Core console to interrogate the blockchain offline
    • Using API calls to access any raw blockchain data online
  • Advanced Clustering
    • Methods to identify addresses held by the same entity
  • Blockchain visualization systems
    • Online tools
      • Blockchain graph
      • Etherscan graph
    • Maltego
    • Numisight
  • Automatically monitoring addresses
  • IP address location and enumeration
    • IP’s logged in the blockchain
    • Crawling for IP addresses in full nodes
    • Are they using Tor
      • Mapping nodes against Tor IP’s
  • Tracking to a Service Provider
    • Currency exchanges
    • Tradera
    • Thin client server admins
  • Using Open Source Methods
    • Investigating on the open web
    • Getting on the dark web
  •  Extracting Address and Transaction data via an Intercept
    • Via Wifi monitoring
    • Via Wired Intercept
  • Detecting and decoding hidden micromessages
  • Methodology for seizing Coins using extracted Private Keys
  • Examples of crime
    • Money Laundering
    • Illegal purchases
    • Phishing
      • For private keys
      • For donations
  • Hacking
    • Change addresses on web site
  • ICO fraud
  • Scripting and possible vulnerabilities

During the course we will provide you with:

Course Maltego license

Some ‘nickcoin’

The course will end with a fantastic live practical which will combine all the skills you have learnt to investigate cryptocurrency.

Course cost from – £1550 + VAT

A 4 day forensics option is now available upon request.

Forthcoming Dates

May 9th to 11th 2022

parallax background

Book your Cryptocurrency for Investigators course using the form below:

    Your Name: (required)

    Your Email: (required)

    Number of places: (required)

    Starting date of course:
    Register Interest


    Your Message :