One of the many challenges of cryptocurrency investigations is the attribution of an address to an entity, an individual, or at times, a particular wallet on a system.
Extracting forensic artifacts from the disk and/or memory can not only enable attribution of cryptocurrency to specific users, but can also lead to the realisation of criminal funds through seed word and private key recovery.
This course will give a forensic investigator the skills to be able to decode, from hex, raw Bitcoin blocks and transactions, leading to the uncovering of micro-messages and the discovery of unique transaction identifiers that will support traditional block chain investigations.
In addition to detecting crypto artifacts on a disk, students will also be introduced to RAM analysis using Volatility to extract evidence from computer memory. this process will demonstrate how specific cryptocurrency artifacts can be attributed to specific users.
The current syllabus includes:
- Overview of key cryptocurrency concepts
- Understanding and Deconstruction of Bitcoin blocks
- Understanding and Deconstruction of Bitcoin transactions
- Legacy transactions
- Seg-wit transactions
- Multi-sig transactions
- Leveraging API’s for raw transaction data for alt coins
- Converting raw private keys into Wallet Input Format (WIF)
- Identifying and extracting bitcoin artifacts from disk
- extracting artifacts from malware/ransomware
- Using volatility to analyse RAM for cryptocurrency artifacts
- List running processes
- Enumerate network connections
- Extract process space from memory
- Investigate user activity
- Working on a live computer
- Extracting data from pcap files
Currently this is taught as an additional add on to our other investigating cryptocurrency courses. On online option will soon be avalivalbe. Contact us with the form below to register your interest.
1 Day Course — Cost – from £450 + VAT