"This book is smart, readable and scary too." (Irish Tech News, August 2018)

Foreword xxiIntroduction xxiiiPart I Understanding the Technology 1Chapter 1 What Is a Cryptocurrency? 3A New Concept? 3Leading Currencies in the Field 8Is Blockchain Technology Just for Cryptocurrencies? 9Setting Yourself Up as a Bitcoin User 10Summary 14Chapter 2 The Hard Bit 15Hashing 16Public/Private Key Encryption 21RSA Cryptography 23Elliptic Curve Cryptography 28Building a Simple Cryptocurrency in the Lab 32Summary 36Chapter 3 Understanding the Blockchain 39The Structure of a Block 40The Block Header 42Deconstructing Raw Blocks from Hex 47Applying This to the Downloaded Hex 51Number of Transactions 55Block Height 57Forks 58The Ethereum Block 61Summary 65Chapter 4 Transactions 67The Concept behind a Transaction 67The Mechanics of a Transaction 69Understanding the Mempool 76Understanding the ScriptSig and ScriptPubKey 77Interpreting Raw Transactions 79Extracting JSON Data 81Analyzing Address History 82Creating Vanity Addresses 83Interpreting Ethereum Transactions 85Summary 86Chapter 5 Mining 87The Proof-of-Work Concept 89The Proof-of-Stake Concept 90Mining Pools 90Mining Fraud 92Summary 93Chapter 6 Wallets 95Wallet Types 96Software Wallets 96Hardware Wallets 97Cold Wallets or Cold Storage 98Why Is Recognizing Wallets Important? 99Software Wallets 100Hardware Wallets 100Paper Wallets 100The Wallet Import Format (WIF) 101How Wallets Store Keys 102Setting Up a Covert Wallet 105Summary 107Chapter 7 Contracts and Tokens 109Contracts 109Bitcoin 110Ethereum 110Tokens and Initial Coin Offerings 112Summary 116Part II Carrying Out Investigations 117Chapter 8 Detecting the Use of Cryptocurrencies 119The Premises Search 120A New Category of Search Targets 121Questioning 124Searching Online 125Extracting Private and Public Keys from Seized Computers 130Commercial Tools 130Extracting the Wallet File 131Automating the Search for Bitcoin Addresses 135Finding Data in a Memory Dump 136Working on a Live Computer 137Acquiring the Wallet File 138Exporting Data from the Bitcoin Daemon 140Extracting Wallet Data from Live Linux and OSX Systems 144Summary 145Chapter 9 Analysis of Recovered Addresses and Wallets 147Finding Information on a Recovered Address 147Extracting Raw Data from Ethereum 154Searching for Information on a Specifi c Address 155Analyzing a Recovered Wallet 161Setting Up Your Investigation Environment 161Importing a Private Key 166Dealing with an Encrypted Wallet 167Inferring Other Data 172Summary 173Chapter 10 Following the Money 175Initial Hints and Tips 175Transactions on Blockchain.info 176Identifying Change Addresses 177Another Simple Method to Identify Clusters 181Moving from Transaction to Transaction 182Putting the Techniques Together 184Other Explorer Sites 186Following Ethereum Transactions 189Monitoring Addresses 193Blockonomics.co 193Bitnotify.com 194Writing Your Own Monitoring Script 194Monitoring Ethereum Addresses 196Summary 197Chapter 11 Visualization Systems 199Online Blockchain Viewers 199Blockchain.info 200Etherscan.io 201Commercial Visualization Systems 214Summary 215Chapter 12 Finding Your Suspect 217Tracing an IP Address 217Bitnodes 219Other Areas Where IPs Are Stored 226Is the Suspect Using Tor? 228Is the Suspect Using a Proxy or a VPN? 229Tracking to a Service Provider 231Considering Open-Source Methods 235Accessing and Searching the Dark Web 237Detecting and Reading Micromessages 241Summary 244Chapter 13 Sniffi ng Cryptocurrency Traffi c 245What Is Intercept? 246Watching a Bitcoin Node 247Sniffi ng Data on the Wire 248Summary 254Chapter 14 Seizing Coins 255Asset Seizure 256Cashing Out 256Setting Up a Storage Wallet 259Importing a Suspect's Private Key 261Storage and Security 263Seizure from an Online Wallet 265Practice, Practice, Practice 265Summary 266Chapter 15 Putting It All Together 267Examples of Cryptocurrency Crimes 268Buying Illegal Goods 268Selling Illegal Goods 268Stealing Cryptocurrency 269Money Laundering 269Kidnap and Extortion 270What Have You Learned? 270Where Do You Go from Here? 273Index 275

NICK FURNEAUX is a cybersecurity and forensics consultant specializing in cybercrime prevention and investigation for law enforcement and corporations throughout the United States, Europe, and Asia. He regularly speaks at industry conferences, including the F3 (First Forensic Forum), NPCC/ACPO Hi–Tech Crime conference, European Network Forensics and Security conference, many others.

An Essential Guide to the Tools and Techniques of Cryptocurrency Forensics

Cryptocurrency is exploding in popularity. Once relegated to the Dark Web and used primarily for illicit activities, virtual currencies such as Bitcoin and Ethereum are now being used as investments and in more mainstream transactions. As major banks keep close watch, these currencies are gaining ground, with all signs pointing toward expansion in use and accessibility. There is currently $150 billion in circulating cryptocurrency, with $3 billion changing hands daily yet none of this can be traced by normal means. Investigating Cryptocurrencies provides cyber and financial investigators with the necessary background, techniques, and methodologies to break through the blockchain "lockdown" and investigate crimes involving cryptocurrency transactions.

Globally recognized cybersecurity and forensics expert Nick Furneaux demystifies blockchain technology and gives investigators who are entering this new playing field practical guidance. By linking the familiar investigative workflow with essential tools and techniques that are specific to cryptocurrency forensics, Furneaux has compiled a complete playbook for all major stages of an investigation. Topics discussed in this book include cryptocurrency detection, blockchain visualization, address and transaction extraction, micromessage detection, and much more. Real–world tools and techniques give readers insight into the practices used by criminals. With cryptocurrencies rapidly advancing into the mainstream and bringing outside crime into the cybersecurity realm, this book provides the critical information that forensics professionals will need to remain effective as currency moves online.

With step–by–step instruction bolstered by in–depth explanations and expert perspective, Investigating Cryptocurrencies will help you:

• Develop a deeper understanding of blockchain and transaction technologies
• Set up and run a cryptocurrency account
• Access raw data on blockchain ledgers
• Track transactions and build information on specific addresses
• Identify the real–world users behind a transaction
• Understand "coin" seizure methodology
• Use appropriate technology and techniques during investigations