This post will serve as a brief overview for forensic investigators on the importance of cryptocurrency traces and investigating cryptocurrency traces found on suspect devices. Cryptocurrency has grown tremendously over the last decade and has served as a new avenue for criminals to conduct transactions that are not regulated.
Cryptocurrency is encrypted data that acts as a unit of currency. It’s monitored by a blockchain. Blockchains serve as a secure ledger of transactions. Cryptocurrencies are decentralized, which means that governments or other financial institutions do not issue cryptocurrencies out [1].
.png?width=364&name=Cryptocurrency%20Traces%20(Twitter%20Post).png)
Cryptocurrencies are created through cryptographic algorithms that are maintained and confirmed through mining. Mining is where a network of computers process and validate the transactions. The process incentivizes the miners who run the network with the cryptocurrency [2]
What are Cryptocurrency Traces?
Cryptocurrency traces are just that. Traces that are found on a device that someone used cryptocurrency for their transactions. Cryptocurrency transactions such as the use of bitcoin have risen as the currency of the Darknet or online black market.
Cryptocurrency forensics involves investigating financial transactions on the blockchain. Crypto transactions are able to be traced because everything is recorded. Nothing that is done involving crypto is completely anonymous - it’s just hard to trace [3]
“Cryptocurrency addresses have specific formats that can be appropriated into search terms, including the use of regular expressions. A regular expression (shortened as regex) is a sequence of characters that specifies a search pattern. Usually, such patterns are used by string-searching algorithms for "find" or "find and replace" operations on strings, or for input validation. Using these early in an investigation can help uncover potential addresses of interest in your case and will be invaluable as the investigation proceeds” [4]
Why are Cryptocurrency Traces Important?
Cryptocurrency traces are important to investigators because they leave behind a trail of evidence for investigators to follow of how the suspect conducted their illegal transactions.
.png?width=187&name=Cryptocurrency%20Traces%20(2).png)
“Bitcoins are spent by creating a transaction to transfer the funds from one address to another. Every transaction has one or more input and one or more output – this means bitcoins can be sent to more than one address in a single transaction…This is of interest to an investigator as it can be assumed that one of the bitcoin address associated with an output of the transaction is also owned by the creator of the transaction.” [5]
Having a tool as a part of your forensic tool kit that can efficiently and effectively investigate cryptocurrency traces and the transactions conducted by a suspect can cut down an investigator’s time with a case.
Download the document on what Cryptocurrency Traces ADF tools investigate
