Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
BITCOIN FORENSICS BY- APURV SINGH GAUTAM
• Bitcoin is a cryptocurrency • An attempt to bring back a DECENTRALISED currency of people • Not controlled by a Central ...
LOOKS
Example of Bitcoin
• A forensics investigator should know the Tech Architecture • All about BLOCKCHAIN • Currently no software tools is avail...
• Elliptic Curve Digital Signature Algorithm is used • ECDSA is used to generate a public key from the PrivKey • The PubKe...
• Type of distributed ledger • Stored data in blocks • Blocks contain digitally recorded data that is unchangeable • Linke...
• Bitcoin network is composed of PEERS connected to other PEERS over unencrypted TCP channels • Each peer attempts to main...
• Bitcoins don’t EXIST ANYWHERE, not even on a hard drive • For a Bitcoin Address there are no digital Bitcoins held again...
Search based On Block Number, Address, Block Hash, Transaction Hash or Public Key http://www.blockexplorer.com
http://www.blockexplorer.com/blocks
https://blockchain.info/stats
Bitcoin Core Wallet
Bitcoin Core/Bitcoin-QT Folder Structure
Bitcoin Core/Bitcoin-QT Folder Structure
Bitcoin Core/Bitcoin-QT Folder Analysis
• Blocks subdirectory – This subdirectory contains blockchain data and contains a “blk.dat” file and a “blocks/index” subd...
• System Info • Info about Logged Users • Registry Info • Remnants of Chats • Web browsing Activities • Recent Communicati...
• Look thoroughly through the transactions happening on Blockchain • Note down Bitcoin public addresses properly • Seize a...
Thank You
Bitcoin Forensics
Bitcoin Forensics
Bitcoin Forensics
Bitcoin Forensics
Bitcoin Forensics
Bitcoin Forensics
Bitcoin Forensics
Upcoming SlideShare
Loading in …5
×
Technology
893 views
Jan. 08, 2020

Bitcoin Forensics

This presentation tells about performing forensics on blockchain and bitcoin which was delivered at Null Pune chapter

no profile picture user

  • Be the first to comment

Bitcoin Forensics

  1. 1. BITCOIN FORENSICS BY- APURV SINGH GAUTAM
  2. 2. • Bitcoin is a cryptocurrency • An attempt to bring back a DECENTRALISED currency of people • Not controlled by a Central Bank • Works on Blockchain Technology What is Bitcoin ?
  3. 3. LOOKS
  4. 4. Example of Bitcoin
  5. 5. • A forensics investigator should know the Tech Architecture • All about BLOCKCHAIN • Currently no software tools is available • Everything is in Public and Private Key (Cryptography) How to Perform Forensics ??
  6. 6. • Elliptic Curve Digital Signature Algorithm is used • ECDSA is used to generate a public key from the PrivKey • The PubKey can be used to verify transactions signed using the PrivKey • 64-byte PubKeys are hashed down to 20-byte addresses • 20-byte hash formatted using base58 check to produce either a P2PKH or P2SH Bitcoin address Algorithm for Bitcoin
  7. 7. • Type of distributed ledger • Stored data in blocks • Blocks contain digitally recorded data that is unchangeable • Linked List is used in which each block contains hash of previous block What is BlockChain ??
  8. 8. • Bitcoin network is composed of PEERS connected to other PEERS over unencrypted TCP channels • Each peer attempts to maintain EIGHT outgoing connections to other peers • These eight peers are called ENTRY NODES • Transaction and Block messages are propagated in network by being Relayed through these ENTRY NODES to other peers How Bitcoin Network Works ??
  9. 9. • Bitcoins don’t EXIST ANYWHERE, not even on a hard drive • For a Bitcoin Address there are no digital Bitcoins held against that Address • One must reconstruct the balance of bitcoin by looking at the Blockchain • Everyone on the network knows about the TRANSACTION and the history can be traced back to the point where the BITCOINS were produced
  10. 10. Search based On Block Number, Address, Block Hash, Transaction Hash or Public Key http://www.blockexplorer.com
  11. 11. http://www.blockexplorer.com/blocks
  12. 12. https://blockchain.info/stats
  13. 13. Bitcoin Core Wallet
  14. 14. Bitcoin Core/Bitcoin-QT Folder Structure
  15. 15. Bitcoin Core/Bitcoin-QT Folder Structure
  16. 16. Bitcoin Core/Bitcoin-QT Folder Analysis
  17. 17. • Blocks subdirectory – This subdirectory contains blockchain data and contains a “blk.dat” file and a “blocks/index” subdirectory • “blk.dat” stores actual Bitcoin block dumped in raw format • The “blocks/index” subdirectory is a database that contains metadata about all known blocks • chainstate subdirectory – It is a database with a compact representation of all currently up spent transactions and some metadata about where the transactions originated • Database subdirectory – It contains database journaling files Bitcoin Core/Bitcoin-QT Folder Structure
  18. 18. • System Info • Info about Logged Users • Registry Info • Remnants of Chats • Web browsing Activities • Recent Communications • Info from Cloud Services Collection of Bitcoin Artifacts
  19. 19. • Look thoroughly through the transactions happening on Blockchain • Note down Bitcoin public addresses properly • Seize any Physical object that can connect to the Internet in addition to the Hard Drive • Bitcoins addresses can help in tracing the purchases Few Tips for an Investigator
  20. 20. Thank You

×