The world of Blockchain and Cryptocurrencies is undeniably amazing and has infinity to explore at hands.Recently I took on a 4 hour session at the prestigious Central Bureau of Investigations,CBI Academy ,Ghaziabad, vide Indian Technical and Economic Cooperation Programme organised by Ministry of External Affairs , to cover right from scratch to overview of mechanics and architecture of how this world works.Sharing here the presentation for info and awareness of anyone who is interested to take a dip in this domain and related cyber crime activities.

1. By : ANUPAM TIWARIanupamtiwari@protonmail.com
Indian Technical & Economic Cooperation
Programme

2. The views expressed in this
presentation are Mere Apne.
Reference to any specific products,
process ,or service do not
necessarily constitute or imply
endorsement, recommendation, or
views of Min of Def or any Govt
All images used are for illustrative
purposes only & Do not
promote any specific product

3. anupamtiwari@protonmail.com
https://about.me/anupam.tiwari

7. Ask for a BREAK FROM CLASS, whenever
YOU FEEL SLEEPY

8. Ask Me Anything, Anytime

10. The presentation is mostly
technical

14. How
Many
of you
have
Heard
the term
BLOCKCHAIN
& BITCOIN?

22. CRYPTOCURRENCY IS AN ATTEMPT
TO BRING BACK A DECENTRALISED
CURRENCY OF PEOPLE, ONE THAT IS NOT
SUBJECT TO INFLATIONARY MOVES BY
A CENTRAL BANK

23. No
Government
Intervention

29. Name used by the
unknown person who
designed BITCOIN
and created its
original reference
implementation
SATOSHI
NAKAMOTO
कह ाँ गय ,उसे ढूंढो

35. AS OF 10TH March 2018
1 BITCOIN IS WORTH
7400$
SOURCE : https://blockchain.info/charts/n-transactions

36. 2 8 0 4 6 7
SOURCE : https://blockchain.info/charts/n-transactions

42. ANONYMITY
VS
PSEUDONYMITY
Mark TwainSamuel Clemens
public key addresses similar in function to an
email address, are used to send and receive
Bitcoins and record transactions, as opposed
to personally identifying information.

45. More DETAILS an Investigator
KNOWS about the TECH
ARCHITECTURE, the CLOSER
he gets to CLOSE the CASE

51. ‫كلمتان‬

52. MATHEMATICALLY LINKED BOGIES
GENESIS BLOCK ie 1st BLOCK
BLOCK 2 BLOCK 3 BLOCK 4 BLOCK 5 BLOCK 6 BLOCK 7 BLOCK 8

53. Before we dwell into
DETAILS, we will LEARN
and REFRESH some basic
TECHNICAL jargons

56. FIRST

58. Hash function takes an input
and returns a fixed-size
alphanumeric string.

63. MERKLE TREE

64. SECOND

68. BASICALLY CHUNKS OF INFO
THAT CAN BE USED TO
MATHEMATICAL
GUARANTEE ABOUT MESSAGES

70. THIRD

73. Peer-to-
Peer (P2P)
network is
created when
two or
more PCs are
connected &
share
resources
without
going through a
separate
server
computer

74. FOURTH

75. GLOBAL EXCEL SHEET

76. Distributed Ledger is a Consensus of
Replicated, Shared & Synchronized
digital data geographically spread across
multiple sites & countries

77. FIFTH

79. A block is an aggregated set of data
Data is collected and
processed to fit in a
block through a
process called
MINING
Each block could be
identified using a
Cryptographic Hash

80. Mining is the process
of writing blocks of
Bitcoin transactions
into the ‘The Bitcoin
Blockchain’, and
getting rewarded with
newly created bitcoins

81. Block will contain a hash
of the previous block, so
that blocks can form a
chain from the first block
ever (known as the
Genesis Block) to the
formed block

82. FIRST BLOCK : GENESIS

83. Every 10 minutes, all Bitcoin
transactions taking place are bundled
into a block
These blocks linked through a
timestamp signing, form a
chain (blockchain), which goes
back to the first block ever
created (mined)
The time stamping makes it
impossible to alter any part of it
once the network confirms it

84. These rules are inbuilt in the
Bitcoin core software, which
every node in the Bitcoin
network runs
Before a new block is added to the
blockchain, the Bitcoin network
has to reach a consensus on
based on predetermined rules

85. Data in a blockchain is
internally consistent
and immutable
Each block’s hash is
derived from the
contents of the block
Each block refers to
the previous block’s hash,
not a sequential number

86. Type of Distributed Ledger, comprised
of Unchangeable, Digitally
Recorded Data in packages called
BLOCKS
TAMPER EVIDENT LEDGER

88. SIXTH

91. Proof Of Work Is A Piece Of Data
Which Is Difficult To Produce But
Easy For Others To Verify And Which
Satisfies Certain Requirements
Bitcoin Uses
The Hashcash Proof
Of Work System.
PROOF OF WORK

92. ANUPAM HASH
8cd65c330ce4d0c58a45e676c2d08f0ddca6
c61f3b0a927ade10368d2d5aae6e
0000d1a2ea819ed13742fe7386a34c25bb48e99
b1ba8327c39551f6da5c01f98
NONCE : 61584

93. Each block is formed by a proof-of-
work algorithms, through which
consensus of this distributed
system could be obtained via the
longest possible chain

94. https://anders.com/blockchain/blockchain.html

95. Thus blockchain provides
the basis for the TRUSTLESS
DISTRIBUTED SYSTEM

102. SEVEN

103. BITCOIN MINING

105. A miner performs the
MINING OPERATIONS
ALONE without joining
a pool.
All mined blocks are generated to
the MINER'S CREDIT.

106. The current hardware’s utilized for the
process of solo mining can deliver an
experience which is more like playing the
lottery, but if you do it right you can exit
with a lot of cash

109. EIGHT

111. WALLET is basically
the Bitcoin Equivalent
of a Bank account.
Allows to RECEIVE BITCOINS,
them, and then
SEND them to others

113. Connected to the Internet
or is online is said to be HOT
Cold Wallets & Hot Wallets
Cold is considered
most Secure &
suitable for Storing
Large Amounts of
bitcoins
Hot is suitable for
Frequently
Accessed funds
COLD implies it is Offline or
Disconnected from the
Internet

114. Designedto be downloaded
& used on Laptops/PCs
DESKTOPWALLETS
Armory, Multibit, Msigna
and Hiveto mention a FEW
Easyto Access.
Available for Different OS
– Windows, Mac OS and Ubuntu.

115. MOBILEWALLETS

116. ONLINEWEBWALLETS

117. PHYSICALWALLETS
Once they are generated, you
print them out on a piece of
paper
Paper Wallets can
Securely hold your BITCOINS
in Cold Storage form for a
long time
Bitaddress.org
or Blockchain.info

118. BitcoinQt is the First ever built
bitcoin CLIENT WALLET
BITCOINCLIENTS
WALLETS
Original bitcoin
wallet used by the
Pioneers of the
currency
COMPUTERS installed with these wallets
FORM PART OF THE CORE
NETWORK & have access to all
transactions on the blockchain

119. HARDWAREWALLETS

121. PAPERWALLETS

126. A user for CONDUCTING
TRANSACTIONS utilizing BITCOIN,
he or she must first DOWNLOAD and
setup a BITCOIN WALLET
BITCOIN WALLET can show the
total BALANCE of all BITCOINS it
CONTROLS and let A USER PAY a
specified AMOUNT
‫نقود‬ ‫محفظة‬

127. WALLET contains a USER’S
PRIVATE KEY, which ALLOWS
FOR THE SPENDING of the
BITCOINS, which are located in
the BLOCK CHAIN
Once wallet is INSTALLED &
CONFIGURED, an ADDRESS
is GENERATED which is
SIMILAR to an E-MAIL or
PHYSICAL ADDRESS

130. THE LAST BITCOIN
(PROBABLY 21 MILLIONTH COIN)
WILL BE MINED IN THE YEAR
2140

132. A reward system, in
the form of
a website or app, that
dispenses rewards in
the form of a satoshi,
for visitors to claim in
exchange for
completing
a captcha or task as
described by the
website.
SATOSHI : 1/100th of a Millionth BITCOIN

133. They DON’T EXIST
ANYWHERE, even
on a hard drive

134. When we say SOMEONE HAS
BITCOINS & you look at a
PARTICULAR BITCOIN ADDRESS,
there are NO DIGITAL BITCOINS held
AGAINST that ADDRESS
BALANCE of any BITCOIN
address ISN’T HELD at that
ADDRESS; one MUST
RECONSTRUCT it by looking at
the BLOCKCHAIN

143. DDoS for Bit Coin @DD4BC is an extortionist
group responsible for many bitcoin extortion
campaigns involving DDoS attacks and
ransom demands

144. Nitrogen Sports is dedicated to its
international userbase and offers
sports betting for dedicated fans
to make some extra side money
When you visit the site, a unique
Bitcoin address is generated
for your use

145. NITROGEN SPORTS

146. ONLINE SPORTS BETTING

149. Operation Pleiades
European Union's law
enforcement agency
investigators from
Europol, Bosnia
,Hezegovina,
Germany, France,
Japan, Romania,
Switzerland, the UK
and the US contributed
in tracking down
the hacking group
DD4BC

162. More SUCH unknown
currency UPCOMING

169. Monero, uses the EQUIVALENT OF A
“POST OFFICE BOX” as address to
send and receive Monero.
VIRTUAL P.O. box
instead of actual
address
With BITCOIN, you reveal your real
“home address” in order to send and
receive BITCOIN

170. Ring signature is a WAY TO MAKE
SURE A TRANSACTION CAN’T BE
TIED BACK to a specific individual

171. Kovri is a FREE, DECENTRALIZED,
ANONYMITY TECHNOLOGY developed
by Monero
Kovri uses both GARLIC ENCRYPTION
AND GARLIC ROUTING to create a
private, protected overlay-network across
the internet.
Effectively HIDES GEOGRAPHICAL
LOCATION and internet IP address.

172. CoinJoin is
ANONYMIZATION
method for bitcoin
TRANSACTIONS

173. “When you want to make a payment,
find someone else who also wants to
make a payment and make a joint
payment together.”
When making a
joint payment,
there is no way
to relate input
and outputs in
one BITCOIN
transaction

175. Silent Bitcoin (or SBC) is a DIGITAL
VOUCHER CURRENCY 100% backed by
bitcoins.
Means that 1.0 SBC
equals 1.0 BTC.
However the base
units for SBC vouchers
are mBTC, or milli-
bitcoin (0.001 BTC).

176. When a user spends BTC to a wallet
hash controlled by SilentVault, they
receive in exchange a voucher (a
cryptographically signed XML object) for
the same amount in SBC.

177. Thereafter THE SBC VOUCHER VALUE
CIRCULATES PRIVATELY OFF-CHAIN
BETWEEN SILENTVAULT WALLETS, until
a holder redeems their SBC voucher for
BTC.
At that point the SBC value is
decirculated, and a BTC spend is made
from SilentVault's reserve to the
address hash designated by the user
who surrendered the voucher.

179. no one, not even the Tumbler, can link a
payment from its payer to its payee
TumbleBit, a new unidirectional
unlinkable payment hub that is
fully compatible with today’s
Bitcoin protocol.
TumbleBit allows parties to make
fast, anonymous, off-blockchain
payments through an untrusted
intermediary called the Tumbler

183. But Keep Calm & Trust Forensics
By : ANUPAM TIWARI
EMAIL: anupamtiwari@protonmail.com

184. BITCOIN ARTIFACTS

185. Everyone on the NETWORK knows about a
TRANSACTION and THE HISTORY
OF A TRANSACTION can be TRACED
BACK to the point where the BITCOINS
were produced

186. Conduct a
SEARCH based
on BLOCK
NUMBER,
ADDRESS,
BLOCK HASH,
TRANSACTION
HASH or
PUBLIC KEY

188. SOURCE : https://blockchain.info/ip-log

195. 1.46 × 10^48 possible
Bitcoin Addresses
that gives every
person on Earth
2.05×10^38 Different
Addresses

198. Bitcoin Mixer is an Anonymous
Service, that confuses the trails
of Bitcoin transactions.

210. PROJECT TITANIUM : Main thrust of the European
Union’s Titanium Project is to Monitor blockchains,
deanonymize wallet addresses, surveil dark net
markets, and block terrorists and money launderers.
TITANIUM, which stands for Tools for the Investigation of
Transactions in Underground Markets

212. Private key of the suspect, they can
search for that particular key on the
Blockchain to Trace the purchases
to other potential Suspects.
investigator has the Bitcoin

214. BITCOIN FORENSIC ARTIFACT EXAMINATION
Windows 7 Professional
Multibit
Bitcoin-Qt
Bitminter
Basic USB ASIC Bitcoin
Gateway laptop ML6720
120 GB WD hard drive
(4) USB ASIC Mining
drives
USB powered cooling fan
32 GB USB thumb drive

215. • System Info
• Info about Logged users
• Registry Info
• Remnants of Chats
• Web browsing Activities
• Recent Communications
• Info from Cloud Services
• Decryption Keys for encrypted
volumes mounted
COLLECTION OF BITCOIN ARTIFACTS

216. Utilizing the data from
344
transactions,
Meiklejohn able to
identify the owners of
more than a million
Bitcoin addresses
Sarah Meiklejohn, a Bitcoin focused
Computer Researcher
Extensive Research
in
Bitcoin Blockchain
Found that by looking
blockchain an
investigator can
uncover who owns a
Bitcoin addresses

217. 2015
“In this paper we show that combining TOR and
BITCOIN creates an ATTACK VECTOR for the
stealthy man-in-the-middle attacks. A LOW-
RESOURCE ATTACKER gain FULL
CONTROL of information flows between all users
who chose to use Bitcoin over TOR. In particular the
attacker CAN LINK TOGETHER USER’S
TRANSACTIONS regardless of pseudonyms used”

218. Bitcoin transactions occur via a
Network Connection, an investigator
should seize any Physical Object that
can connect to the Internet in addition
to the hard drive
COLLECTION OF BITCOIN ARTIFACTS

223. anupamtiwari@protonmail.com
https://about.me/anupam.tiwari