Bitcoin Forensics
- 2. The views expressed in this presentation are Mere Apne. Reference to any specific products, process ,or service do not necessarily constitute or imply endorsement, recommendation, or views of Min of Def or any Govt All images used are for illustrative purposes only & Do not promote any specific product
- 8. OVERVIEW WHY,HOW,WHERE WHO’S WHO? TECHNOLOGY CASE STUDY JAI HINDH SUMMARY
- 11. Name used by the unknown person or persons who designed BITCOIN and created its original reference implementation SATOSHI NAKAMOTO Kahan Gaya Usay Dhoondo
- 13. AS OF 17TH FEB 2017 1 BITCOIN IS WORTH 1040$ SO 1 BITCOIN IS 70103
- 14. THE LAST BITCOIN (PROBABLY 21 MILLIONTH COIN) WILL BE MINED IN THE YEAR 2140
- 19. CRYPTOCURRENCY IS AN ATTEMPT TO BRING BACK A DECENTRALISED CURRENCY OF PEOPLE, ONE THAT IS NOT SUBJECT TO INFLATIONARY MOVES BY A CENTRAL BANK
- 22. Distributed Ledger is a Consensus of Replicated, Shared & Synchronized digital data geographically spread across multiple sites & countries
- 23. Type of Distributed Ledger, comprised of Unchangeable, Digitally Recorded Data in packages called BLOCKS TAMPER EVIDENT LEDGER
- 26. BASICALLY CHUNKS OF INFO THAT CAN BE USED TO MATHEMATICAL GUARANTEE ABOUT MESSAGES
- 27. Peer-to- Peer (P2P) network is created when two or more PCs are connected & share resources without going through a separate server computer
- 31. “शरीर में 206 हड्डिय ां है, और सांविध न में 1670 क नून ... हड्िी से लेकर क नून सब तोड़त हूूँ….” SHA तोड़ के दिख ….
- 34. BITCOIN MINING
- 36. MERKLE TREE
- 38. A user for CONDUCTING TRANSACTIONS utilizing BITCOIN, he or she must first DOWNLOAD and setup a BITCOIN WALLET BITCOIN WALLET can show the total BALANCE of all BITCOINS it CONTROLS and let A USER PAY a specified AMOUNT
- 39. WALLET contains a USER’S PRIVATE KEY, which ALLOWS FOR THE SPENDING of the BITCOINS, which are located in the BLOCK CHAIN Once wallet is INSTALLED & CONFIGURED, an ADDRESS is GENERATED which is SIMILAR to an E-MAIL or PHYSICAL ADDRESS
- 40. WALLET is basically the Bitcoin Equivalent of a Bank account. Allows to RECEIVE BITCOINS, STORE them, and then SEND them to others
- 41. Connected to the Internet or is online is said to be HOT Cold Wallets & Hot Wallets Cold is considered most Secure & suitable for Storing Large Amounts of bitcoins Hot is suitable for Frequently Accessed funds COLD implies it is Offline or Disconnected from the Internet
- 42. Designedto be downloaded & used on Laptops/PCs DESKTOPWALLETS Armory, Multibit, Msigna and Hiveto mention a FEW Easyto Access. Available for Different OS – Windows, Mac OS and Ubuntu.
- 43. MOBILEWALLETS
- 44. ONLINEWEBWALLETS
- 45. PHYSICALWALLETS Once they are generated, you print them out on a piece of paper Paper Wallets can Securely hold your BITCOINS in Cold Storage form for a long time Bitaddress.org or Blockchain.info
- 46. BitcoinQt is the First ever built bitcoin CLIENT WALLET BITCOINCLIENTS WALLETS Original bitcoin wallet used by the Pioneers of the currency COMPUTERS installed with these wallets FORM PART OF THE CORE NETWORK & have access to all transactions on the blockchain
- 47. HARDWAREWALLETS
- 51. They DON’T EXIST ANYWHERE, even on a hard drive
- 52. When we say SOMEONE HAS BITCOINS & you look at a PARTICULAR BITCOIN ADDRESS, there are NO DIGITAL BITCOINS held AGAINST that ADDRESS BALANCE of any BITCOIN address ISN’T HELD at that ADDRESS; one MUST RECONSTRUCT it by looking at the BLOCKCHAIN
- 53. Everyone on the NETWORK knows about a TRANSACTION and THE HISTORY OF A TRANSACTION can be TRACED BACK to the point where the BITCOINS were produced
- 54. Conduct a SEARCH based on BLOCK NUMBER, ADDRESS, BLOCK HASH, TRANSACTION HASH or PUBLIC KEY
- 58. BITCOIN-QT FOLDER STRUCTURE Blocks – This subdirectory contains blockchain data and contains a “blk.dat” file and a “blocks/index” subdirectory. “blk.dat” stores actual Bitcoin blocks dumped in raw format. The “blocks/index subdirectory” is a database that contains metadata about all known blocks
- 59. Chainstate subdirectory- it is a database with a compact representation of all currently unspent transactions and some metadata about where the transactions originated BITCOIN-QT FOLDER STRUCTURE
- 60. Database subdirectory - Contains database journaling files (Data Directory, BITCOIN-QT FOLDER STRUCTURE
- 61. LOCK FILE DEBUG.LOG PEERS.DAT WALLET.DAT BITCOIN-QT FOLDER STRUCTURE DB LOCK FILE EXTENSIVE LOGGING FILE PEER INFORMATION STORAGE FOR KEYS,TXN,METADATA etc
- 62. Private key of the suspect, they can search for that particular key on the Blockchain to Trace the purchases to other potential Suspects. investigator has the Bitcoin
- 64. BITCOIN FORENSIC ARTIFACT EXAMINATION Windows 7 Professional Multibit Bitcoin-Qt Bitminter Basic USB ASIC Bitcoin Gateway laptop ML6720 120 GB WD hard drive (4) USB ASIC Mining drives USB powered cooling fan 32 GB USB thumb drive
- 67. Utilizing the data from 344 transactions, Meiklejohn able to identify the owners of more than a million Bitcoin addresses Sarah Meiklejohn, a Bitcoin focused Computer Researcher Extensive Research in Bitcoin Blockchain Found that by looking blockchain an investigator can uncover who owns a Bitcoin addresses
- 72. Bitcoin transactions occur via a Network Connection, an investigator should seize any Physical Object that can connect to the Internet in addition to the hard drive COLLECTION OF BITCOIN ARTIFACTS
- 74. • System Info • Info about Logged users • Registry Info • Remnants of Chats • Web browsing Activities • Recent Communications • Info from Cloud Services • Decryption Keys for encrypted volumes mounted COLLECTION OF BITCOIN ARTIFACTS
- 75. Ulbricht Ross