±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34298
New Yesterday: 0 Visitors: 274

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Bitcoin investigations training

Computer forensics training and education issues. If you are looking for topic suggestions for your project, thesis or dissertation please post here rather than the general discussion forum.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2 
  

Re: Bitcoin investigations training

Post Posted: Wed Nov 15, 2017 3:15 pm

- hcso1510
I told him what I needed to know is hypothetically lets say a guy comes in claiming he purchased a car for x amount of Bitcoin, but he didn't get it. How do I turn available information into actionable intel and catch the suspect?


Excuse me (and sorry if I bring the matter slightly off-topic) but I don't understand the (hypothetical) example.

Was it to:
1) identify the counterpart selling the car?
2) prove that a given amount of bitcoins was actually transferred from the purchaser to the seller?
3) something else (that is totally escaping me)

I mean, given that the identity of the seller is known (unless the purchaser just sent a substantial amount of bitcoins to the account of a perfect stranger over the internet) and once proven that the bitcoin transaction actually took place, what (coming from the analysis of the blockchain) is proving:
1) that the receiving wallet actually "belongs" to the seller
2) that the transaction was made for the sale of a car (and not for the sale of something else or as a gift, or *whatever*)


jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: Bitcoin investigations training

Post Posted: Wed Nov 15, 2017 7:18 pm

jaclaz,

I probably didn't describe what I meant all that well. My understanding of Bitcoin is that it was largely, or at least in part, created as a vehicle to combat big banks and banking fees. I've also been told that the original intent was not to necessarily be an avenue for clandestine purchases.

I have not done this myself, but I have been told that you can download a fairly large file that will contain every Bitcoin transaction ever made? If I were to do so what would I find. The wallet number of the individuals involved in the transaction, or the wallets public key? Lets say I had a wallet number, or a public key? How do I trace that information back to an individual? As I mentioned in my OP I once downloaded two Bitcoin wallets. The registration of one of the wallets requested my banking information while the other did not.


So: If I were to be working a case involving a case involving Bitcoin I know that there would likely be additional information like phone numbers, email addresses and IP's. Those things can all be faked through various means. In those cases I either have a good idea of how to trace it back to an individual, or I know where to go to ask questions. Bitcoin on the other hand seems to be much different. I get that Bitcoins history is important, but how/if you can trace a transaction back to an individual is training that is lacking.
_________________
Ed

I'm not a cellular technology expert, but I did stay at a Holiday Inn Express last night. 

hcso1510
Senior Member
 
 
  

Re: Bitcoin investigations training

Post Posted: Thu Nov 16, 2017 6:24 am

- hcso1510
jaclaz,

I probably didn't describe what I meant all that well. My understanding of Bitcoin is that it was largely, or at least in part, created as a vehicle to combat big banks and banking fees. I've also been told that the original intent was not to necessarily be an avenue for clandestine purchases.

Sure Smile , the "impression" that Bitcoin is used only for "evil" scopes is very similar to the "impression" that torrents and Tor are only used for the same "evil" scopes.

But I was trying to say something different, in a "normal" sale/purchase of a car between privates there is normally (not always):
1) an advertisement (public, on apaper on on a site) by the seller stating that he is going to sell a car for a given price
2) some correspondence between the seller and the purchaser, including usually photos of the car
3) a visit (in person) of either the purchaser to the place where the car is or a visit of the seller (with the car) to the place where the purchaser leaves, hopefully with some third party witnessing it.
4) an agreement between the parts about the price, the delivery date and place, etc. (often verbal, but again hopefully in written form)
5) a payment (that could be also entirely untraceable, like cash)
6) the filling of some official documentation (of course depending on the actual country this may be easier or more complicated official)

All in all step #5, if done in cash, is the least traceable step but also the less relevant from a legal standpoint, as I see it.

I mean I can go and claim that I gave Mr. X US$ 10,000 in cash for his car, and he never delivered it, but that would be just my word against his without some proof of all (or most of) the other steps mentioned.

In the case of a Bitcoin payment, given that somehow (and AFAIK is not at all easy, if possible at all) that you can prove is that a transaction for US$ 10,000 between me and Mr.X[1] actually happened (let's say that I have a fotocopy of each and every Benjamin and the same banknotes are *somehow* found in possession of Mr.X[2]), you essentially have nothing connecting it with the sale of the car.

Mr.X may well state that I owed him US$ 10,000 that he lent me earlier, that it was a liberally given donation, that it was in exchange for sexual favours Shocked
www.imdb.com/title/tt0.../qt0266023
, *whatever*.

jaclaz

[1] the blockchain obviously can trace the transaction, but only from "wallet #1" to "wallet #2" (actually there is no real *need* of a wallet, it may be a simple bitcoin address, i.e. only a public key), linking wallet/address #2 to a person, and prove it is an altogether different thing, and then - assuming that I am saying the truth and that Mr.X is actually a crook or a swindler - the actual bitcoins would have likely gone through one or more "mixer(s)" or however transferred to other addresses.
[2] the legal means to be able to perform this search will vary from country to country
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 

Page 2 of 2
Go to page Previous  1, 2