Bits Behind the Coin: Following the Trail of a Cryptocurrency Investigation
This year at Enfuse, John Wilson, a digital investigator from Discovery Squared, LLC presented “Bits Behind the Coin: Following the Trail of Cryptocurrency Investigation.” This session presented a lot of valuable information regarding the ins and outs of blockchain and cryptocurrency. I will be breaking down some of the content learned and will apply it to how blockchain technology can support a forensic investigator.
Blockchain and cryptocurrency: two technologies that have forever changed how the world views money, peer-to-peer communication, and even processing power. These terms can be a little overwhelming for readers, but I’ll be breaking down how these technologies work. Lets get started!
What is peer-to-peer networking?
Peer-to-peer (P2P) networking is not a new concept. It has been around way before the internet when computing was first new and exciting. It allowed people to share information between one computer and another. This was the most basic type of network, but since the spread of the internet throughout the world, we have seen a comeback of P2P sharing with torrenting and also music services such as Limewire. It is important to note that these technologies use P2P to allow users to download and access files. There is no central place where the shared files are stored, but these devices communicate directly to transfer data. P2P networking is also difficult to stop, and there is no central authority who can take action to prevent files from spreading.
What is blockchain?
Blockchain uses P2P networking to send immutable data to a group of users. This can be information such as files, pictures, text, or even raw data. All data that is sent to blockchain cannot be changed, and everyone who sends new data to the blockchain must always be up-to-date with the latest block. It is important to re-state that blockchain is decentralized, so once the information is released, there is no way to remove it from the clients it’s shared with. There are many modern-day uses for blockchain. Large corporations such as Maersk and Walmart use blockchain to keep track of product shipments. Blockchain has many uses but cryptocurrency marks only one modern use.
What is cryptocurrency?
Cryptocurrency is a virtual currency which utilizes blockchain technology. With the rise of Bitcoin, using this technology has sparked a lot interest with decentralized currency. There is no central authority that has access to bitcoin wallets — only their owner. Due to the decentralized nature, this makes transactions nearly anonymous, and only a finite amount of information can be gathered from forensics. At Enfuse this year, John Wilson taught about how you can investigate cryptocurrency wallets to see past transactions and even how you can use this information with tools to see the flow of money. This is a very challenging task because of the anonymized nature of cryptocurrency.
Using forensics to gather information about cryptocurrency transactions is not an easy task. Unfortunately, the anonymity of cryptocurrency makes it more difficult, and the only investigation that can truly be done is gathering data. Butwait – there’s more! Before I mentioned that blockchain is “immutable.” This means that information within the blockchain cannot be changed. However, this also means that every client with the blockchain on it can see the information that has been transferred in the past. One of the problems we face is if the information contained is illegal or contains contraband. This can make investigations extremely difficult if the source of the contraband cannot be determined. Mostly relying on the past can help put pieces together. Blockchain in the future, if used in a non-anonymized fashion, will speed up the amount of time an investigation will take due to its ability to keep track of the past.
There is so much complexity to cryptocurrency that Wilson spoke about, it truly revealed a lot of the challenges faced when dealing with it. Thank you to Mr.Wilson and Enfuse for providing the opportunity to learn about these new technologies, and the challenges we face moving forward in digital forensics.