- A
- addresses
- change addresses, 177–181
- clusters, 181–182, 184
- ether value, 155
- Ethereum, change addresses, 190–191
- filtering multiple, 151
- Googling, 188
- graphing, 183
- history, 82–83
- multi-signature transactions, 157
- output, 177
- owners, 178–181
- private keys, 70
- public keys and, 70
- recovered, transaction history, 147–148
- searches, automated, 135–136
- temporal patterns, 156–160
- transactions and, 69
- unpeeling, 233
- UTXOs, 74
- vanity addresses, 83–85, 155
- wallet addresses, 185
- Adleman, Leonard, 23
- AES-256-CBC encryption, 167–168
- Agent Ransack, 127–130, 134, 137
- algorithms
- elliptic curve, 28–29
- Extended Euclidean Algorithm, 25
- hashing, MD5, 16–17
- anonymity, Monero and, 214
- anonymous data transmission, cover wallets and, 106
- API (application programming interface), 63
- ASICs (application specific integrated circuits),
- asset seizure, 137–138, 256
- online wallets, 265
- private key import, 261–262
- security, 263–265
- storage, 263–265
- without cashing out, 258–259
- asymmetric cryptography, 23
- attacks, 51%, 41
- AXIOM, 131
- B
- bank note analogy, 68
- Base16, hexadecimal values, 18
- Base58 Check, 69–70
- Belkasoft, 136–137
- Big Endian, 49
- BIP (Bitcoin Improvement Proposals), 44
- Bitcoin,
- address, public keys, 24
- Elliptic Curve cryptography,
- mining,
- Satoshi, 155
- setting up as user, 10–14
- SHA256 hashing, , 18
- Bitcoin Cash fork, 42, 59, 186
- Bitcoin Core
- analysis
- environment setup, 161–166
- private key import, 166–167
- console, 163
- data extraction and, 140–143
- Debug Window, 72
- Encrypt Wallet, 168
- installation, 11, 161
- startup, 11–12
- bitcoin daemon data extraction, 140–143
- Bitcoin nodes, 220–221
- Bitcoin P2P Network Sniffer, 247–248
- Bitcoin Testnet, 12
- blockchains, download, 12
- Receiving Address dialog box, 12–13
- Transactions dialog box, 13
- bitcoin_cli daemon, 166
- bitcoinwhoswho.com, 233
- BitcoinWiki, 41
- bitinfocharts.com, 172–173
- bitnodes.earn.com, 219
- graphs, 226
- IP addresses, filtering, 220
- metadata, 221
- millisecond converters, 224
- seeds, 224–225
- snapshots, 222
- Tor network, 226, 228–229
- TXID, 223
- bitnotify.com, address monitoring, 194
- bits, 17
- Black Hat conference, 219
- block header, 42–43
- difficulty target, 46–47
- hash of previous, 44
- Merkle root, 44–45
- nonces, 46–47
- timestamps, 45–46
- version, 43
- block height, 57–58
- blockchain viewers
- Bitcoin Cash fork, 186
- bitinfocharts.com, 172–173
- blockchain.info, 200–201
- gray circle, 200
- input address, 200
- orange circle, 200
- origin address, 200
- spent values, 200
- transaction visualization, 201
- unspent output, 200
- Google searches and, 126
- online, 199
- blockchain.info, 200–201
- addresses
- clusters, 181–182
- inputs, 178–181
- owners, 178–181
- change addresses, 177–181
- gray circle, 200
- input address, 200
- orange circle, 200
- origin address, 200
- seeds, 124
- spent values, 200
- transactions, 176–177
- change addresses, 177–181
- moving between, 182–184
- visualization, 201
- blockchains, , 39
- auction system,
- coins, spending, 71–73
- files, storage, 11
- folders, 11
- forks
- hard forks, 59
- orphan fork, 41
- orphan forks, 58–59
- soft forks, 60
- LEGO analogy, 41–42
- online viewers, 10–11
- Rai coins, –5
- Blockcypher.com, API, 62
- blockexperts.com, 188
- blockexplorer.com, 175, 186–187
- blockonomics.co, address monitoring, 193–194
- blocks
- browsing, 58
- genesis block, 58
- hexadecimal, deconstructing, 47–51
- transactions, confirmations, 40
- bonded contracts, 110
- brute forcing, 20
- key space and, 20
- wallets, encrypted, 167
- BTCRecover, 167, 168–169
- help page, 169–170
- passwords, 168–170
- BTCscan, 135, 137
- bytes, 17
- C
- calculated tables, wallets, encrypted, 167
- cashing out, 256. See asset seizure
- converting coins to fiat currency, 257
- insurance, 257
- process, 258
- secure storage, 257
- seizing without cashing out, 258–259
- valuation fluctuations, 257
- Chainalysis, 117, 214
- chainz.cryptoid.info, 187
- change addresses, 177–181
- Chaum, David,
- civil forfeiture. See asset seizure
- click blindness, 182
- click happy, 182
- clustering
- Cocks, Clifford, 23
- Cohen, Chris, 135
- coin transactions, 189–190
- Coinbase, 97
- coinlib.io/exchanges, 234
- Coinpayments, 97
- coins
- seizing, 255
- spending, 71–73
- cointmarketcap.com,
- cold wallets, 98–99
- commercial visualization systems, 214
- commission scam, mining, 92
- computer forensics, 16
- contracts, 109
- bonded, 110
- creating, 110
- escrow transactions, 110
- Ethereum, 110–112, 189–190
- multi-signature, 110
- nLockTime and, 110
- third-party arbitration, 110
- covert wallets, 105–107
- crypto prefix, –7
- cryptocurrency
- building
- ledger, 32–33
- mining, 34–35
- Dash,
- definition, –4,
- Ethereum,
- exchanges, 227
- Litecoin,
- Monero,
- origination questions,
- physical manifestation,
- Ripple, , 68
- theft, 269
- trading,
- Zcash,
- cryptocurrency crimes
- cryptocurrency theft, 269
- extortion, 270
- illegal goods purchase, 268
- illegal goods sales, 268–269
- kidnap, 270
- money laundering, 269–270
- cryptography
- asymmetric, 23
- ECC (Elliptic Curve Cryptography), 28–31
- Elliptic Curve cryptography,
- RSA, 23–28
- cryptoviruses, WannaCry, 192
- currency
- bank note analogy, 68
- Rai coins, –6
- stones of Yap islands, –6
- token analogy, –7
- D
- Dapp, 244
- dark web searches, 237–341
- Dash,
- data analysis
- API, 150–151
- Ethereum, extracting raw, 154–155
- exporting data, 149–150
- filtering, 149–151
- investigations and, 148
- literal data, 148
- data packets, intercept and, 246
- decryption, 22–23
- deterministic wallets, 103
- dictionary attack, wallets, encrypted, 167
- difficulty target, 46–47
- Diffie, Whitfield, 22
- Digicase,
- digital forensics, 16
- E
- ECC (Elliptic Curve Cryptography), 28–31
- e-currency,
- E-Gold, –8
- Electrum software wallet
- asset seizure and, 259–261
- private key import, 261–262
- seeds, 124
- Elliptic, 117, 214
- elliptic curve algorithm, 28–29
- Elliptic Curve cryptography,
- Ellis, James, 23
- EnCase, 130, 131
- encryption
- AES-256-CBC, 167–168
- decryption, 22–23
- Diffie, Whitfield, 22
- Enigma machines, 22
- Hellman, Martin, 22
- lifecycle, 23
- private key, 21–22
- public key, 21–22
- Roman Caesar cyphers, 22
- wallets
- brute force, 167
- BTCRecover, 167, 168–169
- calculated tables, 167
- dictionary attack, 167
- master key attack, 167, 168
- password recovery, 168
- seed recovery, 169
- endianess, hexadecimal
- Big Endian, 49
- Internal Byte Order, 50–52
- Little Endian, 50, 52
- endpoints, intercept and, 246
- Enigma, the Battle for the Code (Sebag-Montfiore), 22
- Enigma machines, 22
- enumerating transactions, 55–57
- ERC-20 tokens, 112
- escrow transactions, contracts and, 110
- Ethereum, , , 61
- address monitoring, 196–197
- addresses
- change addresses, 190–191
- ether value, 155
- beneficiary, 62
- bitinfocharts.com, 189
- coin transactions, 189–190
- contracts and, 110–112, 189–190
- Dapp, 244
- data, extraction, 154–155
- etherscan.io, 86, 154–155, 189, 201–202
- Ethos token, 191–192
- fork, 59
- mixhash, 62
- nonce, 62
- number, 62
- ommersHash, 62
- parenthash, 62
- timestamps, 62, 160–161
- tokens, 112–116
- transactions
- contract as agreement, 191
- contract that transacts token, 191
- contract that triggers another, 190–191
- differences and, 189–192
- following, 189–192
- gas, 85–86
- value, 190
- etherscan.io, 86, 154–155, 189, 201–202
- address monitoring, 196–197
- addresses, reused, 202
- Ethos token, 191–192
- Learnmeabitcoin.com, 213–214
- blue circles, 213
- green circles, 213
- grey squares, 213
- links between addresses, 213
- SHA256 checksum generation, 213
- Maltego
- address details, 209
- To Addresses [*Received from], 210
- To Addresses [*Sent from], 210
- Bitcoin Address, 208
- Bitcoin Transaction, 208
- clustered input addresses, 211
- commercial version, 206
- Community version, 206
- CSV file export, 212
- Detail View pane, 209
- downloading, 206
- entities, 206
- graphs, 207–208
- importing data, 211
- To INPUT Addresses, 208
- To IP Address of First Relay, 208
- To OUTPUT Addresses, 208, 209
- Taint Analysis, 209
- transaction ID value, 208
- To Transactions [where address was an input], 210
- To Transactions [where address was an output], 210
- Transform Hub, 209
- Transform Servers, 207
- transforms, 206–209
- To Website, 207
- Numisight
- Addresses tab, 204
- Canvas tab, 204
- Coins tab, 204
- Data tab, 204
- Expand Inputs, 205
- Expand Outputs, 205
- graph, 203, 204
- payments, 205
- Public Alpha release, 202
- transactions, 203, 205
- Transactions tab, 204
- token search and, 113–114
- Ethos token, 191–192
- Excel, timestamps and, 158–159
- exchange fraud, mining, 92
- exchanges, 227
- Extended Euclidean Algorithm, 25
- extortion, 270
- F
- filtering data, 149–151
- FIs (Financial Investigators), 255
- forks, 58–59
- Bitcoin Cash fork, 42
- hard forks
- Bitcoin Cash, 59
- Ethereum, 59
- orphan forks, 41, 58–59
- soft forks, 60
- freezing assets. See asset seizure
- FTK (Forensic Toolkit), 130, 131
- Full Node wallet, 96
- G
- genesis block, 58
- GPUs (Graphical Processing Units), 20
- graphing address information, 183
- H
- hard forks
- Bitcoin Cash, 59
- Ethereum, 59
- hardware
- mining and, 88
- wallets, 100
- Keepkey, 97
- Ledger Nano S, 97
- Trezor Wallet, 97
- hashing, 16
- bits, 17
- bytes, 17
- detecting files, 17
- kilobytes, 17
- nibbles, 17
- one-way hash, 17
- password storage and, 18–19
- passwords, SHA256 and, 19
- SHA256 algorithm, 19–21
- hashing algorithms
- MD5, 16–17
- RIPEMD, 17
- SHA, 17
- SHA256, 17
- Hellman, Martin, 22
- hex converters, 53–54
- hex editors, Bitcoin version 2, 51
- hex readers, 47–48
- hexadecimal values, 18
- endianess
- Big Endian, 49
- Internal Byte Order, 50–52
- Little Endian, 50, 52
- raw, transactions and, 79–81
- hierarchical wallets, 103
- Hoelzer, Dave, 17
- Httrack, 127–130
- hunch.ly, 239
- HxD reader, 47–48
- I
- ICOs (initial coin offerings), 39, 112–116
- illegal goods purchase and sales, 268–269
- imaging RAM, 136–137
- input address, blockchain.info, 200–201
- intercept, 246
- Bitcoin nodes, 247–248
- data packets and, 246
- legislation, 246
- thin clients, 246–247
- WiFi-based traffic, 249
- wiretaps, 246
- Internal Byte Order, 50–52
- investigations
- data analysis, 148
- live computers
- asset seizure, 137–138
- documentation, 138
- export from bitcoin daemon, 140–143
- Notepad++, 138–139
- wallet data extraction, 144–145
- wallet file, 138–140
- online searches, 125–130
- open-source intelligence gathering, 235–236
- premises search, 120–121
- paper print out, 122
- printed e-mail, 122
- questioning, 124–125
- sticky notes, 122
- targets, 121–124
- wallet cards, 122
- white boards, 122
- investopedia.com,
- IP addresses
- tracing, 217–218
- exchanges, 227
- filtering, 220
- JSON, 220–221
- online stores, 227
- online wallets, 228
- proxies, 229–231
- to service provider, 231–235
- storage, 226–228
- thin clients, 228
- Tor network, 226, 228–229
- VPNs (Virtual Private Networks), 229–231
- ipqualityscore.com, 230
- J
- Jaxx, 97
- JSON (JavaScript Object Notation), 63
- address balance, raw, 150–151
- data extraction, 81–82
- IP addresses, 220–221
- K
- Kaminsky, Dan, 219
- Keepkey, 97
- kidnapping, 270
- kilobytes, 17
- L
- Latchman, Haniph, 16
- Laundry, 238
- ledger, 40
- building currency and, 32–33
- Ledger Nano S, 97
- LEGO analogy of blockchains, 41–42
- Litecoin,
- literal data, 148, 172
- Little Endian, 50, 52
- localbitcoins.com, 231–232
- locking transactions, 110
- M
- master key attack, wallets, encrypted, 167, 168
- MD5 algorithm, 16–17
- megabytes, 18
- memory dumps, 136–137
- mempool, 40, 69, 76–77
- Merkle root, 44–45, 51
- messages
- embedding, 242
- micromessages, 241–244
- metadata, addresses, 148
- micromessages, 241–244
- millisecond converters, 224
- mining,
- building, 34–35
- Chinese companies, 88
- Ethereum, 40
- fraud
- commission scam, 92
- exchange fraud, 92
- misleading promises, 93
- private key phishing, 92
- software miners, 92
- stealing power, 93
- hardware, 88
- open-air crates, 88
- pools, 90–91
- proof-of-stake, 90
- proof-of-work, 89–90
- rigs, 88
- timing, 89
- transactions and, 40
- validators, 90
- misleading promises, mining, 93
- Mixer, 238
- Monero, , 88
- money laundering, 269–270
- monitoring addresses
- multi-signature contracts, 110
- multi-signature transactions, 71, 110
- Musk, Elon, PayPal,
- MyEtherWallet, 97
- N
- Nakamoto, Satoshi, 57, 110
- nibbles, 17
- NickCoin, 32–34, 36, 87
- nLockTime, 110
- nonces, block header, 46–47
- nondeterministic wallets, 102–103
- notetaking, 176
- O
- O'Keefe, David,
- one-way hashing, 17
- online blockchain viewers, 199
- Online Node wallet, 96
- online searches, addresses, 125–130
- online stores, IP addresses, 227
- online wallets, IP addresses, 228
- open-source intelligence gathering, 235–237
- orphan forks, 41, 58–59
- oxt.me, 156, 158, 175
- P
- P2PKH (Pay-to-Public-Key-Health) transactions, 71
- P2SH (Pay-to-Script-Hash) transactions, 71
- paper wallets, 100–101
- passwords
- brute-forcing, 20
- BTCRecover and, 168–170
- hashing, 19–20
- password lists search, 170
- storage, 18–19
- typo map, 171
- pattern-based online searches, 127–130
- PayPal,
- peer-to-peer network, 219
- Poloniex, 233–234
- premises search, 120–121
- questioning, 124–125
- targets, 121
- private keys, 122–124
- public addresses, 122
- private keys, 21–22
- addresses, 70
- asset seizure and, 261–262
- extracting
- formats, 123
- investigation and, 122
- offline storage, 98
- phishing, mining, 92
- public key generation, 24–25
- seeds, 124
- wallet analysis, 166–167
- proceeds of crime appropriation. See asset seizure
- proof-of-stake, 90
- proof-of-work, 89–90
- proxy networks, IP addresses, 229–231
- public addresses, investigation and, 122
- public keys, 21–22
- addresses and, 70
- Bitcoin addresses, 24
- extracting
- generating by private key, 24–25
- number of keys, 71
- public/private key address pairs, 98
- Python
- hex conversion, 54
- Requests, 152–153
- unspent_n script, 153
- Q
- questioning, investigations and, 124–125
- R
- Rai coins, –6
- RAM (random access memory), imaging for recoverable data, 136–137
- raw transactions, 79–81
- regular expressions in searches, 127–130
- Requests (Python), 152–153
- RIPEMD algorithm, 17
- Ripple, , 68
- Rivest, Ron, 23
- Roman Caesar cyphers, 22
- Roose, Kevin, 115
- RSA cryptography, 23–28
- S
- Satoshi, 155
- ScriptPubKey, 77–79
- scripts
- address monitoring, 194–196
- pay-to-hash transactions, 110
- ScriptSig, 77–79
- searches, automated, 135–136
- SEC (Securities and Exchange Commission), ICO fraud, 115
- seeds, 124
- DNS Seeds, 224–225
- recovery support, 169
- SegWit (Segregated Witness) fork, 70
- seized computers, key extraction
- address search automation, 135–136
- commercial tools, 130–131
- memory dumps, 136–137
- wallet file, 131–134
- seizing assets, 256. See also asset seizure
- seizing coins, 255
- service providers, tracing IP addresses to, 231–235
- SHA algorithm, 17
- SHA256 algorithm, 17, 87
- Bitcoin, 18
- hashing and, 19–21
- SHA256 hashing, Bitcoin and,
- Shamir, Adi, 23
- site modifier, 127
- sniffers
- Bitcoin P2P Network Sniffer, 247–248
- WiFi-based traffic, 249
- wired data, 248–254
- soft forks, 60
- software miners, 92
- software wallets, 100
- Coinbase, 97
- Coinpayments, 97
- Full Node, 96
- Jaxx, 97
- MyEtherWallet, 97
- Online Node, 96
- Thin Node, 96
- stacks, 78
- stealing power, mining, 93
- T
- targets of investigation, premises search, 121
- private keys, 122–124
- public addresses, 122
- temporal patterns in addresses, clustering and, 156
- thin clients
- intercept and, 246–247
- IP addresses, 228
- Thin Node wallet, 96
- third-party arbitration contracts, 110
- time zones, 156
- timestamps, 45–46, 156–157
- Ethereum, 160–161
- Excel and, 158–159
- token analogy, –7
- tokens
- Tor Browser, 238
- Tor network, 226, 228–229
- torstatus.blutmagie.de, 229
- tracing IP addresses, 217–218
- exchanges, 227
- filtering, 220
- JSON, 220–221
- online stores, 227
- online wallets, 228
- proxies, 229–231
- to service provider, 231–235
- storage, 226–228
- thin clients, 228
- Tor network, 226, 228–229
- VPNs (Virtual Private Networks), 229–231
- trades. See transactions
- trading cryptocurrency,
- transactions, 67–68
- addresses, 69
- change addresses, 177–181
- clusters, 181–182
- clusters, 184
- graphing, 183
- inputs, 178–181
- owners, 178–181
- view all transactions, 152
- wallet addresses, 185
- blocks, 40
- coin, 189–190
- contract, 189–190
- enumerating, 55–57
- Ethereum
- coin, 189–190
- contract, 189–190
- differences in, 189–192
- following, 189–192
- gas, 85–86
- types, 190–191
- graph, 40–41
- history, 147–148
- exporting, 149–150
- filtering, 149–151
- inputs, 74
- IP addresses, 218–219
- locking, 110
- mempool, 40, 69, 76–77
- messages, embedding, 242
- multi-signature, 71, 110
- outputs, 74
- P2PKH (Pay-to-Public-Key-Health), 71
- P2SH (Pay-to-Script-Hash), 71
- raw addresses, 153
- raw hex, 79–81
- scripts, 73
- ScriptPubKey, 77–79
- ScriptSig, 77–79
- spent state, 73
- states, 73
- timestamps, 156–157
- Trezor Wallet, 97
- TXIDs (transaction IDs), 44
- U
- UNIX, timestamp, 45–46
- unpeeling, 233
- UTXOs, 74
- V
- validators, 90
- vanity addresses, 83–85, 155
- Ver, Roger, 227
- version numbers, headers, 43
- visualization systems, 199
- Chainalysis, 214
- commercial, 214
- Elliptic, 214
- online blockchain viewers, 199
- VPNs (Virtual Private Network), IP addresses, 229–231
- W
- wallet file
- data extraction, 138–140
- Linux system, 144–145
- Notepad++, 138–139
- OSX system, 144–145
- xcopy command, 138–139
- extracting, 131
- Bitcoin Core, 132
- Litecoin, 132–133
- walletexplorer.com, 233
- WalletGenerator, 98–99, 166
- wallets, 95
- addresses, 185
- analysis
- Bitcoin Core, 161–166
- dump file, 162–163
- environment setup, 161–166
- private key import, 166–167
- private keys, 163
- public keys, 163
- cold storage, 98–99
- cold wallets, 98–99
- covert, 105–107
- encrypted
- brute force, 167
- BTCRecover, 167, 168–169
- calculated tables, 167
- dictionary attack, 167
- master key attack, 167, 168
- password recovery, 168
- seed recovery, 169
- hardware, 100
- Keepkey, 97
- Ledger Nano S, 97
- Trezor Wallet, 97
- HD (Hierarchical Deterministic) paths, 133–134
- key storage
- deterministic, 103
- hierarchical, 103
- nondeterministic, 102–103
- online, asset seizure and, 265
- paper, 100–101
- software, 100
- Coinbase, 97
- Coinpayments, 97
- Full Node, 96
- Jaxx, 97
- MyEtherWallet, 97
- Online Node, 96
- Thin Node, 96
- storage, asset seizure and, 259–261
- WannaCry virus, 192
- websites
- bitcoinwhoswho.com, 233
- bitinfocharts.com, 172–173
- bitlisten.com, 83
- bitnodes.earn.com, 219
- bitnotify.com, 194
- blockcypher.com, 62
- blockexperts.com, 188
- blockexplorer.com, 175, 186–187
- BTC.com, 186
- coinlib.io/exchanges, 234
- coinmarketcap.com,
- etherscan.io, 213–214
- hunch.ly, 239
- investopedia.com,
- ipqualityscore.com, 230
- learnmeabitcoin.com, 213–214
- localbitcoins.com, 231–232
- WGET, data analysis, 150–151
- WIF (Wallet Import Format)
- checksums, 101–102
- key generation, 101
- WiFi, sniffing and, 249
- WinPCAP, Wireshark and, 249–254
- Wireshark, 249–254
- wiretaps, 246
- Y
- Yap island stone currency, –6
- Yeow, Addy, 219
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.