Bitcoin investigations training

Computer forensics training and education issues. If you are looking for topic suggestions for your project, thesis or dissertation please post here rather than the general discussion forum.
Go to page Previous 1 , 2

Re: Bitcoin investigations training

Post Posted: Wed Nov 15, 2017 2:15 pm

- hcso1510
I told him what I needed to know is hypothetically lets say a guy comes in claiming he purchased a car for x amount of Bitcoin, but he didn't get it. How do I turn available information into actionable intel and catch the suspect?


Excuse me (and sorry if I bring the matter slightly off-topic) but I don't understand the (hypothetical) example.

Was it to:
1) identify the counterpart selling the car?
2) prove that a given amount of bitcoins was actually transferred from the purchaser to the seller?
3) something else (that is totally escaping me)

I mean, given that the identity of the seller is known (unless the purchaser just sent a substantial amount of bitcoins to the account of a perfect stranger over the internet) and once proven that the bitcoin transaction actually took place, what (coming from the analysis of the blockchain) is proving:
1) that the receiving wallet actually "belongs" to the seller
2) that the transaction was made for the sale of a car (and not for the sale of something else or as a gift, or *whatever*)


jaclaz


- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member

    Re: Bitcoin investigations training

    Post Posted: Wed Nov 15, 2017 6:18 pm

    jaclaz,

    I probably didn't describe what I meant all that well. My understanding of Bitcoin is that it was largely, or at least in part, created as a vehicle to combat big banks and banking fees. I've also been told that the original intent was not to necessarily be an avenue for clandestine purchases.

    I have not done this myself, but I have been told that you can download a fairly large file that will contain every Bitcoin transaction ever made? If I were to do so what would I find. The wallet number of the individuals involved in the transaction, or the wallets public key? Lets say I had a wallet number, or a public key? How do I trace that information back to an individual? As I mentioned in my OP I once downloaded two Bitcoin wallets. The registration of one of the wallets requested my banking information while the other did not.


    So: If I were to be working a case involving a case involving Bitcoin I know that there would likely be additional information like phone numbers, email addresses and IP's. Those things can all be faked through various means. In those cases I either have a good idea of how to trace it back to an individual, or I know where to go to ask questions. Bitcoin on the other hand seems to be much different. I get that Bitcoins history is important, but how/if you can trace a transaction back to an individual is training that is lacking.


    Ed

    I'm not a cellular technology expert, but I did stay at a Holiday Inn Express last night. 

    hcso1510
    Senior Member

    Re: Bitcoin investigations training

    Post Posted: Thu Nov 16, 2017 5:24 am

    - hcso1510
    jaclaz,

    I probably didn't describe what I meant all that well. My understanding of Bitcoin is that it was largely, or at least in part, created as a vehicle to combat big banks and banking fees. I've also been told that the original intent was not to necessarily be an avenue for clandestine purchases.

    SureSmile, the "impression" that Bitcoin is used only for "evil" scopes is very similar to the "impression" that torrents and Tor are only used for the same "evil" scopes.

    But I was trying to say something different, in a "normal" sale/purchase of a car between privates there is normally (not always):
    1) an advertisement (public, on apaper on on a site) by the seller stating that he is going to sell a car for a given price
    2) some correspondence between the seller and the purchaser, including usually photos of the car
    3) a visit (in person) of either the purchaser to the place where the car is or a visit of the seller (with the car) to the place where the purchaser leaves, hopefully with some third party witnessing it.
    4) an agreement between the parts about the price, the delivery date and place, etc. (often verbal, but again hopefully in written form)
    5) a payment (that could be also entirely untraceable, like cash)
    6) the filling of some official documentation (of course depending on the actual country this may be easier or more complicated official)

    All in all step #5, if done in cash, is the least traceable step but also the less relevant from a legal standpoint, as I see it.

    I mean I can go and claim that I gave Mr. X US$ 10,000 in cash for his car, and he never delivered it, but that would be just my word against his without some proof of all (or most of) the other steps mentioned.

    In the case of a Bitcoin payment, given that somehow (and AFAIK is not at all easy, if possible at all) that you can prove is that a transaction for US$ 10,000 between me and Mr.X[1] actually happened (let's say that I have a fotocopy of each and every Benjamin and the same banknotes are *somehow* found in possession of Mr.X[2]), you essentially have nothing connecting it with the sale of the car.

    Mr.X may well state that I owed him US$ 10,000 that he lent me earlier, that it was a liberally given donation, that it was in exchange for sexual favoursShocked
    www.imdb.com/title/tt0.../qt0266023
    , *whatever*.

    jaclaz

    [1] the blockchain obviously can trace the transaction, but only from "wallet #1" to "wallet #2" (actually there is no real *need* of a wallet, it may be a simple bitcoin address, i.e. only a public key), linking wallet/address #2 to a person, and prove it is an altogether different thing, and then - assuming that I am saying the truth and that Mr.X is actually a crook or a swindler - the actual bitcoins would have likely gone through one or more "mixer(s)" or however transferred to other addresses.
    [2] the legal means to be able to perform this search will vary from country to country


    - In theory there is no difference between theory and practice, but in practice there is. - 

    jaclaz
    Senior Member
      Page 2 of 2
      Go to page Previous 1 , 2




      ± Forensic Focus Partners

      ± Your Account



      Site Members:

      New Today: 3 Overall: 33332
      New Yesterday: 3 Visitors: 236

      ± Follow Forensic Focus

      Forensic Focus Facebook Page Forensic Focus on Twitter Forensic Focus LinkedIn Group Forensic Focus YouTube Channel

      RSS feeds: News Forums Articles

      ± Latest Articles

      ± Latest Webinars


      Build a Mobile Site
      View Site in Mobile | Classic
      Share by: