Investigating Cryptocurrencies

Content
45 modules

Difficulty
Intermediate

Rating

Instructor
Nick Furneaux

Released
11 Mar 2019

Price
£1,050.00

Description

What Will You Learn

 

Cryptocurrencies in their many forms, based on the blockchain concept, are here to stay and will increasingly pervade the way people trade and create contracts with each other.  This already provides a significant challenge for investigators from many different fields who are increasingly being faced with transactions that appear anonymous and incomprehensible.

This course, developed by respected investigator and researcher, Nick Furneaux, is designed to take an investigator from a basic understanding of blockchain technologies through to being an expert in the field, able to confidently investigate transactions and give evidence on their findings.

During the course, we build and then play with a simple new cryptocurrency (NickCoin!) to understand all the basic concepts, even mining for new ‘coins’.  We learn about the underlying encryption and hashing algorithms used and what it teaches us about a transaction before setting up Wallets and understanding how transactions actually work.

Next, we learn how to find and extract addresses from paper wallets, computer disks/memory and the web.  Then we look at how to extract raw data from all the primary blockchains using their API’s and discover numerous techniques to de-anonymize users within the blockchain and even how to extract attributable Bitcoin addresses from a wiretap or seized device.  Lastly, we consider how to seize and protect Coins used in criminal activity.

We are not aware of any course currently available that digs this deep into the subject. Although we cover Bitcoin and Ethereum specifically, the skills taught should enable the investigator to figure out the process of examining any cryptocurrency.

Objectives

 

Course Goals

 

  1. To learn and fully understand the blockchain concept
  2. To be able to set up and run cryptocurrency accounts
  3. To be able to locate addresses on various media including carving from memory
  4. To be able to build information about a specific address
  5. To be able to cluster addresses to aid indentification
  6. For the student to be able to track transactions
  7. To enable the student to apply techniques to identify real world users in a transaction
  8. To understand the methodology for seizure of Coins
  9. To be able to explain the technology and your actions taken during the investigation
  10.  

     

    Course Content

     

    Why do investigators need to understand Cryptocurrencies?
     

    What is a cryptocurrency?


    A look at many of the current lead currencies in the field
     

    A detailed description of hashing as it applies to Cryptocurrencies, including the use of:
     

                SHA256

                Base58
     

    A detailed understanding of blockchain cryptography including:
     

                Public/Private Key encryption

                RSA cryptography

                Elliptic Curve cryptography

     

    Build, run and trade a pseudo-cryptocurrency (NickCoin!) in the classroom which will teach the basics of the distributed ledger, transactions, hashing and mining

     

    Comprehensive understanding of the blockchain including:

     

                Block structure

                Block headers

                Hashing and the Merkle Tree

                Forks – Hard and Soft

     

    Transactions

                Pulling raw data via API’s

                Breaking down a raw transaction

                How Change works

                How fees work

                What is the Mempool

     

    Mining – how it works

     

                The Proof-Of-Work concept

                The math’s behind it all

                Pools

     

    Wallets

                Non-Deterministic

                Deterministic

                Hierarchical Deterministic Wallets (HD)

                Hardware

                Mobile Devices

                Paper

     

     

    Scripting - Understanding:

     

    Bitcoin scripts

    Ethereum Contracts

                Tokens

                ICO’s

     

    Setting up a wallet

     

                Full node

                

     

    Investigations

     

    Detecting the use of cryptocurrency

     

                Premises search, what to look for

                            Paper based material

                            Hardware wallets

                            QR and Mnemonic Codes

     

    Open Source Intelligence methods to locate addresses

     

    Extracting information about a located address

     

                Using web based resources

                Using an API to get to the raw data

                Time analysis

                Searching for an address online

     

    Extracting Private and Public keys (addresses) from seized computers

                

                Searching a computer for addresses

                            From an image

                            From RAM

                            Working on a live computer

                            Exporting Wallets

                Searching for wallets in backups

     

    Opening and analyzing a recovered wallet

     

                Extracting all private and public keys

                Discovering what keys have been used

                            Batch address look ups

                Importing a 3rdparty public key

                Cracking an encrypted Wallet

     

     

    Following a transaction through the blockchain using online tools

                Aggregating addresses

                Following forked blocks

    Mixers

     

    Learning and applying address clustering techniques

                Identifying change addresses

                Identifying addresses owned by the same entity

     

    Blockchain Visualization systems:

     

                Online tools – 

    Blockchain graph

    Etherscan graph

    Maltego

                Numisight

     

     

    Automatically Monitoring Addresses 

     

    IP address location and enumeration

     

                IPs logged in the blockchain

                Crawling for IP addresses in full nodes

                Are they using a VPN?

                Are they using Tor?

                            Mapping nodes against Tor IP’s

     

    Tracking to a Service Provider

     

                Currency exchanges

                Traders

                Thin client server admins

     

    Using Open Source Methods

                            Investigating on the open web

                            Getting on the dark web

     

     

    Extracting Address and Transaction data via an Intercept

     

                Via Wifi monitoring

                Via Wired Intercept

     

    Detecting and decoding hidden micromessages

     

    Methodology for seizing Coins using extracted Private Keys

     

     

    Examples of crime

     

    Money laundering

     

    Illegal purchases

     

    Phishing

     

                For private keys

                For donations

     

    Hacking

                Change addresses on web site

     

    ICO fraud

     

    Scripting and possible vulnerabilities

     

     

    In depth, hands-on practical’s throughout the week.

     

     

    Requirements
     

    The student should have a reasonable understanding of investigation of online crimes, be computer literate and be comfortable with online researching.  A basicunderstanding of cryptography, databases and fraud may be useful.

Certificate

By completing/passing this course, you will attain the certificate Crypto-Currencies Cert

1
Introduction
{{ vm.helper.t('reports.module') }}
2
How do Cryptocurrencies work?
{{ vm.helper.t('reports.module') }}
3
How do Cryptocurrencies work? - Quiz
{{ vm.helper.t('courses.exam') }}
4
Maths
{{ vm.helper.t('reports.module') }}
5
Maths - Quiz
{{ vm.helper.t('courses.exam') }}
6
Let's Play a Game
{{ vm.helper.t('reports.module') }}
7
What is the Blockchain?
{{ vm.helper.t('reports.module') }}
8
What is the Blockchain? - Quiz
{{ vm.helper.t('courses.exam') }}
9
Understanding Mining
{{ vm.helper.t('reports.module') }}
10
What are Transactions?
{{ vm.helper.t('reports.module') }}
11
What are Transactions? - Quiz
{{ vm.helper.t('courses.exam') }}
12
Understanding Wallets
{{ vm.helper.t('reports.module') }}
13
Understanding Wallets - Quiz
{{ vm.helper.t('courses.exam') }}
14
Contracts and Tokens
{{ vm.helper.t('reports.module') }}
15
Finding Addresses
{{ vm.helper.t('reports.module') }}
16
Finding Addresses - Quiz
{{ vm.helper.t('courses.exam') }}
17
Seized Computers
{{ vm.helper.t('reports.module') }}
18
Seized Computers - Quiz
{{ vm.helper.t('courses.exam') }}
19
Finding Data on a Public Address
{{ vm.helper.t('reports.module') }}
20
Finding Data on a public Address - Quiz
{{ vm.helper.t('courses.exam') }}
21
Ransomware Practical Solution
{{ vm.helper.t('reports.module') }}
22
Wallet Analysis
{{ vm.helper.t('reports.module') }}
23
Wallet Analysis - Quiz
{{ vm.helper.t('courses.exam') }}
24
Following the Money Part 1
{{ vm.helper.t('reports.module') }}
25
Following the Money Part 1 - Quiz
{{ vm.helper.t('courses.exam') }}
26
Following the Money Part 2
{{ vm.helper.t('reports.module') }}
27
Following the Money Part 3
{{ vm.helper.t('reports.module') }}
28
Following the Money Part 3 - Quiz
{{ vm.helper.t('courses.exam') }}
29
Following the Money Part 4
{{ vm.helper.t('reports.module') }}
30
Visualisation
{{ vm.helper.t('reports.module') }}
31
Visualisation - Quiz
{{ vm.helper.t('courses.exam') }}
32
Visualisation Practical Solution
{{ vm.helper.t('reports.module') }}
33
IP Address Location
{{ vm.helper.t('reports.module') }}
34
IP Address Location - Quiz
{{ vm.helper.t('courses.exam') }}
35
Tracking to a Service Provider
{{ vm.helper.t('reports.module') }}
36
Tracking to a service provider - Quiz
{{ vm.helper.t('courses.exam') }}
37
Tracking to a Service Provider Practical Solution
{{ vm.helper.t('reports.module') }}
38
Tracking to a Trader
{{ vm.helper.t('reports.module') }}
39
Tracking to a Trader Practical Solution
{{ vm.helper.t('reports.module') }}
40
Open Source Methods
{{ vm.helper.t('reports.module') }}
41
Alternative Cryptocurrencies
{{ vm.helper.t('reports.module') }}
42
Micromessages
{{ vm.helper.t('reports.module') }}
43
Seizure
{{ vm.helper.t('reports.module') }}
44
Putting it Together
{{ vm.helper.t('reports.module') }}
45
Final Exam
{{ vm.helper.t('courses.exam') }}
 
Added 20 days ago, by Neil
Excellent course on investigating Cryptocurrencies. Would definitely recommend.
 
Added about 1 month ago, by David
 
Added 2 months ago, by Rod
Really enjoyed it. Few comments: Unable to get cyphertrace working. Perhaps more info on dark web, some examples maybe? Another module on the other software products, e.g. Chainanalysis and Nutrino. Last video cuts out at the end mid-speech. Could not find any video related to "sniffing on the wire" in the notes
 
Added 2 months ago, by nicole
 
Added 2 months ago, by Sally
 
Added 2 months ago, by Paul
Great course, some technical problems though getting some of the software working that may have been easier if dealt with in a classroom environment.
 
Added 2 months ago, by James
Very interesting and informative. A huge amount of information to take in but this has enabled me to make sense of previous Cryptocurrency inputs and will hopefully serve me well going forward. Impossible to complete on Met Police computers
 
Added 2 months ago, by Andy
 
Added 2 months ago, by Drew
Fantastic course. Should be taught to all investigators
 
Added 2 months ago, by Anonymous
Excellent course, very thorough with some brilliantly helpful insights.

Shopping Cart

Your cart is empty