Insights into Bitcoin Forensics

February 16, 2018 | Views: 5312

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Bitcoin is a cryptocurrency. It is an attempt to bring back a Decentralized currency of people. It is not controlled by any central body. It works on peer to peer network. Bitcoin woks on Blockchain technology.

Blockchain is a type of distributed ledger. The data is stored in blocks. These blocks contain digitally recorded data that is unchangeable. Linked list is used in which block contains hash of previous block and so on.

Blockchain has several applications like Smart Contracts, Equity, Croudfunding, Health care, Intellectual Property and much more.


Bitcoin uses Elliptic Curve Signature Algorithm. ECDSA is used to generate a public key from the private key. The public key can be used to verify transactions signed using the private key. There are 64-byte public key that are hashed into 20-byte addresses. These 20-byte address are formatted using base58 check to produce either P2PKH or P2SH bitcoin address.


Bitcoin network is composed of Peers connected to other Peers over unencrypted TCP channels. Each peer attempts to maintain eight outgoing connections to peers. These eight peers are called entry nodes. Transaction and Block messages are propagated in network by being relayed through these entry nodes to the peers

Forensic Steps

Forensic has major four steps. These are:
1. Identification
-identify specific objects that store important data for the case analysis

2. Collection
-establish a chain of custody and document all steps to prove that the collected data remains intact and unaltered

3. Analysis & Evaluation
-determine the type of information stored on digital evidence and conduct a thorough analysis of the media

4. Reporting
-Prepare and deliver an official report

Each forensic investigator should know the architecture of Blockchain. As currently there is no software tool available for Bitcoin Forensic so one should look at every information regarding bitcoin and blockchain.

Bitcoin don’t exist anywhere not even on hard drive. For a particular bitcoin address there are no digital bitcoins held against that address. One must reconstruct the balance of bitcoin by looking at the Blockchain. Everyone on the network knows about the transaction and the history can be traced back to the point where the bitcoins were produced

There are several websites on which information regarding bitcoins can be enumerated. These are:
-Used to see the block hashes of bitcoins

-Used to get latest block information(Height, Age, Hash, Transaction, Size)

-Used to get information of blocks by date and timestamps

-Used to get block information(Height, Time, Relayed by, Hash, Size)

-Used to get Block summary, Market summary, Transaction Summary

The information that can be collected from Bitcoin artifacts are:
1. System Info
2. Info about Logged Users
3. Registry Info
4. Web Browsing Activities
5. Recent Communications

Every forensic investigator should look thoroughly through the transactions happening on Blockchain. It contains huge number of public addressed which should be noted down properly. Bitcoin addresses can help in tracing the purchases

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. This is my favorite article. I wish there was a complete course on this subject.

  2. very interesting

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?