Insights into Bitcoin Forensics

Bitcoin is a cryptocurrency. It is an attempt to bring back a Decentralized currency of people. It is not controlled by any central body. It works on peer to peer network. Bitcoin woks on Blockchain technology.Blockchain is a type of distributed ledger. The data is stored in blocks. These blocks contain digitally recorded data that is unchangeable. Linked list is used in which block contains hash of previous block and so on.Blockchain has several applications like Smart Contracts, Equity, Croudfunding, Health care, Intellectual Property and much more.AlgorithmBitcoin uses Elliptic Curve Signature Algorithm. ECDSA is used to generate a public key from the private key. The public key can be used to verify transactions signed using the private key. There are 64-byte public key that are hashed into 20-byte addresses. These 20-byte address are formatted using base58 check to produce either P2PKH or P2SH bitcoin address.WorkingBitcoin network is composed of Peers connected to other Peers over unencrypted TCP channels. Each peer attempts to maintain eight outgoing connections to peers. These eight peers are called entry nodes. Transaction and Block messages are propagated in network by being relayed through these entry nodes to the peersForensic StepsForensic has major four steps. These are:1. Identification-identify specific objects that store important data for the case analysis2. Collection-establish a chain of custody and document all steps to prove that the collected data remains intact and unaltered3. Analysis & Evaluation-determine the type of information stored on digital evidence and conduct a thorough analysis of the media4. Reporting-Prepare and deliver an official reportEach forensic investigator should know the architecture of Blockchain. As currently there is no software tool available for Bitcoin Forensic so one should look at every information regarding bitcoin and blockchain.Bitcoin don't exist anywhere not even on hard drive. For a particular bitcoin address there are no digital bitcoins held against that address. One must reconstruct the balance of bitcoin by looking at the Blockchain. Everyone on the network knows about the transaction and the history can be traced back to the point where the bitcoins were producedThere are several websites on which information regarding bitcoins can be enumerated. These are:1. https://anders.com/blockchain/blockchain.info-Used to see the block hashes of bitcoins2. http://blockexplorer.com-Used to get latest block information(Height, Age, Hash, Transaction, Size)3. http://blockexplorer.com/blocks-Used to get information of blocks by date and timestamps4. http://blockchain.info/blocks-Used to get block information(Height, Time, Relayed by, Hash, Size)5. http://blockchain.info/stats-Used to get Block summary, Market summary, Transaction SummaryThe information that can be collected from Bitcoin artifacts are:1. System Info2. Info about Logged Users3. Registry Info4. Web Browsing Activities5. Recent CommunicationsEvery forensic investigator should look thoroughly through the transactions happening on Blockchain. It contains huge number of public addressed which should be noted down properly. Bitcoin addresses can help in tracing the purchases