a suite of tools for the forensic analysis of bitcoin
play

A Suite of Tools for the Forensic Analysis of Bitcoin Transactions: - PowerPoint PPT Presentation

Apr 28, 2023 •41 likes •501 views

A Suite of Tools for the Forensic Analysis of Bitcoin Transactions: Preliminary Report Stefano Bistarelli, Ivan Mercanti and Francesco Santini UNIVERSIT DEGLI STUDI DI PERUGIA Dipartimento di Matematica e Informatica EURO-PAR 2018 WS FPDAPP

  1. A Suite of Tools for the Forensic Analysis of Bitcoin Transactions: Preliminary Report Stefano Bistarelli, Ivan Mercanti and Francesco Santini UNIVERSITÀ DEGLI STUDI DI PERUGIA Dipartimento di Matematica e Informatica EURO-PAR 2018 WS FPDAPP 28-08-2018

  2. BLOCKCHAINVIS SUITE

  3. A SUITE OF TOOLS FOR THE FORENSIC ANALYSIS OF BITCOIN TRANSACTIONS AGENDA ▸ BlockchainVis Suite ▸ Modules ▸ Future works

  4. BLOCKCHAINVIS SUITE SYSTEM DESIGN

  5. Bitcoin Node BITCORE NODE

  6. BITCOIN NETWORK BITCOIN User Traders Block N Exchange Block 2 Blockchain Block 1 Block 0 Miners

  7. BITCOIN TRANSACTIONS HOW TRANSACTIONS WORK

  8. BITCORE NODE BITCOIN CORE

  9. Scraper BITCOIN ADRESSES SCRAPER

  10. BITCOIN ADRESSES SCRAPER SET OF USED SCRAPERS ▸ User-names on Bitcoin Talk and Bitcoin-OTC; ▸ Physical coins created by Casascius; ▸ Known scammers on the Bitcoin-OTC and Bitcoin Talk trust system; ▸ Name tags on block-chain.info. 
 ▸

  11. Blockchain DB DATABASE OF TRANSACTIONS

  12. DATABASE OF TRANSACTIONS THE BLOCKCHAIN IN A DB

  13. Mixing Services MIXING SERVICES DETECTOR

  14. MIXING SERVICES DETECTOR MIXING SERVICES Mixing services

  15. MIXING SERVICES DETECTOR MIXING SERVICES Mixing Service Fees Return Time Minimum import Maximum import Name Helix Light 3% 10 minutes - 24 0.01 BTC 43 BTC hours Bitcoin Blender 1-3% 0 - 99 hours 0.01 BTC None Coin Cloud 1% Instantaneous 0.01 BTC None (less then 1 hour) CoinMixer 1-3% + 0.0006 Hours 0.01 BTC None BTC BitClock Random around Hours 0.02 BTC 10 BTC 2% + 0.0008 BTC

  16. MIXING SERVICES DETECTOR DATA SET Mixing services transactions 
 All transactions 
 Type Made with mixing services Obtained from the Block-chain Time range From 25 September 2017 From 25 September 2017 To 22 October 2017 To 22 October 2017 Label Label with the name of the No label service Number of transactions 973 7,852,074

  17. MIXING SERVICES DETECTOR BEHAVIORAL PATTERNS

  18. MIXING SERVICES DETECTOR COINMIXER #output address <=100 #output address > 100 V < 1000 #output address >=1000 Transactions Edge

  19. MIXING SERVICES DETECTOR 14 SUSPICIOUS TRANSACTIONS #output address <=100 ▸ Number of input addresses equal to 2 #output address > 100 V < 1000 #output address >=1000 ▸ Number of output addresses in the range [2530, 2534] ▸ They were collected one a day, for 14 consecutive days. Transactions Edge

  20. MIXING SERVICES DETECTOR SIMILARITY OF ADDRESS SETS Transaction TX 1 TX 2 TX 3 TX 4 TX 5 TX 6 TX 7 TX 1 100% 98% 97% 96% 95% 93% 93% Transaction TX 8 TX 9 TX10 TX 11 TX 12 TX 13 TX 14 TX 1 91.78 91% 90% 90% 89% 88% 88%

  21. Mixing Services Visualizations BLOCKCHAINVIS (VISUALISATION)

  22. BLOCKCHAINVIS VISUALIZATION LAYER

  23. BLOCKCHAINVIS ISLAND VISUALIZATION

  24. BLOCKCHAINVIS ISLAND VISUALIZATION

  25. BLOCKCHAINVIS WANNA CRY

  26. Clustering Mixing Services BITCOIN ADDRESSES CLUSTERISER

  27. BITCOIN ADDRESSES CLUSTERISER MULTI-INPUT HEURISTIC Input 0 address Output 0 address Input 1 address Transaction Input 2 address Output 1 address

  28. BITCOIN ADDRESSES CLUSTERISER MULTI-INPUT HEURISTIC Input 0 address Output 0 address Input 1 address Transaction Input 2 address Output 1 address

  29. BITCOIN ADDRESSES CLUSTERISER SHADOW, CONSUMER AND OPTIMAL CHANGE HEURISTIC Output 0 address Input address Transaction Output 1 address

  30. BITCOIN ADDRESSES CLUSTERISER SHADOW, CONSUMER AND OPTIMAL CHANGE HEURISTIC Output address Input address Transaction Output change address

  31. BITCOIN ADDRESSES CLUSTERISER ONE-TO-ONE HEURISTIC Input 0 address Transaction Output 0 address

  32. BITCOIN ADDRESSES CLUSTERISER ONE-TO-ONE HEURISTIC Input 0 address Transaction Output 0 address

  33. BITCOIN ADDRESSES CLUSTERISER THE MULTISIG-ONE HEURISTIC Output 0 address 0 Input 0 address Transaction Output 0 address 1 Output 0 address 2

  34. BITCOIN ADDRESSES CLUSTERISER THE MULTISIG-ONE HEURISTIC Output 0 address 0 Input 0 address Transaction Output 0 address 1 Output 0 address 2

  35. BITCOIN ADDRESSES CLUSTERISER THE MULTISIG-TWO HEURISTIC Output 0 address 0 Output 0 address 1 Input 0 address Transaction Output 0 address 2 Output 0 address 3

  36. BITCOIN ADDRESSES CLUSTERISER THE MULTISIG-TWO HEURISTIC Output 0 address 0 Output 0 address 0 Output 0 address 1 Input 0 address Transaction Output 0 address 1 Output 0 address 2 Output 0 address 3

  37. BITCOIN ADDRESSES CLUSTERISER BITCOIN ADDRESSES CLUSTERED Heuristic Clustered % of clustered Addresses Addreses MI 83,867,895 72.61 OC 5,004,254 4.33 MS1 520,396 0.45 MS2 2,263 0.001 MI+OC 87,613,567 75.86 MI+MS1 84,372,511 73.05 MI+MS2 83,868,035 72.61 OC+MS1 5,523,007 4.78 OC+MS2 5,006,484 4.33 MS1+MS2 521,263 0.45 MI+OC+MS1 88,116,265 76.29 MI+OC+MS2 87,613,699 75.86 MI+OC+MS1 84,373,211 72.61 OC+MS1+MS2 5,523,859 4.78 MI+OC+MS1+MS2 88,116,388 76.29

  38. Mixing Services Tx Info TRANSACTION INFORMATION

  39. TRANSACTION INFORMATION STANDARD VS NON STANDARD 782.123.115 55.509.759 100000000 220.857 10000 304 1 STANDARD NON STANDARD

  40. TRANSACTION INFORMATION DISTRIBUTION OF STANDARD TRANSACTIONS P2PKH P2PK Multi-signature OP_RETURN P2SH P2WPKH P2WSH 1000000000 1000000 1000 1

  41. TRANSACTION INFORMATION DISTRIBUTION OF NON STANDARD TRANSACTIONS OnlyHash P2Pool Bug CLTV MIN EQUAL P2PKH NOP P2PKH 0 RETURN ERROR P2H Others 1.000 100 10 1

  42. TRANSACTION INFORMATION DISTRIBUTION OF MINERS IN NON-STANDARD TRANSACTIONS BitClub 2% P2Pool 64% UNKNOWN 20% AntPool 1% F2Pool BTC Guild 4% 1% Eligius 5% Bitcoin-India 3%

  43. CONCLUSIONI FUTURE WORKS ▸ Bitcore Node: build a graphical interface. ▸ Database of transactions: build Spark DB with Mesh to store the graph structure of transactions and a MongoDB for visualizations. ▸ Mixing Services Detector: fully automatised the module. ▸ Bitcoin Addresses Clusteriser: clustered addresses with all aforementioned heuristics. ▸ Transaction Information: study P2SH, the aim is to investigate such scripts.

  44. CONCLUSIONI FUTURE WORKS ▸ We plan to build a new module that show informations about miners, called Miner analysis . ▸ Make BlockchainVis Suite able to analyse not only Bitcoin, but also other crypto-currencies, as Ethereum for example.

  45. CONCLUSIONI RELATED PUBLICATIONS ▸ Stefano Bistarelli, Matteo Parroccini, Francesco Santini: Visualizing Bitcoin Flows of Ransomware: WannaCry One Week Later . ITASEC 2018 ▸ Stefano Bistarelli, Francesco Santini: Go with the -Bitcoin- Flow, with Visual Analytics . ARES 2017: 38:1-38:6 ▸ Stefano Bistarelli, Marco Mantilacci, Paolo Santancini, Francesco Santini: An end- to-end voting-system based on bitcoin . SAC 2017: 1836-1841 ▸ S. Bistarelli, A. Cretarola, G. Figà-Talamanca, I. Mercanti, and M. Patacca: Is arbitrage possible in the bitcoin market? . GECON 2018. ▸ Stefano Bistarelli, Ivan Mercanti, and Francesco Santini: An analysis of non- standard bitcoin transactions . Crypto Valley Conference 2018.

  46. A Suite of Tools for the Forensic Analysis of Bitcoin Transactions: Preliminary Report Stefano Bistarelli, Ivan Mercanti and Francesco Santini THANKS FOR THE ATTENTION. QUESTIONS? UNIVERSITÀ DEGLI STUDI DI PERUGIA Dipartimento di Matematica e Informatica EURO-PAR 2018 WS FPDAPP 28-08-2018

Recommend

Forensic Feature Extraction and Cross-Drive Analysis Simson L. Garfinkel Center for Research on

Forensic Feature Extraction and Cross-Drive Analysis Simson L. Garfinkel Center for Research on

Forensic Feature Extraction and Cross-Drive Analysis Simson L. Garfinkel Center for Research on Computation and Society Harvard University 1:15pm, Tuesday, August 15, 2006 1 Todays forensic tools are designed for one drive at a time.

552 views • 34 slides
Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic Challenge V2.0 * Conclusions Introduction Why this forensic Challenge ? * To promote and impulse the Forensic Analysis in our Region -- Hispanoamerica--

558 views • 19 slides
Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin work? The characteris5cs of Bitcoin WHAT IS BITCOIN Bitcoin is a form of digital currency, created and held electronically. No one controls it.

839 views • 17 slides
Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Cryptocurrency Technologies Mechanics of Bitcoin Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin Scripts Bitcoin Blocks The Bitcoin Network Limitations and Improvements Mechanics of

695 views • 33 slides
qPCR in forensic DNA analysis Johannes Hedman Researcher, Applied Microbiology, Lund University

qPCR in forensic DNA analysis Johannes Hedman Researcher, Applied Microbiology, Lund University

qPCR in forensic DNA analysis Johannes Hedman Researcher, Applied Microbiology, Lund University Specialist, Swedish National Laboratory of Forensic Science Forensic science Every contact leaves a trace Edmond Locard (1877 1966) Forensic

1.32k views • 78 slides
Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing

Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing

Mathieu Deous Julien Reveret Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing forensic analysis on a compromised web server What to search, where, how ? Logs but also dynamic analysis What

603 views • 28 slides
Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite

Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite

Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite 12 spacious Suites Junior Suite: 45m 2 Suite: 65m 2 Apartment Suite: 110m 2 Fine Italian Cuisine Renowned Chef Vito Grippa

498 views • 18 slides
Forensic DNA Fingerprinting Lab Tools and Technology Used During Lab p20 micropipette

Forensic DNA Fingerprinting Lab Tools and Technology Used During Lab p20 micropipette

Forensic DNA Fingerprinting Lab Tools and Technology Used During Lab p20 micropipette Restriction enzymes (EcoRI, PstI, HindIII) Water bath 37 C Agarose gel electrophoresis DNA ladder (molecular ruler) Restriction

712 views • 43 slides
What are these tools? Google suite and Office 365 suite are both: Integrated suites of secure,

What are these tools? Google suite and Office 365 suite are both: Integrated suites of secure,

What are these tools? Google suite and Office 365 suite are both: Integrated suites of secure, cloud-native collaboration and productivity apps allowing your users to communicate with the public. Huh? Cloud=All data is stored in servers on

229 views • 6 slides
Container Model Suite of Tools QPI Meeting Bradenton, Fl Keith Hofseth Institute for Water

Container Model Suite of Tools QPI Meeting Bradenton, Fl Keith Hofseth Institute for Water

Container Model Suite of Tools QPI Meeting Bradenton, Fl Keith Hofseth Institute for Water Resources February 1 2012 BUILDING STRONG! Container Modeling Suite of Tools Objective: Provide Corps planners with a set of desktop tools to

625 views • 33 slides
Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae Kim* *KAIST, Sungkyunkwan University 1 Governance conflict The number of Bitcoin transaction per month Bad scala bility

731 views • 46 slides
Why This Workshop? In 2009 the Research Council of the National Academy of Sciences issues a

Why This Workshop? In 2009 the Research Council of the National Academy of Sciences issues a

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18, 2015 Ohio MHAS Forensic Conference Columbus, OH Terry Kukor, Ph.D., ABPP Board Certified in Forensic Psychology Director of Forensic Services Netcare

972 views • 23 slides
Challenges in Crime Scene Investigation Technical challenges in forensic STR profiling

Challenges in Crime Scene Investigation Technical challenges in forensic STR profiling

Epigenetics a New Perspective for Improving Forensic Science p g Hwan Young Lee, Ph.D. Department of Forensic Medicine Yonsei University College of Medicine Current Forensic DNA Typing Forensic cases -- matching suspect with evidence

247 views • 13 slides
Symbiotic EDA Suite www.symbioticeda.com Symbiotic EDA We build Open Source EDA Tools And

Symbiotic EDA Suite www.symbioticeda.com Symbiotic EDA We build Open Source EDA Tools And

Symbiotic EDA Suite www.symbioticeda.com Symbiotic EDA We build Open Source EDA Tools And offer commercial versions of those tools with additional functionality and support Symbiotic EDA Suite We specialize in Formal

851 views • 31 slides
Objectives 1. Articulate the rationale for restructuring forensic evaluation reports 2. Identify

Objectives 1. Articulate the rationale for restructuring forensic evaluation reports 2. Identify

11/5/2015 Specialized Topics in Ethical Forensic Practice, Part 1: Restructured Forensic Reports Presented For OhioMHAS Forensic Conference November 18, 2015 Terry Kukor, Ph.D., ABPP (Forensic) Joy Stankowski, M.D. Aracelis (Liz) Rivera, Psy.D.

451 views • 17 slides
Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk Tyler Moore 1 Nicolas Christin 2

Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk Tyler Moore 1 Nicolas Christin 2

Data on Bitcoin-Exchange Closures Survival Analysis of Exchange Closure Regression Analysis of Exchange Breaches Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk Tyler Moore 1 Nicolas Christin 2 1 Computer Science &amp;

751 views • 31 slides
$ Circumventing Forensic Live-acquisition Tools &gt; Rootkits for

$ Circumventing Forensic Live-acquisition Tools &gt; Rootkits for

$ Circumventing Forensic Live-acquisition Tools &gt; Rootkits for dubious defensive purposes &gt; Yonne de Bruijn (yonne.debruijn@os3.nl) Digital Forensics $ retrieve

304 views • 27 slides
Forensic evaluation of nine miniSTR loci to aid analysis of degraded DNA in Koreans Ukhee Chung,

Forensic evaluation of nine miniSTR loci to aid analysis of degraded DNA in Koreans Ukhee Chung,

Forensic evaluation of nine miniSTR loci to aid analysis of degraded DNA in Koreans Ukhee Chung, Hwan Young Lee, Myung Jin Park, Sang-Ho Cho, Kyoung-Jin Shin and Woo Ick Yang Department of Forensic Medicine, Yonsei University College of

554 views • 13 slides
T and Science of Forensic Monitoring Forensic Monitor may be employed by one Board or a

T and Science of Forensic Monitoring Forensic Monitor may be employed by one Board or a

11/5/2015 The T and Science of Forensic Monitoring Robert N. Baker, PhD Jeannie Cool, PCC-S Lottie Gray, MSSA, LISW, CDCA Julia King, PsyD, MBA T and Science of Forensic Monitoring Has your boss just told you? You are our New Forensic

389 views • 24 slides
Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Cryptocurrency Technologies Bitcoin as a Platform Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments Token tracking Multiparty lotteries Public randomness Prediction markets A fine stew

714 views • 38 slides
Tools Suite Keith Mitchell, Jerry Lundstr m https://www.dns-oarc.net/ OARC's Mission The

Tools Suite Keith Mitchell, Jerry Lundstr m https://www.dns-oarc.net/ OARC's Mission The

UKNOF37 Manchester April 2017 OARC's DNS Software Tools Suite Keith Mitchell, Jerry Lundstr m https://www.dns-oarc.net/ OARC's Mission The Domain Name System Operations Analysis and Research Center (DNS-OARC) is a non-profit, membership

586 views • 27 slides
Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18,

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18,

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18, 2015 Ohio MHAS Forensic Conference Columbus, OH Terry Kukor, Ph.D., ABPP Board Certified in Forensic Psychology Director of Forensic Services Netcare

1.29k views • 67 slides
Molecular tools for forensic body fluid identification body fluid identification Hwan Young Lee,

Molecular tools for forensic body fluid identification body fluid identification Hwan Young Lee,

Molecular tools for forensic body fluid identification body fluid identification Hwan Young Lee, Ph.D. Department of Forensic Medicine, Yonsei University College of Medicine, Seoul, Korea Presentation overview Introduction: Body fluid

136 views • 12 slides
Bitcoin Knowledge How Bitcoin Works at a Technical Level (Part 1) By Ryan Brewer @rhunbre v1

Bitcoin Knowledge How Bitcoin Works at a Technical Level (Part 1) By Ryan Brewer @rhunbre v1

Bitcoin Knowledge How Bitcoin Works at a Technical Level (Part 1) By Ryan Brewer @rhunbre v1 DISCLAIMER This content is intended to be used, and must be used, for informational purposes only. Always perform your own analysis before making

534 views • 25 slides

More recommend