A Forensic Look at Bitcoin Cryptocurrency
By Michael Doran
The increased use of cryptocurrencies such as Bitcoin among private users and some businesses has opened a new avenue of research in the field of digital forensics involving cryptocurrencies. Since the creation of Bitcoin in 2008, cryptocurrencies have begun to make a presence in the world of ecommerce. Cryptography serves as the underlying foundation for Bitcoin, which gives it the benefits of confidentiality, integrity, nonrepudiation and authentication. Having been designed and built upon the foundation of these four objectives makes Bitcoin an attractive alternative to mainstream currency and provides users with the benefits of payment freedom, security, very low fees, and fewer risks for merchants. Tools such as Internet Evidence Finder have the capability to recover some Bitcoin artifacts. However, because the cryptocurrency technology is relatively new, very little research has been dedicated to what other forensic artifacts are left on a user’s system as a result of Bitcoin, what those artifacts mean and how to recover them in order to build a successful case involving Bitcoin. This research seeks to ascertain what forensic artifacts are recoverable from a user’s system with Bitcoin wallet applications installed and actively used. Furthermore, this research seeks to recover any evidence of Bitcoin mining that would be present on a user’s system due to the use of such software or applications.