Course

For a list of upcoming dates for the Live Cryptocurrency for Investigators Course,  please click the link below

Book Live Course


The online version of the course, presented by Nick Furneaux, is now available. It has been taken by over 250 officers and has received an average of 4.9/5 stars!

For more information about this and our other online courses follow the link below

Purchase Online Course

The book was originally based on the class and so represents an excellent way to review what you have read and enjoy more in-depth descriptions and practical’s in a media rich learning environment.

Course Description

Cryptocurrencies in their many forms, based on the blockchain concept, are here to stay and will increasingly pervade the way people trade and create contracts with each other.  This already provides a significant challenge for investigators from many different fields who are increasingly being faced with transactions that appear anonymous and incomprehensible.

This course, developed by investigator and author of Investigating Cryptocurrencies, Nick Furneaux, is designed to take an investigator from a basic understanding of blockchain technologies through to being a self-reliant investigator in the field, able to confidently investigate transactions and give evidence on their findings.

During the course, we build and then trade a simple new cryptocurrency in the classroom (NickCoin!) to understand all the basic concepts, even mining for new ‘coins’.  We learn about the underlying encryption and hashing algorithms used and what it teaches us about a transaction before setting up and analyzing cryptocurrency wallets.

Next, we learn how to find and extract addresses from paper wallets, computer disks/memory and the web.  Then we look at how to extract raw data from all the primary blockchains using their API’s and discover numerous techniques to de-anonymize users within the blockchain and even how to extract attributable Bitcoin addresses from seized devices.  Next, the key skill of tracing payments through a blockchain which can be very complex to achieve without some vital skills.  Lastly, we consider how to seize and protect Coins used in criminal activity.

We are not aware of any course currently available that is as this comprehensive.  Although we cover Bitcoin and Ethereum specifically, the skills taught should enable the investigator to work out the process of examining any cryptocurrency.

The course is hands-on throughout and includes real-world practical sections to test skills learned.

Course Goals

  1. To learn and fully understand the blockchain concept
  2. To be able to set up and run cryptocurrency accounts
  3. To be able to locate addresses on various media including carving from memory
  4. To be able to build information about a specific address
  5. For the student to be able to track transactions
  6. To enable the student to apply techniques to identify real world users in a transaction
  7. To understand the methodology for seizure of Coins
  8. To be able to explain the technology and your actions taken during the investigation

Course Content

Below is a detailed list of what is contained in the course:

  • Why do investigators need to understand Cryptocurrencies?
  • What is a cryptocurrency?
  • A look at many of the current lead currencies in the field
  • A detailed description of hashing as it applies to cryptocurrencies, including the use of:
    • SHA256
    • Base58
  • A detailed understanding of blockchain cryptography including:
    • Public/Private Key encryption
    • RSA Cryptography
    • Elliptic Curve cryptography
  • Build, run and trade a pseudo-crypto currency (NickCoin!) in the classroom which will teach the basics of the distributed ledger, transactions, hashing and mining
  • Comprehensive understanding of the blockchain including:
    • Block structure
    • Block headers
    • Deconstructing blocks from raw hex
    • Hashing and Merkle Tree
    • Forks – Hard and Soft
    • Interpreting raw data from Bitcoin and Ethereum
  • Transactions
    • Pulling raw data via API’s
    • Breaking down a raw transaction
    • How Change works
    • How fees work
    • What is the Mempool
  • Mining – how it works
    • The Proof-Of-Work concept
    • The math’s behind it all
    • Pools
  • Wallets
    • Non-Deterministic
    • Deterministic
    • Hierarchical Deterministic Wallets (HD)
    • Hardware
    • Mobile Devices
    • Paper
  • Setting up a covert wallet – how does the criminal do it?
  • Scripting – Understanding
    • Bitcoin scripts
    • Ethereum Contracts
    • Tokens
    • ICO’s
  • Setting up a Wallet
    • Full node
  • Detecting the use of a cryptocurrency
    • Premises Search – What to look for
      • Paper based wallets
      • Hardware wallets
      • QR and Mnemonic Codes
  • OSI methods to locate addresses
  • Extracting information about a located adress
    • Using web based resources
    • Using an API to get the raw data
    • Time analysis
    • Searching for an address online
  • Extracting Private and Public keys (addresses) from seized computers
    • Searching a Computer for addresses
      • From an image
      • From RAM
      • Working on a live computer
    • Searching wallets for in backups
  • Opening and analyzing a recoverd wallet
    • Extracting all private and public keys
    • Discovering what keys have been used
      • Batch address look ups
    • Importing a third party public key
    • Cracking an encrypted wallet
  • Following a transaction through the blockchain manually
    • Using the Bitcoin Core console to interrogate the blockchain offline
    • Using API calls to access any raw blockchain data online
  • Advanced Clustering
    • Methods to identify addresses held by the same entity
  • Blockchain visualization systems
    • Online tools
      • Blockchain graph
      • Etherscan graph
    • Maltego
    • Numisight
  • Automatically monitoring addresses
  • IP address location and enumeration
    • IP’s logged in the blockchain
    • Crawling for IP addresses in full nodes
    • Are they using Tor
      • Mapping nodes against Tor IP’s
  • Tracking to a Service Provider
    • Currency exchanges
    • Tradera
    • Thin client server admins
  • Using Open Source Methods
    • Investigating on the open web
    • Getting on the dark web
  •  Extracting Address and Transaction data via an Intercept
    • Via Wifi monitoring
    • Via Wired Intercept
  • Detecting and decoding hidden micromessages
  • Methodology for seizing Coins using extracted Private Keys
  • Examples of crime
    • Money Laundering
    • Illegal purchases
    • Phishing
      • For private keys
      • For donations