______________
There has been a lot of buzz around Bitcoin, and the so-called “dark web” since the FBI shut down the underground website “Silk Road” last year.
One must wonder what kind of evidence is available to various agencies in case of an investigation. Bitcoin clients generate traceable footprints both on disk and memory. Even if the disk is encrypted, memory can yield latest transactions and possibly wallet information depending on the client configuration. All this data can aid an investigator with connecting the dots.
In this 120-minute lab session, I’ll show you how to use open source tools to acquire Bitcoin client information from system disk and memory and demonstrate what is possible from an attribution perspective.
