I, too, desire to know of ALL the forensics tools currently available, and/or being developed, that'll depict a comprehensive chain of bitcoin transactions via the blockchain that's easily readable.
If one doesn't exist, I suggest some brainiac create one, and place it on an accompanied website where they can garner tips for their efforts. I'll donate the first $100 via BTC if such an animal sought exist or already developed, provided it works as hoped or is tweaked to become more relevant.
~TMIBTCITW
Topic: Need blockchain forensics expertise.. (Read 1658 times)
Question guys, if im trying to follow some stolen coins to their final destination, can i find the initial transaction and follow the unspent outputs to the destination wallet?
that is, say im following btc address 1BzbergrjuUShb927P3vUbtQZW1firSsjC
https://blockchain.info/address/1BzbergrjuUShb927P3vUbtQZW1firSsjC
i click on the transaction hash 4cb7398d0e662b689ae5589cf567e52ebec5e9a982629b7b750e256257aefab5
https://blockchain.info/tx/4cb7398d0e662b689ae5589cf567e52ebec5e9a982629b7b750e256257aefab5
and click the spent button on the largest output 15c2e32BDUGXYb4kHCGgG8eJ8Ti7QKiihC (Spent)
it brings me to this transaction:
00acc702a4a8e1dc1a68c5d905cb3326e6578f447f311351dc6561e5abab799a
https://blockchain.info/tx/00acc702a4a8e1dc1a68c5d905cb3326e6578f447f311351dc6561e5abab799a
so, was this the correct method to find the final destination of the coins? (for now at least)
and finally:
i notice the tx was "relayed by ip" 76.10.140.37 . is it most likely that the transaction physically originated in/near the area that this ip resides?
thanks in advance guys, any info you can provide is absolutely clutch.
that is, say im following btc address 1BzbergrjuUShb927P3vUbtQZW1firSsjC
https://blockchain.info/address/1BzbergrjuUShb927P3vUbtQZW1firSsjC
i click on the transaction hash 4cb7398d0e662b689ae5589cf567e52ebec5e9a982629b7b750e256257aefab5
https://blockchain.info/tx/4cb7398d0e662b689ae5589cf567e52ebec5e9a982629b7b750e256257aefab5
and click the spent button on the largest output 15c2e32BDUGXYb4kHCGgG8eJ8Ti7QKiihC (Spent)
it brings me to this transaction:
00acc702a4a8e1dc1a68c5d905cb3326e6578f447f311351dc6561e5abab799a
https://blockchain.info/tx/00acc702a4a8e1dc1a68c5d905cb3326e6578f447f311351dc6561e5abab799a
so, was this the correct method to find the final destination of the coins? (for now at least)
and finally:
i notice the tx was "relayed by ip" 76.10.140.37 . is it most likely that the transaction physically originated in/near the area that this ip resides?
thanks in advance guys, any info you can provide is absolutely clutch.
What if the guy is using a proxy or a VPN? ip address is useless?
Even if he doesn't use proxy, VPN or Tor, that ip address probably doesn't belong to the sender.
Please refer to my above post for the reason.
i notice the tx was "relayed by ip" 76.10.140.37 . is it most likely that the transaction physically originated in/near the area that this ip resides?
Very unlikely.
When you creates a tx, your wallet broadcasts it to your peers, and your peers further relay it to the whole bitcoin network.
Eventually, somebody will relay the tx to blockchain.info and then the site will record the IP of that body.
Indeed, if you check the homepage on blockchain.info, you will find that the site is connected to "only" a few hundred nodes at a time. https://blockchain.info/connected-nodes
Or, you could push your tx directly on site like blochachian.info. https://blockchain.info/pushtx
I think you've got the right idea as far as that one transaction goes but you would need to check all subsequent transactions from the receiving address. There isn't any good way to tell exactly where those *particular* coins eventually ended up, if they were subsequently transferred from the initial receiving address.
the reason i ask about the ip is that i have strong reason to believe the perpetrator resides in this area. it would make a lot of sense of an isp in this area to be the isp that first relayed the transaction, but i want to be sure i understand how all this works first.
Question guys, if im trying to follow some stolen coins to their final destination, can i find the initial transaction and follow the unspent outputs to the destination wallet?
and finally:
i notice the tx was "relayed by ip" 76.10.140.37 . is it most likely that the transaction physically originated in/near the area that this ip resides?
thanks in advance guys, any info you can provide is absolutely clutch.
and finally:
i notice the tx was "relayed by ip" 76.10.140.37 . is it most likely that the transaction physically originated in/near the area that this ip resides?
thanks in advance guys, any info you can provide is absolutely clutch.
Jump to: