I think it’s only fair to apologize for this chapter. You probably didn’t become an investigator because mathematics was your strong point or you wanted to spend your workdays enjoying the beauty of hashing algorithms and Elliptic Curve Cryptography schemes. On the other hand, you may be a complete geek like me and enjoy learning about something that is outside your comfort zone. If you have been involved in digital forensics or any information security role for any length of time, many of the concepts described in this chapter will already be familiar to you.
You may be thinking, “Is this crypto stuff really needed?” To be honest, it is. The very fundamentals of a cryptocurrency are based around the relationship between a private key and public keys derived from it, and if you do not understand this central relationship, you will be at a disadvantage from the start. In fact, every element—from the keys just mentioned to the hashing of block headers to the Merkle Tree—requires a reasonable understanding of the subject. I recommend sticking with it.
Why does an investigator need to know this? I have always believed that investigators or analysts need to be able to provide a reasonable explanation not only of the intelligence or evidence they see, but the lower-level interpretation of that evidence.
Here’s an example that will resonate with digital forensics people and may help you to understand my thinking. As I alluded to in the Introduction, a forensics ...