In this chapter, you will learn about the information you can glean from a cryptocurrency address that was recovered using the techniques covered in Chapter 8, “Detecting the Use of Cryptocurrencies.” This chapter explores what can be learned using online resources as well as how you can locally open and analyze a wallet you have recovered from a computer.

Finding Information on a Recovered Address

Once you locate an address, you can use it to find a considerable amount of information about its history and can infer other data by looking at the metadata associated with the address. This section looks at the information you can learn about an address before you start “following the money.” A lot of data can be found by simply browsing to one of the primary blockchain viewers for the currency that the address refers to. For example, consider the following Bitcoin address:

1istendqWJ1mKvrdRUQZDL2F3tVDDyKdj

Rather than having to copy it all, you can browse to it via http://bit.ly/2weGnf5, which will take you to the transaction history of the address on blockchain.info. Of course, it is likely that this address may have had further activity since this chapter was written, so don't expect to see exactly the same data as I describe.

A good digital investigator learns to look at data from two perspectives: a literal interpretation, and for what the data can infer. A good example of this is analyzing Twitter data. As an investigator, ...