CHAPTER 9Analysis of Recovered Addresses and Wallets

In this chapter, you will learn about the information you can glean from a cryptocurrency address that was recovered using the techniques covered in Chapter 8, “Detecting the Use of Cryptocurrencies.” This chapter explores what can be learned using online resources as well as how you can locally open and analyze a wallet you have recovered from a computer.

Finding Information on a Recovered Address

Once you locate an address, you can use it to find a considerable amount of information about its history and can infer other data by looking at the metadata associated with the address. This section looks at the information you can learn about an address before you start “following the money.” A lot of data can be found by simply browsing to one of the primary blockchain viewers for the currency that the address refers to. For example, consider the following Bitcoin address:


Rather than having to copy it all, you can browse to it via, which will take you to the transaction history of the address on Of course, it is likely that this address may have had further activity since this chapter was written, so don't expect to see exactly the same data as I describe.

A good digital investigator learns to look at data from two perspectives: a literal interpretation, and for what the data can infer. A good example of this is analyzing Twitter data. As an investigator, ...

Get Investigating Cryptocurrencies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.