where legends are made campaign

Digital Forensic Research

Digital Forensic Investigations involving Cryptocurrency Wallets Installed on Mobile Devices

Funded by the Department of Homeland Security – Science and Technology Division

Grant No. 17STCIN00001, Subaward No. E2042930

The goal of this research was to provide law enforcement agencies with a better understanding of the types of digital forensic artifacts that can be recovered from cryptocurrency software wallets stored on an individual’s mobile device. These forensic artifacts may assist agencies in seizing the assets during a criminal investigation, particularly when the suspect’s laptop, hardware cryptocurrency wallet other software wallets, and/or the suspect themselves are not available to investigators.

The increased use of cryptocurrencies by criminal enterprises will require agencies at all levels of law enforcement to become familiar with procedures to seize related evidence and accounts. Cryptocurrencies will continue to be used in large-scale money laundering efforts, as well as serious criminal and terrorist-related activities impacting the American homeland. Likewise, the need to collect, preserve, and analyze digital forensic evidence related to cryptocurrency transactions and software wallets will secure crucial evidence and assets of the perpetrators in these cases.

Mobile application-based software wallets for Bitcoin (BTC), Ethereum (ETH), and Monero (XMR) were included in this study. The project team generated the following operational products:

  • A database of forensic artifacts recovered from the 12 apps installed on an iOS device;
  • A comprehensive cryptocurrency guide (including step-by-step seizure instructions) for law enforcement officials; and,
  • A “quick visualization” database of currently available mobile application-based software wallets for iOS and Android operating systems for Bitcoin, Bitcoin Cash, Ethereum, Litecoin, ZCash, and Monero.

If you are a law enforcement official and would like access to the products listed above, to request a closed briefing of the findings and seizure process for your agency, or to request assistance with an ongoing case involving cryptocurrencies, please contact Dr. Diana Dolliver at DLDolliver@protonmail.com.