Memory Forensics Methodology for Investigating Cryptocurrency Protocols

摘要

The growing market of cryptocurrencies and subsequently the relevant cyber-attacks, raises the importance of digital forensics in this domain. The proposed digital forensics methodology extracts digital evidence and forensic artifacts from system memory to assist investigations involving cryptocurrency. In addition, case studies are presented to explain the proposed methodology using developed Volatility plugins. Our cryptocurrency memory forensics investigation methodology extracts a series of forensically valuable cryptocurrency protocols' methods/calls. The first case study involves analyzing two legitimate processes working under two cryptocurrency network protocols; Bitcoin and CryptoNote. The second case study analyzes three different malicious Monero mining processes. Currency transactions and revealing malicious identity are the most important findings of this paper. Other findings are listed in the results section.