Blockchain Forensics from ISACA's Evolve Conference

November 9, 2021 - Tuan Phan with Zero Friction LLC will be sharing some investigative techniques using recent ransomware cases from Colonial Pipeline, JBS and others at the ISACA Evolve Conference on November 16 and 17.

The Colonial Pipeline hack and the subsequent recovery of the partial payment by the FBI serves as a classic case study to highlight some of the key concepts for blockchain forensics techniques and methods. The case also highlighted some weaknesses which, presumably, the FBI exploited to gain access and recover the partial ransom.


The presentation will start with a review of the timeline of the event along with a basic review of key concept for blockchain forensic methods specific to this case. Next the presenter provides different approaches to obtain initial information to perform the onchain moneyflow analysis. For this case study, the presenter will examine the seizure report (as publicly information on ransom address was not available up to June 7) to obtain key information to help us to perform the analysis. Since the key addresses are obfuscated in the seizure report, the presenter will provide one technique from which examiners can possibly obtain additional details.


More on details on the Evolve conference here.