When the user performs transactions from the crypto wallet or browses the Internet for crypto then it generates artifacts such as mnemonics phrases, transactions history, images related to crypto, web cookies, and so on. These artifacts are very important for investigators, so the detection and extraction of the artifacts are needed. This project aims to build a triage tool for the automatic extraction of the artifacts from Android phones to present to the investigator. Mainly this tool focuses on three major components – Crypto wallet application, Images, and Web history.   

It integrates contemporary approaches from machine learning, natural language processing, and pattern recognition to be able to detect any artifact that may potentially come from the recently launched crypto wallet apps. For the images, the tool automatically detects and extracts cryptocurrency information. We analyzed all the web browsers from the phone and searched for the relevant artifacts as well. These findings which can come from apps, images, or browsing history are displayed separately with an option to check further details. We also explore the analysis of SMS, and different language support for the tool. 

This is the overall framework for the automatic detection and extraction of crypto artifacts in Android phones. This project is funded by Drug Enforcement Administration (DEA) and US National Science Foundation.  

People: Abhishek Bhattarai, Maryna Veksler, Ahmet Kurt, Hadi Sahin, Kemal Akkaya 

Publications: [Under Review, 13th EAI International Conference on Digital Forensics & Cyber Crime] Crypto Wallet Artifact Detection on Android Devices using Advanced Machine Learning Techniques