COINØMON

5th June 2017

Motivation

Follow the Money and Reveal the Story Behind
Different kinds of cryptocurrency related crimes are on the rise! Do you have evidence such as a receipt from the cryptocurrency ATM, ransomware note, suspicious email/chat communication? COINØMON can help you correlate real-life events with blockchain data. Instead of pseudonymous coin transfers, you are able to see money laundering attempts using mixing services, gambling activities, buying drugs on black marketplaces, check ransomware earnings, topping of online wallets, and many others. Furthermore, thanks to our clustering strategies (which groups related cryptocurrency addresses), you can identify investigated parties and assess the value of illicit activities.
Safely Collect the Evidence and Collaborate on Case
Comparing to others, COINØMON supports not only Bitcoin but other major cryptocurrencies as well. Hence, we are offering a unified working environment with the same set of functions and user-experience for (currently) Bitcoin, Litecoin, Dash, Zcash and Bitcoin Cash blockchain forensics. We have developed COINØMON keeping LEAs daily operations constantly in our mind! Our platform allows teamwork and easy sharing of results and related documents in the frame of a single investigation. We know how administratively intensive investigation might be. Thus, COINØMON let you create customizable exports and simplifies evidence collection. Moreover, we can guarantee the confidentiality of your data due to on-premise installation in your organization.
Integrate Cryptoforensic Data with Other Applications Do you already have some intelligence gathering system? Then you can combine it with the COINØMON knowledge base. Free and unlimited API access to all COINØMON related abstract data structure comes with every installation. You can easily obtain information about any:
● address (e.g., final balance), transaction (e.g., timestamp, involved addresses, input/ouput values recalculated by real exchange rates), block (e.g., time of occurrence);
● identity (i.e., the link between address and user based on OSINT);
● cluster (i.e., the relationship between two or more addresses).
API queries can return both structured (JSON/XML) and unstructured (CVS/TXT) data, which you can use in your other application in order to extend the insight of investigation.

 

Specification

Technology aspects

COINØMON is mission-specific platform offering forensics over various blockchains of several cryptocurrencies. Client’s side is a web application with responsive design and intuitive user interface suitable for desktop and also mobile workplaces. Server back-end consists of several state-of-the-art technologies such as:

  • cryptocurrency clients, which keep COINØMON always up-to-date by intercepting every block and transaction in cryptocurrency peer-to-peer network;
  • collection of relation/NoSQL/graph databases, which aggregates blockchain data and respond swiftly to user queries;
  • docker containers, which help with system orchestration, distribution, and scalability.
  • intuitive front-end and sophisticated back-end, which offer users a single application for their cryptocurrency-related investigations and allow easy integration of a new functionality impacting all contained blockchains at once!
 

Functionality

What is your task and how are you going to approach it?

For instance, you have a problematic cryptocurrency transaction that you do not know anything about. You can paste it into COINØMON and start exploring both previous and also subsequent transactions. You can check contained addresses and whether the system does recognize any of their identities.

Or maybe you have an address, which was involved in some illicit activity. In that case, you can query system for its current balance. You can enlist all transactions containing this address as source or destination. Moreover, you can browse clusters to which this address belongs. This helps you to determine address owner and its background.

Or what about any long-term investigation monitoring tens of different addresses controlled by different entities. You can set up alarms for these addresses, which triggers immediately upon related blockchain activity. COINØMON will automatically notify you via email or REST call whenever an alarm occurs. Each notification also contains all requested metadata, which helps you in subsequent work.

 

This slideshow requires JavaScript.

 

Deployment and Installation

Primary option for COINØMON deployment is on-premises installation. We offer both bare-metal and also virtualized deployments (compatible with VMWare product portfolio). In case of bare-metal deployment, you can buy an out-of-the-box solution (COINØMON preinstalled on a suitable server) or utilize your piece of hardware. One way or the another, our primary task is to help you prepare your infrastructure for secure and robust COINØMON operation.

COINØMON helps you: 1) to create understandable exports; and 2) to simplify evidence collection. Hence, COINØMON deployment also includes personalization of the system to make exports conformant with your country’s legislation. Moreover, system also offers exports in the form of CSV files, which allows you to integrate COINØMON with other 3rd party applications.

COINØMON is available in two feature-set packages which mostly differ in a level of provided support. Your installation may also include an interview with our in-house developer, who will help you to accommodate COINØMON seamlessly into your workflows and daily operations.

 

 

 

Training

We also offer a one-day long workshop about cryptocurrencies and related open-source tools supporting forensic analysis of blockchain. This workshop surveys interception options for cryptocurrency networks. Namely, it investigates what kind of data may be collected from the intercepted traffic of cryptocurrency clients, miners, and services. We will outline related protocols used in the frame of online wallets, cryptocurrency exchanges, payment gateways and mining pools. The workshop introduces not only COINØMON workflow but also other publicly available tools (e.g., blockchain explorers, wallet software, protocol parsers) supporting generally any cryptocurrency-related investigation. Moreover, a couple of real-life use-cases (involving Bitcoin fraud and ransomware) are going to be presented together with the used methodologies.