• Skip to primary navigation
  • Skip to main content

CINA.

  • About
    • Mission
    • People
  • Research
    • Research
    • Projects
    • RFPs
  • Education
    • Resources
    • Internships
  • Publications
    • Newsletter Archive
    • Director’s Blog
  • News & Events
    • News
    • CINA Director’s Blog
    • Digital Archive
    • Events
    • Work with Us
  • Contact
  • Search Toggle
  • Skip to content

Digital Forensic Investigations involving Cryptocurrency Wallets Installed on Mobile Devices

Summary

A significant gap in the digital forensic capabilities, protocols, and understanding currently exists in law enforcement agencies regarding digital currencies. Investigators need an efficient way to seize cryptocurrencies from software wallet applications and extract, preserve, and analyze related data recovered from suspects’ mobile devices. This project will create an operational database of digital forensic artifacts to provide reference materials and best practices information to law enforcement, providing benefit across criminal investigations as more crimes contain cyber or digital components.

 

Problem addressed

There is a lack of structured research related to the seizing of cryptocurrencies from software wallet applications and extracting, preserving, and analyzing related data recovered from suspects’ mobile devices. This is a significant gap in the capabilities and level of understanding that currently exists in law enforcement agencies (LEAs) at all levels in the United States. The days of executing search warrants and recovering drugs (for instance) and significant amounts of fiat currency (e.g., USD) are numbered, and many police departments across the country have already witnessed the shift to forms of seemingly anonymous “cryptocurrencies” in criminal cases. These currencies are gaining in popularity as their use is particularly ubiquitous on anonymizing platforms and darknets. As such, LEAs need to have the digital forensic capabilities and protocols in place to adapt to this changing landscape.

 

Approach

This project analyzes and seizes cryptocurrency wallets from mobile devices, focusing on practical techniques for law enforcement investigations. Using forensic images of 12 iOS and 12 Android wallet apps, the research investigates how wallet data is stored and encoded, identifying critical artifacts such as private keys, transaction hashes, and user identifiers.

In addition to providing a comprehensive guide to wallet seizure, the project emphasizes the importance of understanding how wallet apps store and encode data locally, offering technical insights into artifact extraction. By equipping investigators with practical knowledge, this work addresses the growing challenges of cryptocurrency-related crime and lays the groundwork for future innovations, including automated tools and expanded wallet analyses.

 

Results

A database of digital forensic artifacts from cryptocurrency software wallets, including file paths of transaction data, any private keys recovered, and user information, is under construction, and the standard procedural guidelines for LEAs to use in an operational capacity have been drafted.

 

Anticipated Impact for DHS
Digital forensic investigators will be able to reference the artifact database and step-by-step instruction materials to more quickly and accurately extract cryptocurrency wallet information from recovered mobile devices in support of criminal and other investigations.

 

Research Products:

Publications:

Cryptocurrency Wallet Report

Cryptocurrency Wallet Seizure Guide

Cryptocurrency Wallet Compiled Findings

Presentations:

CINA Research Briefing: Digital Forensic Investigations Involving Cryptocurrency Wallets Installed on Mobile Devices 

 

 

 

Topics:

  • Forensic Investigations
  • Money laundering

Research Areas:

  • Digital forensics
  • Financial crime
  • Forensics

Investigators

  • Diana Summers
  • Rachel Salter
  • Cesar Quezada
  • Jessica Hyde

*The programs and services offered by George Mason University are open to all who seek them. George Mason does not discriminate on the basis of race, color, religion, ethnic national origin (including shared ancestry and/or ethnic characteristics), sex, disability, military status (including veteran status), sexual orientation, gender identity, gender expression, age, marital status, pregnancy status, genetic information, or any other characteristic protected by law. After an initial review of its policies and practices, the university affirms its commitment to meet all federal mandates as articulated in federal law, as well as recent executive orders and federal agency directives.

CINA Now

Events

All Events

Publications

The Key to Deobfuscation is Pattern of Life, not Overcoming Encryption

Published: Oct 4, 2025

The Organized Activities of Ransomware Groups: A Social network Approach

Published: Mar 14, 2025
All Publications

News

CINA Distinguished Speaker Series with Colton Seale: Interviewer Mindset

CINA  |   April 3, 2025  |   Posted In:
  • Digital Archive
  • Uncategorized

CINA  |   March 6, 2025  |   Posted In:
  • Uncategorized
All News

Science and Technology Directorate’s Office of University Programs
CINA at George Mason University Logo
Copyright © 2025 All Rights Reserved | CINA Is A Department of Homeland Security Center of Excellence led by George Mason University
  • Facebook
  • Twitter
  • Instagram
  • Linkedin
  • YouTube