Blockchain and Cryptocurrency Investigation Masterclass: Forensic Tracing, AML, and Anti-Corruption Operations培訓

Foundations of Blockchain Technology

Decentralization, openness, and transparency as architectural properties

Cryptographic primitives that secure the chain: hashing, digital signatures, Merkle trees

Consensus mechanisms: Proof of Work, Proof of Stake, and emerging alternatives

Nodes, miners, validators, and the topology of a live network

Cryptocurrency Landscape

Bitcoin and the original ledger model

Ethereum and account-based smart contract execution

Privacy-oriented chains: Monero, Zcash, and how they differ from transparent ledgers

Stablecoins, altchains, and their role in illicit flows

Hands-On Lab - Reading the Blockchain

Connecting to Bitcoin and Ethereum nodes for live data access

Navigating block explorers and querying live transactions

Reading raw transactions, scripts, and smart contract calls

Mapping a wallet's history on a transparent chain

Wallets, Keys, and Transaction Mechanics

Wallet taxonomy: web, desktop, mobile, hardware, custodial versus non-custodial

Seed phrases, key derivation, and recovery vectors

UTXO versus account-based transaction models

Addresses, change outputs, and transaction graphs from a tracer's perspective

Mining and Trading as Investigative Context

Mining mechanics, pools, hash rate, and how mining is exploited to launder or originate funds

Centralized exchanges, decentralized exchanges, and over-the-counter desks

KYC and AML controls at exchanges and where they break down

How trading patterns can mask underlying corruption flows

Smart Contracts and DeFi Surface

What smart contracts are and how their state is observable on-chain

DeFi primitives: swaps, lending, liquidity pools, and yield farming

Cross-chain bridges and wrapped assets as obfuscation tools

Reading contract interactions for investigative signal

Hands-On Lab - Wallet and Transaction Forensics

Inspecting hardware and software wallets in a controlled environment

Recovering and analyzing artifacts from seized devices

Reconstructing transaction graphs across UTXO and account-based chains

Address Clustering and Attribution

Common-input clustering and other industry-standard heuristics

Change-output detection and behavioral fingerprints

Linking on-chain entities to off-chain identities through OSINT

Combining web crawling, social, and leaked data sources for attribution

Dark Web, Marketplaces, and Criminal Cryptocurrency Flows

Mapping criminal economies on dark web marketplaces

Common typologies: scams, fraud, contraband, sanctions evasion

Tracking proceeds from initial deposit through cash-out points

Indicators of corruption-linked crypto activity

Privacy-Enhancing Tools and Counter-Forensics

Mixers, tumblers, and CoinJoin implementations

Privacy coins and the limits of public-chain tracing

Cross-chain bridges and asset wrapping as obfuscation layers

What tracing can and cannot recover under each technique

Hands-On Lab - Tracing a Suspect Wallet

Using open-source tools to follow a complex transaction graph

Clustering a wallet network and assigning confidence to attribution

Documenting findings as a structured intelligence package

Money Laundering Typologies in Crypto

Placement, layering, and integration adapted to digital assets

Layering through decentralized exchanges, bridges, and mixers

DeFi protocols as laundering surfaces and how to read them

Cash-out vectors: peer-to-peer markets, OTC desks, and prepaid instruments

Ransomware, Theft, and Scam Response

Ransomware payment patterns and immediate response steps

Negotiation and recovery practices, with limits and risks

Exchange hacks, rug pulls, phishing, and large-scale theft analysis

Working with victims to preserve evidence without compromising the investigation

Cross-Chain Investigation

Tracing assets across Bitcoin, Ethereum, and EVM-compatible chains

Following funds through bridges and wrapped tokens

Reconciling on-chain evidence with exchange and off-chain records

Hands-On Simulation - Corruption Investigation Lab

Simulated bribery flow across multiple chains and a mixer

Building a coherent narrative from fragmented on-chain evidence

Producing chain-of-custody documentation for digital evidence

AML Compliance and the Legal Landscape

FATF guidance, the Travel Rule, and jurisdictional differences

AML and KYC obligations across virtual asset service providers

Sanctions, politically exposed persons, and corruption-relevant typologies

Integrating cryptocurrency findings into existing compliance programs

Working with Exchanges and Cross-Border Partners

Subpoenas, MLATs, and information-sharing channels

Freezing orders, asset preservation, and seizure procedures

Coordinating cryptocurrency tracing with traditional financial investigation lines

Digital Evidence and Courtroom Readiness

Chain of custody for cryptocurrency artifacts and on-chain evidence

Presenting blockchain evidence to non-technical decision-makers and juries

Common challenges to digital evidence and how to defend findings

Working with expert witnesses and external technical advisors

Capstone - End-to-End Corruption Inquiry Simulation

Working from initial intelligence tip through full investigation

Building the wallet network, attribution, and timeline

Engaging exchanges and cross-border partners

Producing a courtroom-ready report and oral briefing

Summary and Next Steps