Cyber Forensics Investigation of Web3 Wallets
Akif Ozer, Mohammad Meraj Mirza, and Umit Karabiyik
The continuous progression of technology has a substantial impact on our daily lives and the environment we inhabit. The growing popularity of blockchain-based cryptocurrencies such as Bitcoin and Ethereum, as well as Non-Fungible Tokens (NFTs), has enabled their integration into a diverse range of applications. Cryptocurrencies have become a widely used method of online payment, but they are also gaining popularity on the dark web where their anonymity can be exploited for illegal activities. Despite the increasing number of cryptocurrency wallets and related applications available today for various platforms including the leading mobile operating systems such as iOS and Android, the digital forensic investigation of Web3 cryptocurrency wallets has not been as comprehensive as other types of applications. Therefore, this study aims to aid investigators in realizing the full potential of the popular cryptocurrency wallets, Trust Wallet and Metamask, to determine what can be recovered and identify areas where further knowledge is required. Two Web3 cryptocurrency wallets that are widely used on Android and iOS devices and do not require any personal identifiers to register were analyzed and examined using digital forensic techniques. The digital evidence collected is reviewed, and the implications of the forensic tools used are discussed. Lastly, a proof of concept extension is proposed for the iOS Logs, Events, And Plists Parser (iLEAPP) tool to automate the recovery of artifacts.