Course Outline
Foundations of Blockchain Technology
Decentralization, openness, and transparency as core architectural features.
Cryptographic primitives ensuring chain security: hashing, digital signatures, and Merkle trees.
Consensus mechanisms: Proof of Work, Proof of Stake, and emerging alternatives.
Network topology involving nodes, miners, validators, and live network dynamics.
Cryptocurrency Landscape
Bitcoin and the foundational ledger model.
Ethereum and account-based smart contract execution.
Privacy-centric chains: Monero, Zcash, and their distinctions from transparent ledgers.
Stablecoins, alternative chains, and their involvement in illicit fund movements.
Hands-On Lab - Reading the Blockchain
Establishing connections to Bitcoin and Ethereum nodes for real-time data access.
Navigating block explorers and querying live transaction data.
Interpreting raw transactions, scripts, and smart contract invocations.
Charting a wallet’s history on a transparent blockchain.
Wallets, Keys, and Transaction Mechanics
Wallet classifications: web, desktop, mobile, hardware, and custodial versus non-custodial types.
Seed phrases, key derivation processes, and recovery methods.
UTXO versus account-based transaction models.
Addresses, change outputs, and transaction graph analysis from an investigator's viewpoint.
Mining and Trading as Investigative Context
Mining mechanics, pools, hash rates, and their exploitation for fund laundering or generation.
Centralized exchanges, decentralized exchanges, and over-the-counter (OTC) desks.
KYC and AML controls at exchanges and their vulnerabilities.
How trading patterns can obscure underlying corruption networks.
Smart Contracts and DeFi Surface
Understanding smart contracts and the observability of their state on-chain.
DeFi primitives: swaps, lending protocols, liquidity pools, and yield farming.
Cross-chain bridges and wrapped assets as obfuscation methods.
Analyzing contract interactions for investigative intelligence.
Hands-On Lab - Wallet and Transaction Forensics
Examining hardware and software wallets in a secure environment.
Recovering and analyzing digital artifacts from seized devices.
Reconstructing transaction graphs across UTXO and account-based blockchains.
Address Clustering and Attribution
Common-input clustering and other industry-standard heuristic methods.
Change-output detection and behavioral fingerprinting.
Linking on-chain entities to off-chain identities via Open Source Intelligence (OSINT).
Integrating web crawling, social media, and leaked data sources for attribution.
Dark Web, Marketplaces, and Criminal Cryptocurrency Flows
Mapping criminal economies operating on dark web marketplaces.
Common typologies: scams, fraud, contraband sales, and sanctions evasion.
Tracking proceeds from initial deposit to final cash-out points.
Indicators of cryptocurrency activity linked to corruption.
Privacy-Enhancing Tools and Counter-Forensics
Mixers, tumblers, and CoinJoin implementations.
Privacy coins and the limitations of public-chain tracing.
Cross-chain bridges and asset wrapping as layers of obfuscation.
Assessing what tracing can and cannot recover under each technique.
Hands-On Lab - Tracing a Suspect Wallet
Utilizing open-source tools to follow complex transaction graphs.
Clustering a wallet network and assigning confidence levels to attribution.
Documenting findings as a structured intelligence report.
Money Laundering Typologies in Crypto
Placement, layering, and integration adapted for digital assets.
Layering techniques through decentralized exchanges, bridges, and mixers.
DeFi protocols as laundering surfaces and methods to analyze them.
Cash-out vectors: peer-to-peer markets, OTC desks, and prepaid instruments.
Ransomware, Theft, and Scam Response
Ransomware payment patterns and immediate response protocols.
Negotiation and recovery practices, including limitations and risks.
Exchange hacks, rug pulls, phishing attacks, and large-scale theft analysis.
Collaborating with victims to preserve evidence without compromising the investigation.
Cross-Chain Investigation
Tracing assets across Bitcoin, Ethereum, and EVM-compatible chains.
Following funds through bridges and wrapped tokens.
Reconciling on-chain evidence with exchange records and off-chain data.
Hands-On Simulation - Corruption Investigation Lab
Simulating bribery flows across multiple chains and a mixer.
Constructing a coherent narrative from fragmented on-chain evidence.
Generating chain-of-custody documentation for digital evidence.
AML Compliance and the Legal Landscape
FATF guidance, the Travel Rule, and jurisdictional variations.
AML and KYC obligations for virtual asset service providers.
Sanctions, politically exposed persons, and corruption-relevant typologies.
Integrating cryptocurrency findings into existing compliance frameworks.
Working with Exchanges and Cross-Border Partners
Subpoenas, Mutual Legal Assistance Treaties (MLATs), and information-sharing channels.
Freezing orders, asset preservation, and seizure procedures.
Coordinating cryptocurrency tracing with traditional financial investigation lines.
Digital Evidence and Courtroom Readiness
Maintaining chain of custody for cryptocurrency artifacts and on-chain evidence.
Presenting blockchain evidence to non-technical decision-makers and juries.
Addressing common challenges to digital evidence and defending findings.
Collaborating with expert witnesses and external technical advisors.
Capstone - End-to-End Corruption Inquiry Simulation
Managing the process from initial intelligence tip through full investigation.
Building the wallet network, attribution, and timeline.
Engaging exchanges and cross-border partners.
Producing a courtroom-ready report and delivering an oral briefing.
Summary and Next Steps
Requirements
- Intermediate technical proficiency, including networking fundamentals and basic Linux command-line operations.
- Practical understanding of cryptographic principles such as hashing and public-key encryption.
- Professional background in financial investigation, cybersecurity, digital forensics, or regulatory compliance.
- Familiarity with at least one programming or scripting language is advantageous, though not mandatory.
- General comprehension of financial transaction structures and AML regulatory frameworks.
Target Audience
Forensic analysts and investigators within anti-corruption divisions, financial crime units, and law enforcement agencies. Cybersecurity professionals supporting fraud detection, AML initiatives, and digital evidence analysis. Compliance and risk management experts operating in regulated sectors with increasing exposure to cryptocurrency activities.
Testimonials (2)
- like the blockchain introduction. For a blockchain newbie like me, its englighten me. - Like the technical workshop, also interesting
Muhammad Lutfi Budiansyah - PT Digital Daya Teknologi
Course - Web3 Engineering & Supply Chain Finance Architecture
I really enjoy the training with Patrick. He is clearly very knowledgeable on various topics related to blockchain. He explains really well.
