Discover Computing (Jun 2025)
Cryptocurrency forensics automation: a deep learning and NLP-based approach for mobile platforms
Abstract
Abstract As cryptocurrencies have become increasingly used as an alternative to regular cash and credit card payments, the wallet solutions/apps that facilitate their use have also become increasingly popular. This has also intensified the involvement of these crypto wallet apps in criminal activities such as ransom requests, money laundering, and transactions on dark markets. From a digital forensics point of view, it is crucial to have tools and reliable approaches to detect these wallets on devices and extract their artifacts quickly with greater efficiency. However, with current research and trends, forensic investigators still need to manually extract these file artifacts, which delays the time-sensitive investigation findings. As mobile devices increasingly facilitate cryptocurrency transactions, there emerges a critical gap and need for automated evidence extraction to detect crucial artifacts preventing illicit activities. Therefore, in this paper, we present a comprehensive framework that incorporates various machine learning (ML), image processing, and natural language processing (NLP) approaches to enable fast and automated extraction/triage of crypto-related artifacts from Android and iOS devices. Specifically, our method can automatically detect which crypto wallet exists on the device, their artifacts (i.e., database/log files), along with the crypto-related images, web browsing data, and SMS conversations. For each type of data, we offer a specific ML technique, such as Support Vector Machine, Logistic Regression, and Neural Networks, to detect and classify these files. Our evaluation results show very high accuracy compared to alternative tools: our wallet classification model achieves 91% recall, crypto-related image classification achieves 75% accuracy, browsing data achieves 100% accuracy, and the SMS message model achieves 85% accuracy.
Keywords