Supporting criminal investigations on the blockchain: a temporal logic-based approach

Over recent years there has been a growing focus on cyber-enabled crimes within criminal investigations. The rising trend of Ransomware-as-a-Service (RaaS) highlights a pattern where criminal groups explicitly demand cryptocurrency payments from their victims and then distribute these funds to their affiliates. This strategy leverages key-blockchain characteristics such as anonymity, decentralization, transparency, and immutability of transactions to evade regulatory oversight and hinder digital investigation efforts, while simultaneously building trust among affiliates. This paper proposes an approach to query the blockchain to support criminal investigations using temporal logic. It features an oracle that allows investigators to perform detailed queries and analyze specific properties of transactions or addresses within the blockchain. The implementation is achieved via a Python engine, which includes a query language, an interpreter, and a client interface. The practical application and effectiveness of our approach are illustrated through a real-world case study, highlighting its utility.