Bitcoin wallet.dat Recovery

In last week’s post, we talked about Bitcoin, Tor and some of the hidden websites only accessible via Tor, such as Silk Road, which was shut down by the FBI on October 1st.

Well, just over a month later and Silk Road is back online:

You can reach the new site at this link (again, only via Tor) if you’d like to check it out:

It only took a day and they already had over 20, 000+ users on the site:

The new admin of the site? “Dread Pirate Roberts”. to a chosen successor.

Time will tell how long the new Silk Road lasts, but it’s clear that these secret websites and Tor aren’t going away anytime soon, and neither is the currency that drives these sites, Bitcoin.

We received a lot of positive feedback on the last Bitcoin post and some suggestions for follow-up posts. One of the themes was around identifying Bitcoin wallets, especially on a USB flash drive or other removable media.

First, let’s take a look at the Bitcoin wallet software out there:

As you can see, there are a few different options. This time I’ll focus on the Bitcoin-Qt client, which is a full Bitcoin client and builds the backbone of the network, the standard client used.

If you’re examining an image with the Bitcoin-Qt client present you’ll see a folder structure and files under the Users\[username]\AppData\Roaming\Bitcoin folder similar to this:

Note the “wallet.dat” file and “debug.log”. The wallet.dat file is (you guessed it!) the file containing the wallet data for the user. The debug.log file contains (you guessed it again) debugging information, including communication on the Bitcoin P2P network, including timestamps in some cases.