Set Wallet Scope
Use a compact sample of public seed-wallet context and document why the scope is intentionally limited.
Blockchain Wallet Triage Case Study
Public-data wallet triage with transaction-flow review and analyst limitations.
Public-data blockchain wallet triage case study with transaction-flow review, defensible clustering assumptions, risk flags, reason codes, confidence levels, and analyst limitations.
The case study reviews a compact Bitcoin sample using FBI-listed wallet context and public mempool.space transaction snapshots. It separates observed transaction facts from analyst interpretation and keeps clustering claims conservative.
The output is a reproducible analyst artifact: review queue, memo, flow edges, network visualization, clustering indicators, methodology, and limitations.
- Data
- Public Bitcoin transaction snapshots and public FBI wallet context.
- Artifacts
- Analyst memo, transaction review queue, flow visualization, and methodology docs.
- Signals
- Transaction flows, next-hop review, co-spend indicators, risk flags, and reason codes.
- Boundary
- Review-prioritization artifact, not personal attribution, cashout proof, or enforcement finding.
Workflow
Load Public Transactions
Parse public Bitcoin transaction snapshots into reproducible review rows.
Trace Flows
Review inflows, seed-wallet outflows, next-hop movement, and high-value rows without over-reading ownership.
Flag Review Leads
Assign risk flags, reason codes, and confidence levels for triage, clustering clues, and follow-up review.
Document Limits
Separate observed public-chain facts from attribution limits, exchange ambiguity, off-chain gaps, and cashout uncertainty.
What To Inspect
outputs/analyst_summary.md
Analyst Summary
Memo with observed facts, review priorities, interpretation boundaries, and cannot-conclude notes.
outputs/transaction_review_queue.csv
Transaction Review Queue
Wallet, counterparty, direction, value, timestamp, risk flags, reason codes, and confidence fields.
docs/methodology.md
Methodology
Workflow notes for transaction parsing, review logic, clustering assumptions, and artifact generation.
docs/assumptions_limitations.md
Assumptions And Limitations
Attribution, visibility, exchange, mixer, bridge, off-chain, and public-label limitations.
outputs/flow_network.svg
Flow Visualization
Simple transaction-flow visualization generated from public-chain observations in the review queue.
docs/data_sources.md
Data Sources
Public source links, snapshot notes, and reproduction details for the case-study inputs.
Review Signals
Transaction Flow
Inflow, seed-wallet outflow, and next-hop rows are reviewed as observable public-chain facts.
Conservative Clustering
Recurring upstream/change-like patterns and co-spend clues are labeled as review leads, not identity proof.
Reason Codes
Review rows carry reason codes for high-value movement, sampled-wallet exposure, next-hop chaining, and cluster clues.
Confidence Levels
Signals distinguish high-confidence transaction facts from medium-confidence behavioral interpretations.
Scope And Limitations
Public Labels
Public wallet context is used for seed-wallet labeling. Unlabeled counterparties are not assigned named-service, personal, or cashout attribution.
Review Queue
Scores and reason codes prioritize analyst review. They do not establish criminality, ownership, beneficiary identity, or an enforcement conclusion.
Public-Chain Boundary
Bitcoin transaction data cannot show off-chain intent, exchange account ownership, internal exchange ledger movement, or final beneficiary identity.
Reproducibility
The repository includes the analysis script, notebook, input snapshots, generated outputs, and source notes needed to inspect the workflow.