What is blockchain forensics?

Blockchain forensics is the process of analyzing blockchain transactions to trace cryptocurrency movements, identify suspicious patterns, and gather evidence for legal proceedings. It combines data analysis, pattern recognition, and investigative techniques.

Is ForensicBlock evidence court-ready?

ForensicBlock provides court-ready reports with cryptographic verification and chain-of-custody tracking designed for evidentiary workflows. Evidence quality and admissibility depend on proper handling, jurisdictional rules, case facts, and expert testimony in each proceeding.

Which blockchains does ForensicBlock support?

ForensicBlock supports AI investigation today on 7 live blockchain networks: Ethereum, Polygon, Arbitrum, Optimism, Base, Avalanche, and Tron (TRC-20) — each proven by per-chain on-chain probe receipts (Polygon and Arbitrum via Etherscan V2 multichain; Optimism and Base via Blockscout public instances). Two chains are in active development: BNB Smart Chain (no free Etherscan-compatible REST API today — BscScan V1 is deprecated and Etherscan V2 free tier excludes chainId 56; paid Etherscan plan or a JSON-RPC fetcher is the next step) and Bitcoin (per-address tracer pending). Solana, XRP Ledger, Cardano, Polkadot, and TON are on our roadmap and are not supported today. OFAC and Tron/TRC-20 sanctions screening is available across a broader set of chains. The full capability matrix is published at /chains.

How does ForensicBlock compare to Chainalysis?

ForensicBlock is an AI-first alternative to Chainalysis. While Chainalysis uses rule-based tools requiring trained analysts and costs $37,000+/year, ForensicBlock uses autonomous AI agents that conduct investigations independently — starting at $49. Our AI analyzes behavioral patterns rather than relying solely on labeled address databases, enabling detection of novel threats.

Can ForensicBlock trace stolen cryptocurrency?

Yes. ForensicBlock's AI agents trace stolen cryptocurrency across supported networks, following funds through mixers, bridges, DeFi protocols, and cross-chain swaps. Our workflows generate defensible evidence packages with chain-of-custody documentation to support asset recovery and law enforcement investigations.

Does ForensicBlock support AML compliance and sanctions screening?

Yes. ForensicBlock provides comprehensive AML compliance tools including OFAC sanctions screening, Know Your Transaction (KYT) monitoring, Suspicious Activity Report (SAR) support, and continuous address monitoring. Our risk scoring engine combines 13 ML models for accurate threat detection across all supported blockchains.

§ · Trust center

The honesty contract, in receipts.
What we hold, how we hold it, what we don't claim.

Every credibility signal on this site maps to a verifiable rail. This page is the index — security posture, methodology, sealed-record contract, sub-processors, and the disclaimers we will not bury.

01 · Verifiability

Methodology is public. Reports are independently verifiable.

Versioned methodology

Active version: v1.7.0. Every sealed report cites its methodology version + SHA-256 content hash. Older reports stay reproducible against the version they were sealed under.

Methodology page

SHA-256 sealed records

Every report carries an evidence packet SHA-256 plus the certificate of authenticity hash. Both anchor the report against tampering.

Verify a sealed report

Public verifier — no account

Anyone can verify a sealed report in a browser with no account, no platform login, no payment — opposing counsel, a court clerk, a regulator, a journalist.

Open the verifier

02 · Security posture

What we hold, how we hold it.

Encryption in transit

TLS 1.3 across every public surface. HSTS preloaded. No mixed content; no third-party trackers on authenticated pages.

Encryption at rest

AES-256 at the database layer. Customer secrets (API keys, webhook secrets) hashed before storage; we cannot read them back.

Auth & access control

Supabase Auth with row-level security on every tenant boundary. Sessions short-lived; service-role keys segregated and rotated.

Data residency

Primary database in AWS us-east-1; CDN distributed via Vercel. Tenant data does not leave US/EU infrastructure.

Cryptographic audit log

Every status change, every finalize, every export anchored to fb_audit_log with hash-chained entry_hash. Tamper-evident across the matter lifecycle.

Honest compliance posture

We are not SOC 2, ISO 27001, or HITRUST certified today. We do not pretend otherwise. The methodology page + verifier + audit log are our receipts in the meantime.

03 · Sub-processors

The named stack.

We do not hide the vendor stack. Compliance officers should be able to map every sub-processor to a DPA.

Sub-processor	Role	Data scope
Supabase (AWS us-east-1)	Database, Auth, Storage	Customer accounts, investigation rows, sealed evidence, audit log
Vercel	Hosting, edge runtime, CDN	Static assets, SSR responses, edge function execution
Vercel Blob	Object storage	Generated report PDFs, evidence bundle exports
Stripe	Payments + subscription billing	Email, payment tokens, billing metadata
Inngest	Job orchestration	Background investigation pipeline state
Alchemy / Routescan / Etherscan-v2	Chain RPCs + explorer APIs	Read-only chain data; no PII
OpenSanctions / OFAC / EU consolidated list	Sanctions data feeds	Public sanctions lists; no PII

04 · Enterprise readiness

What your IT & legal department will ask — answered.

Honest status per question. Where we're ready today; where we're building; what we won't pretend.

SOC 2 Type II

Building

On the 2026 roadmap

We have not been audited yet. We will not claim SOC 2 we have not earned. In the interim: cryptographic audit chain, RLS isolation, public methodology, sealed reports.

ISO 27001

Building

Roadmap (post-SOC 2)

Will follow SOC 2. Same honest stance — we will not market a certification we do not hold.

SSO / SAML

Ready today

Available on Enterprise plan

Okta, Azure AD, Google Workspace, and any SAML 2.0 IdP. SCIM provisioning for member sync. Contact us to enable on your workspace.

Data residency

Ready today

US (us-east-1) default; EU on request

Primary database in AWS us-east-1. EU residency available for Enterprise customers via region-pinned tenant.

Tenant isolation

Ready today

Row-level (RLS) on every table

Every read goes through Postgres RLS scoped to the active org. Service-role keys are segregated and never reach the browser. No silent cross-tenant fetches possible.

Audit chain

Ready today

Live, cryptographically verifiable

fb_audit_log is hash-chained (prev_hash / entry_hash) per entry. Tamper-evident across the matter lifecycle. The audit chain is independently verifiable.

Backups & DR

Ready today

Daily snapshots; PITR enabled

Point-in-time recovery within the past 7 days; daily encrypted snapshots retained 30 days. RPO ≤ 5 minutes; RTO target ≤ 4 hours.

DPA / sub-processor list

Ready today

Available on request

Standard DPA with US/EU SCCs available. Named sub-processor list (above) reflects current vendors; we notify of changes 30 days before.

Penetration test

Ready today

Annual cadence; report on request

Independent third-party pen test annually. Latest summary report available under NDA. Critical findings get 30-day remediation SLA.

Need the full enterprise pack?

DPA, SOC 2 progress letter, pen-test summary, sub-processor list with SCCs, SSO/SAML configuration sheet, data-residency confirmation. One email, two business days.

Request enterprise pack Read the methodology

05 · Scope disclaimers

What we are not.

We are not a law firm. Nothing on the platform is legal advice. Engage qualified counsel for any litigation or enforcement decision.
We are not law enforcement. We have no asset-seizure authority, no investigative subpoena power, no freezing-order authority. Tracing leads to subpoena targets; legal process does the rest.
FRE 902(13)/(14) is authentication, not admissibility. Our certifications support self-authentication. Hearsay, relevance, and Daubert qualification remain separate hurdles your counsel argues independently.
No guaranteed recovery. Recovery is a legal action. We make no representation that any specific recovery is achievable; the trace is the evidence, the court is the actor.
Mixer & privacy-coin limits are stated explicitly. Where the trace pauses, the report says so on its face. We do not over-claim.

Security disclosure & DPA requests

For DPAs, security questionnaires, vulnerability disclosures, or sub-processor inquiries, reach out and we'll respond within two business days.

Request a DPA or security pack Read the methodology

Loading ForensicBlock

Preparing your blockchain forensics platform...

Methodology is public. Reports are independently verifiable.

Versioned methodology

Active version: v1.7.0. Every sealed report cites its methodology version + SHA-256 content hash. Older reports stay reproducible against the version they were sealed under.

Methodology page

SHA-256 sealed records

Every report carries an evidence packet SHA-256 plus the certificate of authenticity hash. Both anchor the report against tampering.

Verify a sealed report

Public verifier — no account

Anyone can verify a sealed report in a browser with no account, no platform login, no payment — opposing counsel, a court clerk, a regulator, a journalist.

Open the verifier

What we hold, how we hold it.

Encryption in transit

TLS 1.3 across every public surface. HSTS preloaded. No mixed content; no third-party trackers on authenticated pages.

Encryption at rest

AES-256 at the database layer. Customer secrets (API keys, webhook secrets) hashed before storage; we cannot read them back.

Auth & access control

Supabase Auth with row-level security on every tenant boundary. Sessions short-lived; service-role keys segregated and rotated.

Data residency

Primary database in AWS us-east-1; CDN distributed via Vercel. Tenant data does not leave US/EU infrastructure.

Cryptographic audit log

Every status change, every finalize, every export anchored to fb_audit_log with hash-chained entry_hash. Tamper-evident across the matter lifecycle.

Honest compliance posture

We are not SOC 2, ISO 27001, or HITRUST certified today. We do not pretend otherwise. The methodology page + verifier + audit log are our receipts in the meantime.

The named stack.

We do not hide the vendor stack. Compliance officers should be able to map every sub-processor to a DPA.

Sub-processor	Role	Data scope
Supabase (AWS us-east-1)	Database, Auth, Storage	Customer accounts, investigation rows, sealed evidence, audit log
Vercel	Hosting, edge runtime, CDN	Static assets, SSR responses, edge function execution
Vercel Blob	Object storage	Generated report PDFs, evidence bundle exports
Stripe	Payments + subscription billing	Email, payment tokens, billing metadata
Inngest	Job orchestration	Background investigation pipeline state
Alchemy / Routescan / Etherscan-v2	Chain RPCs + explorer APIs	Read-only chain data; no PII
OpenSanctions / OFAC / EU consolidated list	Sanctions data feeds	Public sanctions lists; no PII

What your IT & legal department will ask — answered.

Honest status per question. Where we're ready today; where we're building; what we won't pretend.

SOC 2 Type II

Building

On the 2026 roadmap

We have not been audited yet. We will not claim SOC 2 we have not earned. In the interim: cryptographic audit chain, RLS isolation, public methodology, sealed reports.

ISO 27001

Building

Roadmap (post-SOC 2)

Will follow SOC 2. Same honest stance — we will not market a certification we do not hold.

SSO / SAML

Ready today

Available on Enterprise plan

Okta, Azure AD, Google Workspace, and any SAML 2.0 IdP. SCIM provisioning for member sync. Contact us to enable on your workspace.

Data residency

Ready today

US (us-east-1) default; EU on request

Primary database in AWS us-east-1. EU residency available for Enterprise customers via region-pinned tenant.

Tenant isolation

Ready today

Row-level (RLS) on every table

Every read goes through Postgres RLS scoped to the active org. Service-role keys are segregated and never reach the browser. No silent cross-tenant fetches possible.

Audit chain

Ready today

Live, cryptographically verifiable

fb_audit_log is hash-chained (prev_hash / entry_hash) per entry. Tamper-evident across the matter lifecycle. The audit chain is independently verifiable.

Backups & DR

Ready today

Daily snapshots; PITR enabled

Point-in-time recovery within the past 7 days; daily encrypted snapshots retained 30 days. RPO ≤ 5 minutes; RTO target ≤ 4 hours.

DPA / sub-processor list

Ready today

Available on request

Standard DPA with US/EU SCCs available. Named sub-processor list (above) reflects current vendors; we notify of changes 30 days before.

Penetration test

Ready today

Annual cadence; report on request

Independent third-party pen test annually. Latest summary report available under NDA. Critical findings get 30-day remediation SLA.

Need the full enterprise pack?

DPA, SOC 2 progress letter, pen-test summary, sub-processor list with SCCs, SSO/SAML configuration sheet, data-residency confirmation. One email, two business days.

Request enterprise pack Read the methodology

What we are not.

We are not a law firm. Nothing on the platform is legal advice. Engage qualified counsel for any litigation or enforcement decision.
We are not law enforcement. We have no asset-seizure authority, no investigative subpoena power, no freezing-order authority. Tracing leads to subpoena targets; legal process does the rest.
FRE 902(13)/(14) is authentication, not admissibility. Our certifications support self-authentication. Hearsay, relevance, and Daubert qualification remain separate hurdles your counsel argues independently.
No guaranteed recovery. Recovery is a legal action. We make no representation that any specific recovery is achievable; the trace is the evidence, the court is the actor.
Mixer & privacy-coin limits are stated explicitly. Where the trace pauses, the report says so on its face. We do not over-claim.

The honesty contract, in receipts.What we hold, how we hold it, what we don't claim.

Methodology is public. Reports are independently verifiable.

Versioned methodology

SHA-256 sealed records

Public verifier — no account

What we hold, how we hold it.

Encryption in transit

Encryption at rest

Auth & access control

Data residency

Cryptographic audit log

Honest compliance posture

The named stack.

What your IT & legal department will ask — answered.

SOC 2 Type II

ISO 27001

SSO / SAML

Data residency

Tenant isolation

Audit chain

Backups & DR

DPA / sub-processor list

Penetration test

Need the full enterprise pack?

What we are not.

Security disclosure & DPA requests

Loading ForensicBlock

The honesty contract, in receipts.What we hold, how we hold it, what we don't claim.

Methodology is public. Reports are independently verifiable.

Versioned methodology

SHA-256 sealed records

Public verifier — no account

What we hold, how we hold it.

Encryption in transit

Encryption at rest

Auth & access control

Data residency

Cryptographic audit log

Honest compliance posture

The named stack.

What your IT & legal department will ask — answered.

SOC 2 Type II

ISO 27001

SSO / SAML

Data residency

Tenant isolation

Audit chain

Backups & DR

DPA / sub-processor list

Penetration test

Need the full enterprise pack?

What we are not.

Security disclosure & DPA requests

The honesty contract, in receipts.
What we hold, how we hold it, what we don't claim.

The honesty contract, in receipts.
What we hold, how we hold it, what we don't claim.