Does anyone have any forensics experience about "Trezor One" crypto wallet?
Situation Victim in fake web site revealed 24 secret words (recovery seed).
Then criminals used this secret words to create Trezor device clone.
Finally, criminals emptied the wallet and sent all Bitcoins to the other Bitcoin wallet.
For investigation, I got victims' Trezor-One device and I know the PIN code.
I connected device to the computer and I can see transactions and bitcoin wallet addresses.
Maybe there is a way, how to determine who createed and used Trezor device clone? Maybe IP adress or something?
When device is connected, in "trezor.io" website I see Log records, but only for active (current) session… Is there any possibility to find the history of erlier sessions?
Thanks for any help.