A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness

Year 2025, Volume: 29 Issue: 1, 228 - 242, 25.04.2025

Mehmet Meral , Hasan Hüseyin Sayan

https://doi.org/10.19113/sdufenbed.1604169

Abstract

Effective incident response mechanisms are crucial for maintaining system continuity during security incidents. Equally important is the secure preservation of forensic evidence and chain of custody records for potential legal proceedings. However, traditional methods of incident response and evidence handling can be vulnerable to tampering as they rely on the assumption of a pre-existing level of trust among the involved parties. In this study, we propose a blockchain-based model, DFIRChain, to record all operations within digital forensics and incident response (DFIR) processes on a private permissioned Hyperledger Fabric blockchain, from alert management to case management. By integrating our blockchain-based model into DFIR processes, we aim to ensure the integrity and authenticity of evidence, enhance legal compliance, and contribute to organizations' digital forensic readiness.

Keywords

Digital forensics Incident response , Digital forensics readiness , Blockchain technologies

Adli Bilişime Hazır Bulunmayı Artırmak için Blok Zincir Tabanlı Bir Model Önerisi

Abstract

Etkili olay müdahale mekanizmaları, güvenlik olayları sırasında sistem sürekliliğini korumak için çok önemlidir. Aynı derecede önemli olan, olası yasal işlemler için delillerin ve koruma zinciri kayıtlarının güvenli bir şekilde saklanmasıdır. Bununla birlikte, olay müdahale ve delillerin yönetilmesine ilişkin geleneksel yöntemler, ilgili taraflar arasında önceden var olan bir güven düzeyinin varsayımına dayandığından, tahrifata karşı savunmasız olabilir. Bu çalışmada, alarm yönetiminden vaka yönetimine kadar adli bilişim ve olay müdahale (DFIR) süreçlerindeki tüm işlemleri, özel izinli Hyperledger Fabric blok zincirinde saklamak için blok zinciri tabanlı bir model olan DFIRChain'i öneriyoruz. Blok zincir tabanlı modelimizi DFIR süreçlerine entegre ederek delillerin bütünlüğünü ve orijinalliğini sağlamayı, yasal uyumluluğu geliştirmeyi ve kuruluşların adli bilişim incelemelerine hazır bulunmalarına katkı sağlamayı amaçlıyoruz.

Keywords

Adli bilişim , Olay müdahalesi , Adli bilişime hazır olma , Blok zincir teknolojileri

References

• [1] Sachowski, J. 2019. Implementing Digital Forensic Readiness. 2nd Edition. CRC Press, New York, 503p.
• [2] Communications‐Electronics Security Group. Digital Continuity to Support Forensic Readiness; The National Archives, Richmond, UK, 2011.
• [3] International Standards Organization and International Electrotechnical Commission, ISO/IEC 27043 – Information Technology – Security Techniques – Digital Evidence Investigation Principles and Processes. 2012. Geneva, Switzerland.
• [4] Valjarevic, A., Venter, H. 2013. A Harmonized Process Model for Digital Forensic Investigation Readiness. IFIP Advances in Information and Communication Technology, vol 410. Springer. Berlin, Heidelberg.
• [5] Jaquet-Chiffelle, D., Casey, E. 2020. Bourquenoud, J., Tamperproof Timestamped Provenance Ledger Using Blockchain Technology, FSI Digital Investigation. 33.
• [6] Burri, X., Casey, E., Bollé, T., Jaquet-Chiffelle, D. 2020. Chronological independently verifiable electronic chain of custody ledger using blockchain technology, FSI Digit. Investig. 32.
• [7] Lone, A. H., & Mir, R. N. 2018. Forensic-chain: Ethereum blockchain based digital forensics chain of custody. Sci. Pract. Cyber Secur. J, 1, 21–27.
• [8] Lone, A. H., Mir, R. N. 2019. Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer. Digital investigation. 44–55.
• [9] Li, S., Qin, T., Min, G. 2019. Blockchain-based digital forensics investigation framework in the internet of things and social systems. IEEE Trans. Comput. Soc. Syst. 1433–1441.
• [10] Kim,D., Ihm,S.Y., Son,Y. 2021. Two-Level Blockchain System for Digital Crime Evidence Management.
• [11] Li, M., Lal, C., Conti, M., Hu, D. 2021. LEChain: A blockchain-based lawful evidence management scheme for digital forensics. Future Gener. Comput. Syst. 406–420.
• [12] Alqahtani, S.S., Syed, T.A. 2024. ForensicTransMonitor: A Comprehensive Blockchain Approach to Reinvent Digital Forensics and Evidence Management. Information. 109.
• [13] Özdemir, A. 2021. Cyber threat intelligence sharing technologies and threat sharing model using blockchain. M.S. - Master of Science. Middle East Technical University.
• [14] Schneier, B., Kelsey., J. 1999. Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2. 159–176.
• [15] LogSentinel. 2018. Merkle trees and I.T. clouds, https://github.com/LogSentinel/merkle-trees-documentation/releases/download/v0.1/MerkleTrees.pdf (Access Date: 12.11.2024).
• [16] Moreno J., Serrano M.A., Fernandez E.B., Fernández-Medina E. 2020. Improving Incident Response in Big Data Ecosystems by Using Blockchain Technology. Applied Sciences.
• [17] NIST SP 800-61. 2004. Computer security incident handling guide. http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf (Access Date: 13.11.2024)
• [18] CMU/SEI-TR-015. 2004. Defining incident management processes for CSIRTs. https://insights.sei.cmu.edu/documents/1606/2003_002_001_14102.pdf (Access Date: 13.11.2024).
• [19] ITU-T X.1056. 2009. Security incident management guidelines for telecommunications organizations. https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ICTS-2022-PDF-E.pdf (Access Date: 14.11.2024).
• [20] Palmer, G. 2001. “A Road Map to Digital Forencis Research”. Report From the First Digital Forensic Research Workshop (DFRWS)
• [21] DOJ. 2008. Digital Forensics Analysis Methodology. https://www.justice.gov/sites/default/files/usao/legacy/2008/02/04/usab5601.pdf (Accessed Date: 12.03.2025)
• [22] INTERPOL. 2019. Global Guidelines for Digital Forensics Laboratories. https://www.interpol.int/content/download/13501/file/INTERPOL_DFL_GlobalGuidelinesDigitalForensics (Accessed Date: 12.03.2025)
• [23] Gupta, M. 2017. Blockchain For Dummies. 3rd IBM Limited Edition. John Wiley & Sons Inc. 51p.
• [24] Wüst, K., Gervais, A. 2018. “Do you need a blockchain?”. 2018 Crypto Valley, Conference on Blockchain Technology (CVCBT). 45–54. IEEE.
• [25] Baset, S. A., et al. 2018. Hands-On Blockchain with Hyperledger: Building Decentralized Applications with Hyperledger Fabric and Composer. Packt Publishing, Limited.
• [26] R3. 2024. Corda 5.2: Key Concepts. https://docs.r3.com/en/platform/corda/5.2 /key- concepts.html (Accessed Date: 10.03.2025).
• [27] GoQuorum. 2025. GoQuorum Documentation. https://goquorum.readthedocs.io/ (Accessed Date: 10.03.2025).
• [28] IOTA. 2025. IOTA Architecture: Consensus. https://docs.iota.org/about-iota/iota-architecture/consensus (Accessed Date: 10.03.2025).
• [29] Gürfidan, R., Tatlı, M. 2023. Performance Comparison of Secure Storage Methods for Digital Forensic Evidence. Uluslararası Sürdürülebilir Mühendislik ve Teknoloji Dergisi. 7(2). 131-138.
• [30] Ami-Narh, J. T., & Williams, P. A. H. 2008. Digital forensics and the legal system: A dilemma of our times. Paper presented at the 6th Australian Digital Forensics Conference 10.4225/75/57b268ce40cb6
• [31] Equifax Data Breach. https://archive.epic.org/privacy/data-breach/equifax/. (Accessed Date: 25.03.2025)