TY - JOUR T1 - A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness TT - Adli Bilişime Hazır Bulunmayı Artırmak için Blok Zincir Tabanlı Bir Model Önerisi AU - Meral, Mehmet AU - Sayan, Hasan Hüseyin PY - 2025 DA - April Y2 - 2025 DO - 10.19113/sdufenbed.1604169 JF - Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi JO - J. Nat. Appl. Sci. PB - Süleyman Demirel Üniversitesi WT - DergiPark SN - 1308-6529 SP - 228 EP - 242 VL - 29 IS - 1 LA - en AB - Effective incident response mechanisms are crucial for maintaining system continuity during security incidents. Equally important is the secure preservation of forensic evidence and chain of custody records for potential legal proceedings. However, traditional methods of incident response and evidence handling can be vulnerable to tampering as they rely on the assumption of a pre-existing level of trust among the involved parties. In this study, we propose a blockchain-based model, DFIRChain, to record all operations within digital forensics and incident response (DFIR) processes on a private permissioned Hyperledger Fabric blockchain, from alert management to case management. By integrating our blockchain-based model into DFIR processes, we aim to ensure the integrity and authenticity of evidence, enhance legal compliance, and contribute to organizations' digital forensic readiness. KW - Digital forensics Incident response KW - Digital forensics readiness KW - Blockchain technologies N2 - Etkili olay müdahale mekanizmaları, güvenlik olayları sırasında sistem sürekliliğini korumak için çok önemlidir. Aynı derecede önemli olan, olası yasal işlemler için delillerin ve koruma zinciri kayıtlarının güvenli bir şekilde saklanmasıdır. Bununla birlikte, olay müdahale ve delillerin yönetilmesine ilişkin geleneksel yöntemler, ilgili taraflar arasında önceden var olan bir güven düzeyinin varsayımına dayandığından, tahrifata karşı savunmasız olabilir. Bu çalışmada, alarm yönetiminden vaka yönetimine kadar adli bilişim ve olay müdahale (DFIR) süreçlerindeki tüm işlemleri, özel izinli Hyperledger Fabric blok zincirinde saklamak için blok zinciri tabanlı bir model olan DFIRChain'i öneriyoruz. Blok zincir tabanlı modelimizi DFIR süreçlerine entegre ederek delillerin bütünlüğünü ve orijinalliğini sağlamayı, yasal uyumluluğu geliştirmeyi ve kuruluşların adli bilişim incelemelerine hazır bulunmalarına katkı sağlamayı amaçlıyoruz. CR - [1] Sachowski, J. 2019. Implementing Digital Forensic Readiness. 2nd Edition. CRC Press, New York, 503p. CR - [2] Communications‐Electronics Security Group. Digital Continuity to Support Forensic Readiness; The National Archives, Richmond, UK, 2011. CR - [3] International Standards Organization and International Electrotechnical Commission, ISO/IEC 27043 – Information Technology – Security Techniques – Digital Evidence Investigation Principles and Processes. 2012. Geneva, Switzerland. CR - [4] Valjarevic, A., Venter, H. 2013. A Harmonized Process Model for Digital Forensic Investigation Readiness. IFIP Advances in Information and Communication Technology, vol 410. Springer. Berlin, Heidelberg. CR - [5] Jaquet-Chiffelle, D., Casey, E. 2020. Bourquenoud, J., Tamperproof Timestamped Provenance Ledger Using Blockchain Technology, FSI Digital Investigation. 33. CR - [6] Burri, X., Casey, E., Bollé, T., Jaquet-Chiffelle, D. 2020. Chronological independently verifiable electronic chain of custody ledger using blockchain technology, FSI Digit. Investig. 32. CR - [7] Lone, A. H., & Mir, R. N. 2018. Forensic-chain: Ethereum blockchain based digital forensics chain of custody. Sci. Pract. Cyber Secur. J, 1, 21–27. CR - [8] Lone, A. H., Mir, R. N. 2019. Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer. Digital investigation. 44–55. CR - [9] Li, S., Qin, T., Min, G. 2019. Blockchain-based digital forensics investigation framework in the internet of things and social systems. IEEE Trans. Comput. Soc. Syst. 1433–1441. CR - [10] Kim,D., Ihm,S.Y., Son,Y. 2021. Two-Level Blockchain System for Digital Crime Evidence Management. CR - [11] Li, M., Lal, C., Conti, M., Hu, D. 2021. LEChain: A blockchain-based lawful evidence management scheme for digital forensics. Future Gener. Comput. Syst. 406–420. CR - [12] Alqahtani, S.S., Syed, T.A. 2024. ForensicTransMonitor: A Comprehensive Blockchain Approach to Reinvent Digital Forensics and Evidence Management. Information. 109. CR - [13] Özdemir, A. 2021. Cyber threat intelligence sharing technologies and threat sharing model using blockchain. M.S. - Master of Science. Middle East Technical University. CR - [14] Schneier, B., Kelsey., J. 1999. Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2. 159–176. CR - [15] LogSentinel. 2018. Merkle trees and I.T. clouds, https://github.com/LogSentinel/merkle-trees-documentation/releases/download/v0.1/MerkleTrees.pdf (Access Date: 12.11.2024). CR - [16] Moreno J., Serrano M.A., Fernandez E.B., Fernández-Medina E. 2020. Improving Incident Response in Big Data Ecosystems by Using Blockchain Technology. Applied Sciences. CR - [17] NIST SP 800-61. 2004. Computer security incident handling guide. http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf (Access Date: 13.11.2024) CR - [18] CMU/SEI-TR-015. 2004. Defining incident management processes for CSIRTs. https://insights.sei.cmu.edu/documents/1606/2003_002_001_14102.pdf (Access Date: 13.11.2024). CR - [19] ITU-T X.1056. 2009. Security incident management guidelines for telecommunications organizations. https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ICTS-2022-PDF-E.pdf (Access Date: 14.11.2024). CR - [20] Palmer, G. 2001. “A Road Map to Digital Forencis Research”. Report From the First Digital Forensic Research Workshop (DFRWS) CR - [21] DOJ. 2008. Digital Forensics Analysis Methodology. https://www.justice.gov/sites/default/files/usao/legacy/2008/02/04/usab5601.pdf (Accessed Date: 12.03.2025) CR - [22] INTERPOL. 2019. Global Guidelines for Digital Forensics Laboratories. https://www.interpol.int/content/download/13501/file/INTERPOL_DFL_GlobalGuidelinesDigitalForensics (Accessed Date: 12.03.2025) CR - [23] Gupta, M. 2017. Blockchain For Dummies. 3rd IBM Limited Edition. John Wiley & Sons Inc. 51p. CR - [24] Wüst, K., Gervais, A. 2018. “Do you need a blockchain?”. 2018 Crypto Valley, Conference on Blockchain Technology (CVCBT). 45–54. IEEE. CR - [25] Baset, S. A., et al. 2018. Hands-On Blockchain with Hyperledger: Building Decentralized Applications with Hyperledger Fabric and Composer. Packt Publishing, Limited. CR - [26] R3. 2024. Corda 5.2: Key Concepts. https://docs.r3.com/en/platform/corda/5.2 /key- concepts.html (Accessed Date: 10.03.2025). CR - [27] GoQuorum. 2025. GoQuorum Documentation. https://goquorum.readthedocs.io/ (Accessed Date: 10.03.2025). CR - [28] IOTA. 2025. IOTA Architecture: Consensus. https://docs.iota.org/about-iota/iota-architecture/consensus (Accessed Date: 10.03.2025). CR - [29] Gürfidan, R., Tatlı, M. 2023. Performance Comparison of Secure Storage Methods for Digital Forensic Evidence. Uluslararası Sürdürülebilir Mühendislik ve Teknoloji Dergisi. 7(2). 131-138. CR - [30] Ami-Narh, J. T., & Williams, P. A. H. 2008. Digital forensics and the legal system: A dilemma of our times. Paper presented at the 6th Australian Digital Forensics Conference 10.4225/75/57b268ce40cb6 CR - [31] Equifax Data Breach. https://archive.epic.org/privacy/data-breach/equifax/. (Accessed Date: 25.03.2025) UR - https://doi.org/10.19113/sdufenbed.1604169 L1 - https://dergipark.org.tr/tr/download/article-file/4452779 ER -