Blockchain for Modern Digital Forensics: The Chain-of-Custody as a Distributed Ledger

The discipline of digital forensics requires a combination of skills, qualifications and knowledge in the area of forensic investigation, legal aspects and information technology. The uniqueness of digital evidence makes the adoption of traditional legal approaches problematic. Information technology terminology is currently used interchangeably without any regard to being unambiguous and consistent in relation to legal texts. Many of the information technology terms or concepts have not yet achieved legal recognition. The recognition and standardisation of terminology within a legal context are of the utmost importance to ensure that miscommunication does not occur. To provide clarity or guidance on some of the terms and concepts applicable to digital forensics and for the search and seizure of digital evidence, some of the concepts and terms are reviewed and discussed, using the Criminal Procedure Act 51 of 1977 as a point of departure. Digital evidence is often collected incorrectly and analysed ineffectively or simply overlooked due to the complexities that digital evidence poses to forensic investigators. As with any forensic science, specific regulations, guidelines, principles or procedures should be followed to meet the objectives of investigations and to ensure the accuracy and acceptance of findings. These regulations, guidelines, principles or procedures are discussed within the context of digital forensics: what processes should be followed and how these processes ensure the acceptability of digital evidence. These processes include international principles and standards such as those of the Association of Chiefs of Police Officers and the International Organisation of Standardisation. A summary is also provided of the most influential or best-recognised international (IOS) standards on digital forensics. It is concluded that the originality, reliability, integrity and admissibility of digital evidence should be maintained as follows: Data should not be changed or altered. Original evidence should not be directly examined. Forensically sound duplicates should be created. Digital forensic analyses should be performed by competent persons. Digital forensic analyses should adhere to relevant local legal requirements. Audit trails should exist consisting of all required documents and actions. The chain of custody should be protected. Processes and procedures should be proper, while recognised and accepted by the industry. If the ACPO (1997) principles and ISO/IEC 27043 and 27037 Standards are followed as a forensic framework, then digital forensic investigators should follow these standards as a legal framework.

Download Full-text

Digital Forensics of Cybercrimes and the Use of Cyber Forensics Tools to Obtain Digital Evidence

Cyber Security Auditing, Assurance, and Awareness Through CSAM and CATRAM - Advances in Digital Crime, Forensics, and Cyber Terrorism ◽

10.4018/978-1-7998-4162-3.ch003 ◽

2021 ◽

pp. 45-68

Keyword(s):

International Collaboration ◽

Digital Forensics ◽

Lessons Learned ◽

Digital Evidence ◽

Collaboration Networks ◽

Forensic Evidence ◽

Digital Ecosystems ◽

Cyber Forensics ◽

Chain Of Custody ◽

New Strategies

This chapter evaluates the most relevant methodologies and best practices for conducting digital investigations, preserving digital forensic evidence and following chain of custody (CoC) of cybercrimes. Cybercriminals are assuming new strategies to launch their sophisticated cyberattacks within the ever-changing digital ecosystems. The authors recommend that digital investigations must continually shift to tackle cybercrimes and prosecute cybercriminals to increase international collaboration networks, to share prevention knowledge, and to analyze lessons learned. They also establish a cyber forensics model for miscellaneous ecosystems called cyber forensics model in digital ecosystems (CFMDE). This chapter also reviews the most important categories of tools to conduct digital investigations. Nevertheless, as the cybercrime sophistication keeps improving, it is also necessary to harden technologies, techniques, methodologies, and tools to acquire digital evidence in order to support and make cyber investigation cases stronger.

Download Full-text

A Data Preservation Method Based on Blockchain and Multidimensional Hash for Digital Forensics

Complexity ◽

10.1155/2021/5536326 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Gongzheng Liu ◽

Jingsha He ◽

Xinggang Xuan

Keyword(s):

Digital Forensics ◽

Current Data ◽

Data Preservation ◽

Smart Contract ◽

Preservation Technology ◽

Preservation Method ◽

Proposed Model ◽

Chain Of Custody ◽

The Times ◽

Excessive Number

Since digital forensics becomes more and more popular, more and more attention has been paid to the originality and validity of data, and data preservation technology emerges as the times require. However, the current data preservation models and technologies are only the combination of cryptography technology, and there is a risk of being attacked and cracked. And in the process of data preservation, human participation is also needed, which may lead to data tampering. To solve problems given, this paper presents a data preservation model based on blockchain and multidimensional hash. With the decentralization and smart contract characteristics of blockchain, data can be automatically preserved without human participation to form a branch chain of custody in the unit of case, and blockchain has good antiattack performance, which is the so-called 51% attack. Meanwhile, in order to solve the problem of data confusion and hard to query caused by the excessive number of cases, hash, cryptography, and timestamps are used to form a serialized main chain of custody. Because of the confliction problem of hash and judicial trial needs to absolutely guarantee the authenticity and validity of data, multidimensional hash is used to replace regular hash. In this way, the data preservation becomes an automatic, nonhuman-interventional process. Experiments have been carried out to show the security and effectiveness of the proposed model.

Download Full-text

Digital Forensics in Cyber Security—Recent Trends, Threats, and Opportunities

10.5772/intechopen.94452 ◽

2021 ◽

Author(s):

Mohammed I. Alghamdi

Keyword(s):

Data Storage ◽

Cyber Security ◽

Large Scale ◽

Digital Forensics ◽

Technological Advancement ◽

Privacy And Security ◽

Media Forensics ◽

Chain Of Custody ◽

Recent Trends ◽

Entire World

The rapid technological advancement has led the entire world to shift towards digital domain. However, this transition has also result in the emergence of cybercrimes and security breach incidents that threatens the privacy and security of the users. Therefore, this chapter aimed at examining the use of digital forensics in countering cybercrimes, which has been a critical breakthrough in cybersecurity. The chapter has analyzed the most recent trends in digital forensics, which include cloud forensics, social media forensics, and IoT forensics. These technologies are helping the cybersecurity professionals to use the digital traces left by the data storage and processing to keep data safe, while identifying the cybercriminals. However, the research has also observed specific threats to digital forensics, which include technical, operational and personnel-related challenges. The high complexity of these systems, large volume of data, chain of custody, the integrity of personnel, and the validity and accuracy of digital forensics are major threats to its large-scale use. Nevertheless, the chapter has also observed the use of USB forensics, intrusion detection and artificial intelligence as major opportunities for digital forensics that can make the processes easier, efficient, and safe.

Download Full-text

Cloud Computing Forensics

Cloud Technology ◽

10.4018/978-1-4666-6539-2.ch015 ◽

2015 ◽

pp. 323-331

Author(s):

Mario A. Garcia

Keyword(s):

Cloud Computing ◽

Digital Media ◽

Digital Forensics ◽

Forensic Analysis ◽

Cloud Environment ◽

Malicious Activity ◽

Cloud Application ◽

Chain Of Custody ◽

A Chain ◽

A Company

As computer technology evolved over the last 30 years, so did the opportunity to use computers to break the law. Out of necessity, digital forensics was birthed. Computer forensics is the practice of extracting information from the digital media in order to prosecute the individuals that carried out the crime. Forensic challenges presented by cloud computing are vast and complex. If a company becomes the target of a digital criminal investigation and they are using cloud computing, some unique challenges are faced by a digital forensics examiner. The data in the cloud only represents a “snapshot” of when it was sent to the cloud. Establishing a chain of custody for the data would become difficult or impossible if its integrity and authenticity cannot be fully determined. There are also potential forensic issues when the customer or user exits a cloud application. Items subject to forensic analysis, such as registry entries, temporary files, and other artifacts are lost, making malicious activity difficult to prove. The challenges of applying forensics to a cloud environment are tied to cloud security. This chapter discusses securing a cloud environment and how that would help with the forensic analysis.

Download Full-text

CustodyBlock: A Distributed Chain of Custody Evidence Framework

Information ◽

10.3390/info12020088 ◽

2021 ◽

Vol 12 (2) ◽

pp. 88

Author(s):

Fahad F. Alruwaili

Keyword(s):

Digital Forensics ◽

Research Direction ◽

Digital Evidence ◽

Smart Contracts ◽

Critical Component ◽

Original State ◽

Relevant Evidence ◽

Control Transfer ◽

Evidence Framework ◽

Chain Of Custody

With the increasing number of cybercrimes, the digital forensics team has no choice but to implement more robust and resilient evidence-handling mechanisms. The capturing of digital evidence, which is a tangible and probative piece of information that can be presented in court and used in trial, is very challenging due to its volatility and improper handling procedures. When computer systems get compromised, digital forensics comes into play to analyze, discover, extract, and preserve all relevant evidence. Therefore, it is imperative to maintain efficient evidence management to guarantee the credibility and admissibility of digital evidence in a court of law. A critical component of this process is to utilize an adequate chain of custody (CoC) approach to preserve the evidence in its original state from compromise and/or contamination. In this paper, a practical and secure CustodyBlock (CB) model using private blockchain protocol and smart contracts to support the control, transfer, analysis, and preservation monitoring is proposed. The smart contracts in CB are utilized to enhance the model automation process for better and more secure evidence preservation and handling. A further research direction in terms of implementing blockchain-based evidence management ecosystems, and the implications on other different areas, are discussed.

Download Full-text

Manajemen Pengelolaan Bukti Digital Untuk Meningkatkan Aksesibilitas Pada Masa Pandemi Covid-19

Jurnal Ilmiah SINUS ◽

10.30646/sinus.v19i1.502 ◽

2021 ◽

Vol 19 (1) ◽

pp. 27

Author(s):

Moch Bagoes Pakarti ◽

Dhomas Hatta Fudholi ◽

Yudi Prayudi

Keyword(s):

Management System ◽

Digital Forensics ◽

Current Problem ◽

Human Life ◽

Hash Functions ◽

Digital Evidence ◽

Chain Of Custody

Covid-19 has a major impact on human life, including the process of managing digital evidence. Management of digital evidence requires special handling that can store and maintain the integrity of digital evidence. The current problem is there is no concept of storing digital evidence that can be accessed online in wider accessibility. Online digital evidence management is proposed as a solution to solve this problem. This concept is in the form of an online digital evidence management system that can be accessed anywhere and anytime using MD5 and SHA1 hash functions in order to maintain the properties of digital evidence so that it can be legally accepted. The problems with digital evidence management require a Management System for Digital Evidence that is suitable for application in Digital Forensics Laboratory. This research had successfully implemented the concept of online chain of custody. It is expected, with the concept of Online Digital Evidence Management, this digital evidence control and all activities related to it can be maintained and well documented. Moreover, it can reach a wider area accessed anywhere and any time and reduce the spread of Covid-19.

Download Full-text

THE INTEGRATION OF DIGITAL FORENSICS SCIENCE AND ISLAMIC EVIDENCE LAWS

International Journal of Law, Government and Communication ◽

10.35631/ijlgc.417006 ◽

2019 ◽

Vol 4 (17) ◽

pp. 61-70

Author(s):

Mohamad Khairudin Kallil ◽

Ahmad Che Yaacob

Keyword(s):

Operating Procedure ◽

Digital Forensics ◽

Islamic Law ◽

Standard Operating Procedure ◽

Digital Evidence ◽

Standard Requirement ◽

Standard Operating ◽

Chain Of Custody ◽

Court Proceedings ◽

A Chain

Evidence is anything that tends to prove or disprove a fact at issue in legal action. It involves the offering of alleged proof through testimony or objects at court proceedings to persuade the trier of fact about an issue in dispute. Islamic Evidence Law is a body of rules that helps to govern conduct and determines what will admissible in certain legal proceedings and trials. In the proceeding that involves digital evidence, the court will consider whether the digital evidence is admissible or inadmissible depends on the requirements of admissibility stated in law statutes in force and the existence of any Standard Operating Procedure (SOP). Under section 33 of the Syariah Court (Federal Territories) Evidence Act or other Syariah Evidence Enactments, digital evidence is subjected to be authenticated by the digital forensics experts. In digital forensics, the process of identification, preservation, collection, analysis, and presentation is the main procedures contained in any Standard Operating Procedure (SOP) of any digital forensics services. The court will ensure that this procedure can maintain the authenticity and the originality of the evidence especially on the issue of expert qualification, a chain of custody and analysis part. Thus, digital forensics is integrated with the Islamic law of evidence to maintain justice in delivering judgment. Therefore, this article examines the standard requirement of the admissibility of digital evidence by digital forensic methodology by using the qualitative approach on the analysis of articles, books, law statutes documents and law cases. The results show that the need for amendment of Syariah Court Evidence and Procedure statutes and the necessity of the existence of Standard Operating Procedure (SOP) on digital evidence in the Syariah courts as a guideline for judges, lawyers and parties involved.

Download Full-text

Cloud Computing Forensics

Advances in Business Information Systems and Analytics - Security, Trust, and Regulatory Aspects of Cloud Computing in Business Environments ◽

10.4018/978-1-4666-5788-5.ch010 ◽

2014 ◽

pp. 170-178

Author(s):

Mario A. Garcia

Keyword(s):

Cloud Computing ◽

Digital Media ◽

Digital Forensics ◽

Forensic Analysis ◽

Cloud Environment ◽

Malicious Activity ◽

Cloud Application ◽

Chain Of Custody ◽

A Chain ◽

A Company

As computer technology evolved over the last 30 years, so did the opportunity to use computers to break the law. Out of necessity, digital forensics was birthed. Computer forensics is the practice of extracting information from the digital media in order to prosecute the individuals that carried out the crime. Forensic challenges presented by cloud computing are vast and complex. If a company becomes the target of a digital criminal investigation and they are using cloud computing, some unique challenges are faced by a digital forensics examiner. The data in the cloud only represents a “snapshot” of when it was sent to the cloud. Establishing a chain of custody for the data would become difficult or impossible if its integrity and authenticity cannot be fully determined. There are also potential forensic issues when the customer or user exits a cloud application. Items subject to forensic analysis, such as registry entries, temporary files, and other artifacts are lost, making malicious activity difficult to prove. The challenges of applying forensics to a cloud environment are tied to cloud security. This chapter discusses securing a cloud environment and how that would help with the forensic analysis.

Download Full-text