Blockchain for modern digital forensics: The chain-of-custody as a distributed ledger

Haider Al-Khateeb, Gregory Epiphaniou, H. Daly

Research output: Chapter in Book/Published conference outputChapter


Blockchain technology can be incorporated into new systems to facilitate modern Digital Forensics and Incident Response (DFIR). For example, it is widely acknowledged that the Internet-of-Things (IoT) has introduced complexity to the cyberspace, however, incident responders should also realise the advantages presented by these new “Digital Witnesses” (DW) to support their investigation. Logs generated by IoT devices can help in the process of event reconstruction, but their integrity -and therefore admissibility- can be achieved only if a Chain-of-Custody (CoC) is maintained within the wider context of an on-going digital investigation. Likewise, the transition to electronic documentation improves data availability, legibility, the utility of notes, and therefore enhances the communication between stakeholders. However, without a proof of validity, these data could be falsified. For example, in an application area such as eHealth, there is a requirement to maintain various existing (and new) rules and regulations concerning authorship, auditing, and the integrity of medical records. Lacking data control could lead to system abuse, fraud and severe compromise of service quality. These concerns can be resolved by implementing an online CoC. In this paper, we discuss the value and means of utilising Blockchain in modern systems to support DFIR. we demonstrate the value of Blockchain to improve the implementation of Digital Forensic Models and discuss why law enforcement and incident responders need to understand Blockchain technology. Furthermore, the admissibility of a Digital Evidence to a Court of Law requires chronological documentation. Hence, we discuss how the CoC can be sustained based on a distributed ledger. Finally, we provide a practical scenario related to eHealth to demonstrate the value of this approach to introduce forensic readiness to computer systems and enable better Police interventions.
Original languageEnglish
Title of host publicationBlockchain and Clinical Trial
Subtitle of host publicationSecuring Patient Data
EditorsHamid Jahankhani, Stefan Kendzierskyj, Arshad Jamal, Gregory Epiphaniou, Haider Al-Khateeb
Number of pages19
ISBN (Electronic)978-3-030-11289-9
Publication statusPublished - 18 Apr 2019

Publication series

NameAdvanced Sciences and Technologies for Security Applications book series (ASTSA)
PublisherSpringer Cham
ISSN (Print)1613-5113
ISSN (Electronic)2363-9466


  • Digital investigation
  • Forensic readiness
  • Incident response
  • Digital witness
  • Decentralised computing
  • Liability attribution
  • eHealth
  • Data integrity
  • Digital evidence


Dive into the research topics of 'Blockchain for modern digital forensics: The chain-of-custody as a distributed ledger'. Together they form a unique fingerprint.

Cite this