TY - CHAP
T1 - Blockchain for modern digital forensics: The chain-of-custody as a distributed ledger
AU - Al-Khateeb, Haider
AU - Epiphaniou, Gregory
AU - Daly, H.
PY - 2019/4/18
Y1 - 2019/4/18
N2 - Blockchain technology can be incorporated into new systems to facilitate modern Digital Forensics and Incident Response (DFIR). For example, it is widely acknowledged that the Internet-of-Things (IoT) has introduced complexity to the cyberspace, however, incident responders should also realise the advantages presented by these new “Digital Witnesses” (DW) to support their investigation. Logs generated by IoT devices can help in the process of event reconstruction, but their integrity -and therefore admissibility- can be achieved only if a Chain-of-Custody (CoC) is maintained within the wider context of an on-going digital investigation. Likewise, the transition to electronic documentation improves data availability, legibility, the utility of notes, and therefore enhances the communication between stakeholders. However, without a proof of validity, these data could be falsified. For example, in an application area such as eHealth, there is a requirement to maintain various existing (and new) rules and regulations concerning authorship, auditing, and the integrity of medical records. Lacking data control could lead to system abuse, fraud and severe compromise of service quality. These concerns can be resolved by implementing an online CoC. In this paper, we discuss the value and means of utilising Blockchain in modern systems to support DFIR. we demonstrate the value of Blockchain to improve the implementation of Digital Forensic Models and discuss why law enforcement and incident responders need to understand Blockchain technology. Furthermore, the admissibility of a Digital Evidence to a Court of Law requires chronological documentation. Hence, we discuss how the CoC can be sustained based on a distributed ledger. Finally, we provide a practical scenario related to eHealth to demonstrate the value of this approach to introduce forensic readiness to computer systems and enable better Police interventions.
AB - Blockchain technology can be incorporated into new systems to facilitate modern Digital Forensics and Incident Response (DFIR). For example, it is widely acknowledged that the Internet-of-Things (IoT) has introduced complexity to the cyberspace, however, incident responders should also realise the advantages presented by these new “Digital Witnesses” (DW) to support their investigation. Logs generated by IoT devices can help in the process of event reconstruction, but their integrity -and therefore admissibility- can be achieved only if a Chain-of-Custody (CoC) is maintained within the wider context of an on-going digital investigation. Likewise, the transition to electronic documentation improves data availability, legibility, the utility of notes, and therefore enhances the communication between stakeholders. However, without a proof of validity, these data could be falsified. For example, in an application area such as eHealth, there is a requirement to maintain various existing (and new) rules and regulations concerning authorship, auditing, and the integrity of medical records. Lacking data control could lead to system abuse, fraud and severe compromise of service quality. These concerns can be resolved by implementing an online CoC. In this paper, we discuss the value and means of utilising Blockchain in modern systems to support DFIR. we demonstrate the value of Blockchain to improve the implementation of Digital Forensic Models and discuss why law enforcement and incident responders need to understand Blockchain technology. Furthermore, the admissibility of a Digital Evidence to a Court of Law requires chronological documentation. Hence, we discuss how the CoC can be sustained based on a distributed ledger. Finally, we provide a practical scenario related to eHealth to demonstrate the value of this approach to introduce forensic readiness to computer systems and enable better Police interventions.
KW - Digital investigation
KW - Forensic readiness
KW - Incident response
KW - Digital witness
KW - Decentralised computing
KW - Liability attribution
KW - eHealth
KW - Data integrity
KW - Digital evidence
UR - https://link.springer.com/chapter/10.1007/978-3-030-11289-9_7
U2 - 10.1007/978-3-030-11289-9_7
DO - 10.1007/978-3-030-11289-9_7
M3 - Chapter
SN - 978-3-030-11288-2
T3 - Advanced Sciences and Technologies for Security Applications book series (ASTSA)
SP - 149
EP - 168
BT - Blockchain and Clinical Trial
A2 - Jahankhani, Hamid
A2 - Kendzierskyj, Stefan
A2 - Jamal, Arshad
A2 - Epiphaniou, Gregory
A2 - Al-Khateeb, Haider
ER -