This lecture, from course CIS8708-Digital Forensics (Guide to Computer Forensics and Investigations), discusses the role of blockchain technologies in digital forensics investigation
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Application of Blockchain Technologies in Digital Forensics
1. CIS8708-Digital Forensics
(Guide to Computer Forensics and
Investigations)
Chapter 7
Application of Blockchain Technologies in
Digital Forensics
Dr. Mahdi Fahmideh
School of Business
University of Southern Queensland (UniSQ)
2. Part 1- An Introduction to Blockchain
Technologies
3. Overview
Many scientific and practical areas have shown increasing interest in reaping the
benefits of blockchain technology to empower software systems.
Blockchain based systems use concepts and technologies popularized by
cryptocurrencies such as Bitcoin – highly decentralized, open transaction ledgers with
immutable content.
Blockchain technologies provide advantages including transparent operations, user
anonymity, auditability, and high scalability.
Over 3,000 blockchain software projects had been hosted on GitHub in March 2018 and
that this number had been sharply doubled to nearly 6,800 in October of the same year.
Some industrial domains have already developed blockchain based systems and others
are still figuring out a reasonable use case to offer new blockchain based systems for
transactional digital services.
4. Foundation
Blockchain is commonly rooted in a few core elements that systems are built upon.
A distributed ledger is a form of a shared database that may exist across multiple locations and
among several participants.
It enables parties to authenticate, process, and validate transactions without the need for
central authority or intermediary.
A type of distributed ledger.
No need to intermediary
Peer to peer network
It is viewed as a promising initiative for the secured and reliable next generation of Internet-
Based information technologies.
5. Foundation (cont.)
Blockchain
an accounting book or digital distributed database.
a chain of blocks (i.e., records) that are sequentially linked together.
each block depends on its predecessor block and is secured via cryptography
techniques.
a block contains transactional data, a time stamp, and a hash value of its previous block.
6. Foundation (cont.)
Blockchain
The chain of blocks is stored on a distributed network of nodes where each node contains a copy
of the entire blockchain
The chain is visible and verifiable by all nodes participating in the network.
Once a block with its own time-stamp is appended to the chain, the creator node broadcasts that
block to all the other nodes in the peer-to-peer distributed network.
Once nodes receive the block, they validate it via predefined check and add the block to their
own local blockchain copy to provide a single source of truth.
The data records in a block are non-reversible, transparent, and become an immutable part of
blockchain after they are accepted by all nodes.
Such a chain of blocks provides a secured means of information exchange between systems
without involving a trusted third party and is suitable for record-keeping operations such as
financial transactions, medical records, and so on
7. Once the smart contract is deployed into the blockchain, the contract code cannot be
changed (or might be difficult to change!). To run a contract, users can simply send a
transaction to the contract’s address. This transaction will then be executed by every
consensus node (called miners) in the network to reach a consensus on its output. The
smart contract’s state will then be updated accordingly. The smart contract can, based
on the transaction it receives, read/write to its private storage, store money into its
account balance, send/receive messages or money from users/other smart contracts or
even create new smart contracts.
Foundation (cont.)
8. Blockchain Append-Only
Within the public blockchain world, every full node on the network is its own
administrator, where it can Create (e.g. add) and Read; this is also known as
Read/Write access (e.g. append-only).
These nodes only add more data over time in the form of blocks, but all previous
data is permanently stored and cannot be altered.
Read: query (e.g. search) and retrieve data from the blockchain
Write: add more data onto the blockchain.
For example, if the blockchain has recorded that our Bitcoin wallet has 1 million
BTC, that figure is permanently stored in the blockchain. When we spend
200,000 BTC, that transaction is recorded onto the blockchain, bringing our
balance to 800,000 BTC. However, since the blockchain can only be
appended, our pre-transaction balance of 1 million BTC also remains on the
blockchain permanently, for those who care to look. This is why the blockchain is
often referred to as an immutable and distributed ledger.
8
9. Disintermediation - Trust Through
Transparency
Blockchain has a powerful disintermediation effect.
Nodes on the network are allowed to place data directly onto the database that is
shared.
This eliminates the need for an intermediary to do such task.
Developers can create a distributed ledger on a blockchain, and use cryptography to
give people secure storage space on that ledger.
This creates a very different world than what we have come to know today,
because for the first time in the digital world, people are allowed to own their own data.
"How is this different from the current technology?"
9
10. Transparency of Blockchain
The blockchain is designed so that its entire history is visible and unchangeable
(immutable).
Transactions in the blockchain cannot be modified after creation, and their
complete history is publicly visible.
This means that the blockchain is a completely transparent data structure with
the useful property that the integrity of the blockchain is easily verifiable by any
user.
10
11. Transparency: Databases vs. Blockchain
Traditional databases and the blockchain were created for different purposes and
have different levels of transparency.
Traditional databases have low transparency since values can be modified or
deleted;
however, this changeability allows them to store data in an efficient manner, with only the
most relevant versions of each value retained in storage.
The blockchain is publicly visible and immutable,
meaning that it has very high transparency.
Its append-only structure and decentralized storage sacrifice storage efficiency for
trustworthiness of the stored data.
11
12. Ownership of data
Today, organizations use our data, sell our data, store our data, and exchange our
data.
Data is an extremely powerful asset and to own your own data is a vast change to
the current system.
In a world powered by blockchain, having ownership of your database is truly
empowering.
You can now share the information that you choose with any organization that you
desire.
With the current system of intermediaries, when you go out to eat at a restaurant,
and you pay with your credit or debit card, you're not paying the restaurant directly.
Instead, a database record at your bank is being debited and the database record at
their bank is being credited.
12
13. Use Cases
In a public blockchain solution like Ethereum, because they're anonymous and we
have no concept of identity, we have no way of treating users differently.
And so all data on a public blockchain is transparent and visible to all other participants.
And this is really important. It adds a lot of value, when we're talking about
exchanging currency or tokens of monetary value, because as long as we can
protect the anonymity of the participants, it gives us a great way for anybody to
validate the details of any transaction on a ledger that is immutable, permanent,
can't be changed and offers a high degree of trust.
This also has a lot of other really interesting potential use cases that we're starting
to explore with public blockchain technology, voting and voter registration, tracking
election results.
These kind of things are very good use cases for having that level of public
transparency.
13
14. Smart contracts
A key element of blockchain technology is the ability to
create and run smart contracts.
Translating the clauses of a business contract into code
and embedding them into software or hardware to make
them automated and self-execute.
“an automatable and enforceable agreement. Automatable
by computer, although some parts may require human
input and control. Enforceable either by legal enforcement
of rights and obligations or via tamper-proof execution of
computer code”
C. D. Clack, V. A. Bakshi, and L. Braine, "Smart contract
templates: foundations, design landscape and research
directions," https://arxiv.org/abs/1608.00771, 2016.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24. Future of blockchain smart contracts
Blockchain smart contracts have shown promising potential to improve business
workflows.
However, blockchain smart contracts are still an ever-growing field in information
technology.
We still unsure what, how, and why blockchain smart contracts are beneficial for
business enterprises with critical business workflows and data?
Which workflows are (not) capable to benefit from smart contracts?
What obstacles/risks against adoption of smart contracts?
How to ensure/test that smart contracts really work as accurate as
conventional/textual contracts?
??
Smart contract project failures
Some organisations switched back from blockchain smart contracts to on-premise.
Application of blockchain smart contracts in digital forensics is still immature. We
don’t know if smart contracts really will replace conventional digital forensics
workflows.
25. Part 2- Applications of Blockchain Smart
Contract Technologies in Digital Forensics
26. Advantages of using blockchain technology in digital forensics investigation
1.Transparency and Traceability: Blockchain transactions and smart contracts are recorded on a distributed ledger, which offers
transparency and traceability. This can provide investigators with a verifiable and auditable trail of transactions and actions,
allowing them to track and analyze digital evidence in a more reliable and tamper-proof manner. This can be particularly useful in
investigations involving financial transactions, supply chain management, or intellectual property disputes, where transparency
and traceability are critical.
2.Immutable Records: Blockchain transactions and smart contracts are typically immutable. They cannot be easily modified or
deleted once recorded on the blockchain. This can help preserve the integrity of digital evidence and prevent tampering, which is
crucial in maintaining the evidentiary value of data during investigation processes. Immutable records can be especially useful in
investigations where data integrity and chain of custody are paramount, such as in criminal investigations or data breach
incidents.
3.Automation : Smart contracts are self-executing and self-enforcing agreements that are automatically executed based on
predefined conditions. This can streamline processes, reduce manual errors, and improve the efficiency of investigation
processes. For example, smart contracts can automatically trigger actions, such as transferring ownership of digital assets, based
on predefined rules or events, which can save time and resources in investigations involving asset tracking, intellectual property
rights, or digital identity verification.
27. Advantages of using blockchain technology in digital forensics investigation (cont.)
4. Decentralization and Security: Blockchain technology is based on a decentralized and distributed network, which can
enhance security and resilience. Smart contracts are typically executed on the blockchain network, eliminating the need for
intermediaries and reducing the risk of single points of failure or tampering. This can increase the security and reliability of
digital evidence in investigations and protect against unauthorized access or data manipulation.
5.Enhanced Data Integrity: Blockchain technology uses cryptographic techniques to secure data integrity, ensuring that
data stored on the blockchain cannot be tampered with without detection. This can provide investigators with enhanced
confidence in the integrity of digital evidence, as any changes or alterations to the data would result in a mismatch with the
cryptographic hash stored on the blockchain. This can be particularly valuable in investigations where data integrity is crucial,
such as in intellectual property disputes or fraud investigations.
6. Digital Forensics Tool Development: The adoption of blockchain smart contracts in digital forensics investigations can
also drive the development of specialized tools and techniques for analyzing blockchain-based evidence. This can include
tools for transaction tracing, data extraction, pattern analysis, and visualization, as well as methodologies for identifying
vulnerabilities or exploits in smart contracts. This can contribute to the advancement of digital forensics as a field and support
investigators in handling blockchain-related cases more effectively.
28. How blockchain smart contracts may facilitate to digital forensic investigation processes?
Why? And what advantages and disadvantages?
30. 1. Evidence Identification: The first step is to identify and collect potential digital evidence from various sources, such as computers, mobile
devices, servers, or cloud storage. With the adoption of blockchain technology, evidence related to blockchain transactions, smart contracts, or
other blockchain-based activities can also be considered as potential digital evidence, e.g., blockchain addresses, transaction IDs, smart
contract code, or other relevant metadata associated with blockchain transactions or smart contracts.
2. Evidence Collection: Once potential blockchain-related evidence is identified, the next step is to collect the evidence using forensically
sound techniques, e.g., forensic image of relevant digital devices or collecting metadata from blockchain transactions or smart contracts using
appropriate tools and methodologies. Chain of custody and preservation of the original evidence are crucial considerations in this process to
ensure that the evidence remains admissible in court.
3. Evidence Analysis: After the evidence is collected, forensic analysis can be performed to extract relevant information from the blockchain
transactions or smart contracts, e.g., forensic tools and techniques to trace and analyse transactions, interpret smart contract code, and
understand the interactions between different blockchain entities. The transparency, traceability, and immutability features of blockchain
technology can provide valuable insights into the digital evidence and help in reconstructing the sequence of events or identifying patterns of
activity.
4. Data Correlation: Data from blockchain transactions or smart contracts can be correlated with other digital evidence, such as log files,
emails, or user accounts, to establish relationships, timelines, or dependencies. This can help in identifying relevant actors, transactions, or
activities that may be associated with the investigation.
5. Verification and Authentication: Cryptographic techniques, for example, can be used to verify the integrity of blockchain transactions or
smart contracts, ensuring that the data has not been tampered with. Digital signatures or hash values associated with blockchain transactions
or smart contracts can be used to authenticate the origin and integrity of the evidence. These verification and authentication mechanisms can
enhance the evidentiary value of blockchain-related evidence in court.
6. Reporting and Presentation: Findings can be documented in a forensic report. The report can include details of the evidence collected,
the analysis performed, the conclusions drawn, and any relevant interpretations or opinions. The report can be presented in court or to other
stakeholders as part of the investigation process, supporting the investigation findings.
7. Expert Testimony: In some cases, a digital forensics investigator may be required to provide expert testimony in court regarding the
findings from the investigation, including the analysis of blockchain-related evidence. The investigator can explain the technical details of
blockchain technology, the analysis performed on the blockchain-related evidence, and the conclusions drawn based on the findings.
Digital forensics investigation process for crims occurring in blockchain based systems
31. 1. Lack of Legal Framework: Traditional legal systems may not fully recognize or provide clear
guidelines for the use of blockchain smart contracts as evidence in court. This could result in legal
uncertainties and challenges in the admissibility and validity of blockchain-based evidence in legal
proceedings.
2.Anonymity and Privacy Concerns: Blockchain transactions are often pseudonymous or anonymous,
which can make it challenging to identify the real-world entities behind the transactions. In digital
forensics investigations, where identifying the parties involved is critical, the anonymity of blockchain
transactions may hinder the investigation process and limit the ability to trace and attribute digital
evidence to specific individuals or entities.
3.Lack of skills: Blockchain technology and smart contracts can be complex and require specialized
knowledge and expertise to understand and analyze. Digital forensics investigators may need to develop
new skills and tools to investigate blockchain-based transactions and smart contracts effectively, which
could pose a challenge in terms of resource allocation and training.
4.Immutability and Irreversibility: Blockchain transactions are typically irreversible and once recorded
on the blockchain, it will be difficult to modify or delete. This feature, while is considered a strength of
blockchain technology, can also be a challenge in digital forensics investigations where the ability to
modify or delete data for investigation purposes may be necessary.
Critical challenges for consideration when using blockchain for digital forensics investigation
32. 5.Limited Interoperability: Blockchain platforms and smart contracts may not be fully interoperable,
and different blockchains may have varying standards, protocols, and capabilities. This can create
challenges in cross-chain investigations and evidence collection, as well as hinder the interoperability of
smart contracts across different blockchain networks.
6.Smart Contract Vulnerabilities: Smart contracts are subject to coding vulnerabilities, such as bugs
or loopholes, which can result in security breaches, exploits, or unintended consequences. In digital
forensics investigations, understanding and identifying vulnerabilities in smart contracts may require
specialized technical knowledge, and the exploitation of such vulnerabilities may require legal and
ethical considerations.
7.Scalability and Performance: Blockchain networks may face challenges with scalability and
performance, including transaction processing speed and cost. Digital forensics investigations involving
large volumes of data or extensive transaction history may require significant resources and time to
analyze on blockchain networks with limited scalability, which could impact investigation timelines and
efficiency.
Critical challenges for consideration when using blockchain for digital forensics investigation (conti.)
33. Considerations for empowering digital forensics via blockchain technology?
Sample critical questions to be answered when implementing blockchain based digital forensics
What are entities (e.g., human, systems, resources) that are interacting during the investigation process?
Prosecution lawyers
Witnesses
Hard drives
etc.
What data are exchange during the interactions?
Search warrant
Digital evidence
Evidence custody form
etc.
What types of investigation processes can be more beneficial to utilize blockchain smart contracts?
Private sector vs. publica sector
Type of case
etc.
37. How data acquisition and collection can be improved via adopting blockchain smart contracts?
38. How blockchain smart contracts may facilitate the digital forensic investigation processes
that performed for crims occurring in IoT based systems, e.g., smart home?
39. References:
- Mahdi Fahmideh, John Grundy, Aakash Ahmed, Jun Shen, Jun Yan, Davoud Mougouei, Uwe, Aickelin, Babak Abedin, Engineering
Blockchain-based Software Systems: Foundations, Survey, and Future Directions, ACM Computing Surveys. 2022 Dec 7;55(6):1-44.
- Lone Auqib Hamid, and Roohie Naaz Mir, "Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger
Composer." Digital investigation 28 (2019): 44-55.
- Meng Li, Chhagan Lal, Mauro Conti, Donghui Hu, A blockchain-based lawful evidence management scheme for digital forensics. Future
Generation Computer Systems. 2021 Feb 1;115:406-20.
- Shancang Li, Tao Qin, Geyong Min. Blockchain-based digital forensics investigation framework in the internet of things and social
systems, IEEE Transactions on Computational Social Systems 6, no. 6 (2019): 1433-1441.
- Zheng, Zibin, et al. An overview on smart contracts: Challenges, advances and platforms, Future Generation Computer Systems 105
(2020): 475-491.
Hinweis der Redaktion
Photo source: Alharby, Maher, and Aad Van Moorsel. "Blockchain-based smart contracts: A systematic mapping study." arXiv preprint arXiv:1710.06372 (2017).
Photo source: Alharby, Maher, and Aad Van Moorsel. "Blockchain-based smart contracts: A systematic mapping study." arXiv preprint arXiv:1710.06372 (2017).
Photo source: Li, Shancang, Tao Qin, and Geyong Min. "Blockchain-based digital forensics investigation framework in the internet of things and social systems." IEEE Transactions on Computational Social Systems 6.6 (2019): 1433-1441.
Photo source: Lone, Auqib Hamid, and Roohie Naaz Mir. "Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer." Digital investigation 28 (2019): 44-55.
Source: Li, Meng, et al. "LEChain: A blockchain-based lawful evidence management scheme for digital forensics." Future Generation Computer Systems 115 (2021): 406-420.
Photo source: Lone, Auqib Hamid, and Roohie Naaz Mir. "Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer." Digital investigation 28 (2019): 44-55.
Photo source: Montasari, Reza. "A standardised data acquisition process model for digital forensic investigations." International Journal of Information and Computer Security 9.3 (2017): 229-249.