Blockchain for Modern Digital Forensics: The Chain-of-Custody as a Distributed Ledger

  • Haider Al-KhateebEmail author
  • Gregory Epiphaniou
  • Herbert Daly
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Blockchain technology can be incorporated into new systems to facilitate modern Digital Forensics and Incident Response (DFIR). For example, it is widely acknowledged that the Internet-of-Things (IoT) has introduced complexity to the cyberspace, however, incident responders should also realise the advantages presented by these new “Digital Witnesses” (DW) to support their investigation. Logs generated by IoT devices can help in the process of event reconstruction, but their integrity -and therefore admissibility- can be achieved only if a Chain-of-Custody (CoC) is maintained within the wider context of an on-going digital investigation. Likewise, the transition to electronic documentation improves data availability, legibility, the utility of notes, and therefore enhances the communication between stakeholders. However, without a proof of validity, these data could be falsified. For example, in an application area such as eHealth, there is a requirement to maintain various existing (and new) rules and regulations concerning authorship, auditing, and the integrity of medical records. Lacking data control could lead to system abuse, fraud and severe compromise of service quality. These concerns can be resolved by implementing an online CoC. In this paper, we discuss the value and means of utilising Blockchain in modern systems to support DFIR. we demonstrate the value of Blockchain to improve the implementation of Digital Forensic Models and discuss why law enforcement and incident responders need to understand Blockchain technology. Furthermore, the admissibility of a Digital Evidence to a Court of Law requires chronological documentation. Hence, we discuss how the CoC can be sustained based on a distributed ledger. Finally, we provide a practical scenario related to eHealth to demonstrate the value of this approach to introduce forensic readiness to computer systems and enable better Police interventions.


Digital investigation Forensic readiness Incident response Digital witness Decentralised computing Liability attribution eHealth Data integrity Digital evidence 


  1. Abuosba K (2015) Formalizing big data processing lifecycles: acquisition, serialization, aggregation, analysis, mining, knowledge representation, and information dissemination. 2015 international conference and workshop on computing and communication (IEMCON), pp 1–4.
  2. Alhaboby ZA, Al-Khateeb HM, Barnes J, Short E (2016) The language is disgusting and they refer to my disability: the cyberharassment of disabled people. Disabil Soc 31(8):1138–1143. CrossRefGoogle Scholar
  3. Alhaboby ZA, Alhaboby D, Al-Khateeb HM, Epiphaniou G, Ismail DKB, Jahankhani H, Pillai P (2018) Understanding the cyber-victimisation of people with long term conditions and the need for collaborative forensics-enabled disease management programmes. In: Jahankhani H (ed) Cyber criminology. Advanced sciences and technologies for security applications. Springer, ChamGoogle Scholar
  4. al-Khateeb HM, Epiphaniou G, Alhaboby ZA, Barnes J, Short E (2017) Cyberstalking: investigating formal intervention and the role of corporate social responsibility. Telematics Inform 34(4):339–349. CrossRefGoogle Scholar
  5. Cocco L, Pinna A, Marchesi M (2017) Banking on Blockchain: costs savings thanks to the Blockchain technology. Futur Internet 9(3):25CrossRefGoogle Scholar
  6. Daryabar F, Dehghantanha A, Choo K-KR (2017) Cloud storage forensics: MEGA as a case study. Aust J Forensic Sci 49(3):344–357. CrossRefGoogle Scholar
  7. Irshad M, Al-Khateeb HM, Mansour A, Ashawa M, Hamisu M (2018) Effective methods to detect metamorphic malware: a systematic review. Int J Electron Secur Digit Forensics 10(2):138–154. CrossRefGoogle Scholar
  8. Johng H, Kim D, Hill T, Chung L (2018) Using Blockchain to enhance the trustworthiness of business processes: a goal-oriented approach. 2018 IEEE international conference on services computing (SCC), pp 249–252.
  9. Ma A (2018) Thousands of people in Sweden are embedding microchips under their skin to replace ID cards.
  10. Mengelkamp E, Notheisen B, Beer C, Dauer D, Weinhardt C (2018) A Blockchain-based smart grid: towards sustainable local energy markets. Comput Sci Res Dev 33(1):207–214. CrossRefGoogle Scholar
  11. Moffatt-Bruce SD, Ferdinand FD, Fann JI (2016) Patient safety: disclosure of medical errors and risk mitigation. Ann Thorac Surg 102(2):358–362. CrossRefGoogle Scholar
  12. Nakamoto S (2008) Bitcoin: a peer-to-peer electronic cash system.
  13. Navarro-Ortiz J, Sendra S, Ameigeiras P, Lopez-Soler JM (2018) Integration of LoRaWAN and 4G/5G for the industrial internet of things. IEEE Commun Mag 56(2):60–67. CrossRefGoogle Scholar
  14. Nieto A, Roman R, Lopez J (2016) Digital witness: safeguarding digital evidence by using secure architectures in personal devices. IEEE Netw 30(6):34–41. CrossRefGoogle Scholar
  15. Pollitt M (2010) A history of digital forensics. In: Advances in digital forensics VI. Springer, Berlin/Heidelberg, pp 3–15. CrossRefGoogle Scholar
  16. Risteska Stojkoska BL, Trivodaliev KV (2017) A review of internet of things for smart home: challenges and solutions. J Clean Prod 140:1454–1464. CrossRefGoogle Scholar
  17. Smith FC, Bace RG (2002) A guide to forensic testimony: the art and practice of presenting testimony as an expert technical witness. Pearson EducationGoogle Scholar
  18. Staats BR, Dai H, Hofmann D, Milkman KL (2017) Motivating process compliance through individual electronic monitoring: an empirical examination of hand hygiene in healthcare. Manag Sci 63(5):1563–1585. CrossRefGoogle Scholar
  19. U.S. Department of Homeland Security – United States Secret Service (2015) Best practices for seizing electronic evidence: a pocket guide for first respondersGoogle Scholar
  20. Wan J, Zou C, Zhou K, Lu R, Li D (2014) IoT sensing framework with inter-cloud computing capability in vehicular networking. Electron Commer Res 14(3):389–416. CrossRefGoogle Scholar
  21. Williams J (2012) ACPO good practice guide for digital evidence. Metropolitan Police Service, Association of chief police officers, GBGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Haider Al-Khateeb
    • 1
    Email author
  • Gregory Epiphaniou
    • 1
  • Herbert Daly
    • 1
  1. 1.University of WolverhamptonWolverhamptonUK

Personalised recommendations