Chain of Custody and Evidence Integrity Verification Using Blockchain Technology




Blockchain, Chain of Custody, Smart Contract, Access Control, Integrity, Digital Forensics


The validity and integrity of digital evidence and the chain of custody are crucial to all digital forensic investigations. All new evidence and access logs of the original evidence should be logged in a document called the ‘chain of custody’. This document shows the timeline of any piece of evidence from the time it was recorded until the end of the investigation. In a traditional digital investigation, trusted parties, such as an investigator, are allowed access to the digital evidence and follow a strict process when dealing with data. These trusted parties have the capability to alter the data making the evidence inadmissible in a court of law. Alternatively, these trusted parties may also alter the data accidentally or with malicious intent, due to a lack of transparency and non-repudiation. Blockchain technology can solve this issue, however, existing research shows that adopting blockchain does not provide adequate transparent access control mechanisms. Consequently, this makes blockchain difficult to adopt due to the one-to-one mapping and the inability to easily validate the chain of custody and evidence admissibility.  Current methodologies rely on an external off-chain access control mechanism, which, regrettably, remains susceptible to potential breaches that could compromise its integrity and validity. This paper proposes an enhanced model to provide access control through smart contracts, ensuring immutability, flexibility, transparency, and non-repudiation of both the access control mechanisms and the digital evidence itself. This is achieved by moving the access control mechanism to the blockchain. This tracks any changes made through the access control mechanism, further ensuring transparency and integrity. This smart contract-based access control builds off role-based access control, allowing for more complex hierarchies to be used. This model aims to allow for both modularity, making adoption easier for existing digital forensic tools, and encouraging digital investigation and litigation to become more streamlined.  Existing tools can easily integrate with the proposed model adding an extra layer of non-repudiation, transparency, and integrity.

Author Biographies

Adir Miller, University of pretoria

Adir Miller is currently pursuing a master's in computer science at the University of Pretoria. He is a member of the DigiForS research group and a former Assistant Lecturer. He has completed his BSc in Information and Knowledge Systems with distinction as well as a BscHons computer science with distinction

Avinash Singh, University of Pretoria

Avinash Singh, emerging researcher, holds distinctions in BSc Hons and MSc in Computer Science from the University of Pretoria. Currently a lecturer, pursuing a PhD and heading the Intelligent Cyber Forensic Lab (ICFL) at the University of Pretoria. With publications in international conferences and journals.