Blockchain-powered Forensics Chain of Custody

What we know.

Chain of custody (CoC) refers to the process of documenting and maintaining the chronological history of handling digital evidence during the e-Discovery. Evidence management poses unique challenges because of the digital evidence's nature and features as latency, volatility, modifiability, and mobility (ability to cross jurisdictions easily). Chain of custody aims to prove at all levels alleged evidence's auditable integrity and relevancy to the alleged Production instead of being falsely planted.

Hence, special care and procedure compliance required to protect CoC from being altered or destroyed unauthorized.

Nobody likes surprises.

Evidence CoC tracks if the way in evidence collected, processed, and preserved for production is comply with strict legal procedures. Usually, digital evidence CoC managed manually by unsubs involved in the chain who are employees of Authorized Entity (Police officers in Police Departments). Such manual paperwork should proceed in adherence with standards of filling in documents (let's call it evidence meta-data) coming with the evidence, which nests another one weak spot in the evidence life-cycle.

So, digital evidence susceptible to compromise when evidence maintained improperly during CoC life-cycle. In worst cases, CoC inconsistency leads to the inadmissibility of digital evidence in the legal court to prove facts related to cybercrime.

The Solution.

By design, blockchain networks guarantee transparency, authenticity, security, and audit-ability. All these features make it the best-fit for maintaining and tracing the Chain of Custody automation.

There are a lot of appropriate opensource blockchain solutions available on Github, f.e. Ethereum, Stellar, Hyperledger, etc. The integration with Hyperledger offers minimal changes in existing eDiscovery infrastructure as we evaluated it as most lightweight from the existing opensource blockchain networks.

Setting up Hyperledger as 'Private and Permissioned' blockchain allows quick CoC process transformation providing evidence's meta-data privacy & isolation via Hyperledger data-channels. In such a case, the information replicates across all ledgers through data-channel in an encrypted way but accessible only by the Authorized Entity which owns the data-exchange channel, and the legal court.

As a result of the proposed transformation, the Authorised Entity extends existing evidence CoC solution, not replaces it, providing an immutable copy of the existing event-log transferred from the digital forensics platform that Authorised Entity is using. Distributed ledger would be hosted on Authorised Entity's facilities – either inside isolated cloud account, private cloud, or own on-premise infrastructure. Ledger would store the only subset of CoC events to be cost-effective so must keep an only critical set of CoC events and evidence meta-data.

As a Sec/DevOps engineers, we offer to empower existing eDiscovery solutions with a blockchain-based add-on to bring advantages of integrity and tamper resistance to the evidence chain of custody according to a Roadmap

  • Identify a list of general CoC events to be stored in the blockchain.
  • Build a standardized schema for storing CoC events and meta-data
  • Setup an isolated blockchain node for the Authorised Entity and legal court
  • Setup access rules and private channels to isolate data between ledger participants
  • Implement Blockchain explorer to view and query data on-ledger
  • Integrate blockchain part with existing CoC-solution using REST

Represented Roadmap could be deployed by the SoftEthica DevOps team during the 3-months timeframe enabling a unique market offering for your Authorised Entity.