ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability

from arxiv, This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible

Maintaining accurate provenance records is paramount in digital forensics, as they underpin evidence credibility and integrity, addressing essential aspects like accountability and reproducibility. Blockchains have several properties that can address these requirements. Previous systems utilized public blockchains, i.e., treated blockchain as a black box, and benefiting from the immutability property. However, the blockchain was accessible to everyone, giving rise to security concerns and moreover, efficient extraction of provenance faces challenges due to the enormous scale and complexity of digital data. This necessitates a tailored blockchain design for digital forensics. Our solution, Forensiblock has a novel design that automates investigation steps, ensures secure data access, traces data origins, preserves records, and expedites provenance extraction. Forensiblock incorporates Role-Based Access Control with Staged Authorization (RBAC-SA) and a distributed Merkle root for case tracking. These features support authorized resource access with an efficient retrieval of provenance records. Particularly, comparing two methods for extracting provenance records off chain storage retrieval with Merkle root verification and a brute-force search the offchain method is significantly better, especially as the blockchain size and number of cases increase. We also found that our distributed Merkle root creation slightly increases smart contract processing time but significantly improves history access. Overall, we show that Forensiblock offers secure, efficient, and reliable handling of digital forensic data

翻译：在数字取证中，维护准确的溯源记录至关重要，因为这是证据可信度与完整性的基础，并涉及问责性与可重复性等关键方面。区块链具有多项可满足这些要求的特性。先前系统采用公共区块链，即将区块链视为黑盒，并利用其不可篡改性。然而，公共区块链的开放访问特性引发了安全担忧，且海量复杂数字数据的高效溯源提取面临挑战。这要求为数字取证设计定制化的区块链架构。我们的解决方案ForensiBlock采用创新设计，可自动化调查步骤、确保数据安全访问、追踪数据来源、保存记录并加速溯源提取。ForensiBlock集成了基于角色的访问控制与分阶段授权机制（RBAC-SA）以及用于案件追踪的分布式Merkle根。这些特性支持授权资源访问并高效检索溯源记录。特别地，通过比较两种溯源记录提取方法——基于Merkle根验证的链下存储检索与暴力搜索——发现链下方法显著更优，尤其当区块链规模与案件数量增长时。我们还发现，分布式Merkle根创建虽轻微增加智能合约处理时间，但显著改善了历史记录访问效率。总体而言，我们证明ForensiBlock能够安全、高效且可靠地处理数字取证数据。