How blockchain can improve digital evidence collection and collaboration
There is a global need to address unique challenges posed by the growing mountain of digital evidence that now forms the bulk of many criminal and civil cases. Evidence management professionals and forensic investigators have adapted the rigorous evidence management processes born in the world of atoms (physical evidence) to the world of ever-increasing chunks (digital evidence).
Digital evidence management systems (DEMS) provide law enforcement agencies with the electronic collection, identification and validation of digital information for the purpose of reconstructing events from the past.
The current state of digital evidence management
An audit of the current state of DEMS software shows how far the extraction and collection stage of the evidence lifecycle has come – we can now extract millions of data points from devices using advanced algorithms. However, the other end of the evidence lifecycle process – handling, storing and sharing mined digital assets – is limited and often delegated to the classic spreadsheet approach to storing information.
The federal government has been aware of the need to step up efforts in this arena at least since 2015, when the Rand Corp. published an article outlining the US criminal justice system’s shortcomings in obtaining and using digital evidence.
An organization that relies on spreadsheets instead of modern software is vulnerable to security and efficiency issues, especially given the strict non-repudiation and security features available on DEMS platforms.
Solution for digital non-repudiation
Most important to digital evidence management systems is non-repudiation – cryptographic proof that an action regarding data either occurred or did not occur. Examples include who accessed information and when, and who may have changed data and how.
Spreadsheet does not provide this functionality. Law enforcement agencies may be able to cryptographically seal documents and store the “hashes” in a simple spreadsheet, but this is certainly not a scalable or sensible approach for modern digital evidence management. To authenticate digital evidence today, prosecutors and court administrators rely on third-party notary organizations to validate these digital assets.
But what if an emerging technology—one tailored for secure sharing and non-repudiation—could digitally secure and validate digital evidence? It will also provide trust, transparency and impartiality within the chain of custody through the forensic workflow. In addition, it will avoid a third-party notary, and speed up the proceedings while reducing administrative costs.
A way forward: Blockchain databases for secure storage, management and sharing
Blockchain technology has the potential to secure digital evidence from ingestion, through review and to the creation of reports. Unlike a centralized database, decentralized networks using blockchain technology offer an immutable chain of custody with non-repudiation as an inherent component of the system. It guarantees data integrity, prevents fraud and provides a transparent, auditable system for recording digital assets related to investigations.
Blockchain creates cryptographic hashes that can verify the authenticity of any exported evidence report and prove the chain of custody of digital evidence throughout its lifecycle. Law enforcement agencies that adopt blockchain technology as their DEMS data store can also securely share evidence while ensuring it is not tampered with or accessed by unauthorized parties. This can ensure a fair legal process and combat digital evidence manipulation by malicious actors.
Bullish on blockchain
Advocates of digital evidence management systems based on blockchain technology have gained momentum in recent years. Vermont, Arizona and Ohio have already introduced laws that accept blockchain records secured by electronic signatures in a court of law.
In 2021, researchers published an article in the peer-reviewed journal “Future Generation Computer Systems” outlining “a blockchain-based legal evidence management system for digital forensics” called LEChain. The researchers discussed proposals to use cloud computing and blockchain technology to create evidence that is transparent, cannot be falsified, and can be audited and verified.
Another group of researchers published an article last year in the peer-reviewed journal “Sensors” that highlights the weaknesses of a centralized digital evidence management system. The authors pointed out: “If a centralized system server is attacked, major operations and investigative information can be leaked.”
The authors argued that a distributed system using blockchain technology is the best way to avoid that possibility. These researchers recognized that performance degradation can exist when large chunks of data, such as videos, are stored on a blockchain. They proposed a two-tier blockchain system with “hot” and “cold” blockchains. Hot blockchains will be used for parts of criminal investigations that change frequently during evidence gathering. Cold blockchains will be used for evidence that does not change, such as stored videos.
The second half
That sophisticated blockchain-based DEMS remains largely within academia shows how far this technology has to go before widespread use.
Nevertheless, the companies and organizations working to develop and implement blockchain solutions to obstacles to digital evidence management will ultimately be the ones to prosper. Part of the reason is that blockchain technology is the only type that covers all the bases of information security: availability, integrity, authentication, confidentiality and non-repudiation.
The availability of a purpose-built, cryptographically provable database adds a key piece of enabling technology to the arsenal of professionals building and deploying DEMS worldwide.
Buck Flannigan is vice president and Kevin Doubleday is ccommunications director at Fluree PBC.
