Araştırma Makalesi
BibTex RIS Kaynak Göster

A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness

Yıl 2025, Cilt: 29 Sayı: 1, 228 - 242, 25.04.2025

Mehmet Meral , Hasan Hüseyin Sayan

https://doi.org/10.19113/sdufenbed.1604169

Öz

Effective incident response mechanisms are crucial for maintaining system continuity during security incidents. Equally important is the secure preservation of forensic evidence and chain of custody records for potential legal proceedings. However, traditional methods of incident response and evidence handling can be vulnerable to tampering as they rely on the assumption of a pre-existing level of trust among the involved parties. In this study, we propose a blockchain-based model, DFIRChain, to record all operations within digital forensics and incident response (DFIR) processes on a private permissioned Hyperledger Fabric blockchain, from alert management to case management. By integrating our blockchain-based model into DFIR processes, we aim to ensure the integrity and authenticity of evidence, enhance legal compliance, and contribute to organizations' digital forensic readiness.

Anahtar Kelimeler

Digital forensics Incident response Digital forensics readiness Blockchain technologies

Kaynakça

  • [1] Sachowski, J. 2019. Implementing Digital Forensic Readiness. 2nd Edition. CRC Press, New York, 503p.
  • [2] Communications‐Electronics Security Group. Digital Continuity to Support Forensic Readiness; The National Archives, Richmond, UK, 2011.
  • [3] International Standards Organization and International Electrotechnical Commission, ISO/IEC 27043 – Information Technology – Security Techniques – Digital Evidence Investigation Principles and Processes. 2012. Geneva, Switzerland.
  • [4] Valjarevic, A., Venter, H. 2013. A Harmonized Process Model for Digital Forensic Investigation Readiness. IFIP Advances in Information and Communication Technology, vol 410. Springer. Berlin, Heidelberg.
  • [5] Jaquet-Chiffelle, D., Casey, E. 2020. Bourquenoud, J., Tamperproof Timestamped Provenance Ledger Using Blockchain Technology, FSI Digital Investigation. 33.
  • [6] Burri, X., Casey, E., Bollé, T., Jaquet-Chiffelle, D. 2020. Chronological independently verifiable electronic chain of custody ledger using blockchain technology, FSI Digit. Investig. 32.
  • [7] Lone, A. H., & Mir, R. N. 2018. Forensic-chain: Ethereum blockchain based digital forensics chain of custody. Sci. Pract. Cyber Secur. J, 1, 21–27.
  • [8] Lone, A. H., Mir, R. N. 2019. Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer. Digital investigation. 44–55.
  • [9] Li, S., Qin, T., Min, G. 2019. Blockchain-based digital forensics investigation framework in the internet of things and social systems. IEEE Trans. Comput. Soc. Syst. 1433–1441.
  • [10] Kim,D., Ihm,S.Y., Son,Y. 2021. Two-Level Blockchain System for Digital Crime Evidence Management.
  • [11] Li, M., Lal, C., Conti, M., Hu, D. 2021. LEChain: A blockchain-based lawful evidence management scheme for digital forensics. Future Gener. Comput. Syst. 406–420.
  • [12] Alqahtani, S.S., Syed, T.A. 2024. ForensicTransMonitor: A Comprehensive Blockchain Approach to Reinvent Digital Forensics and Evidence Management. Information. 109.
  • [13] Özdemir, A. 2021. Cyber threat intelligence sharing technologies and threat sharing model using blockchain. M.S. - Master of Science. Middle East Technical University.
  • [14] Schneier, B., Kelsey., J. 1999. Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2. 159–176.
  • [15] LogSentinel. 2018. Merkle trees and I.T. clouds, https://github.com/LogSentinel/merkle-trees-documentation/releases/download/v0.1/MerkleTrees.pdf (Access Date: 12.11.2024).
  • [16] Moreno J., Serrano M.A., Fernandez E.B., Fernández-Medina E. 2020. Improving Incident Response in Big Data Ecosystems by Using Blockchain Technology. Applied Sciences.
  • [17] NIST SP 800-61. 2004. Computer security incident handling guide. http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf (Access Date: 13.11.2024)
  • [18] CMU/SEI-TR-015. 2004. Defining incident management processes for CSIRTs. https://insights.sei.cmu.edu/documents/1606/2003_002_001_14102.pdf (Access Date: 13.11.2024).
  • [19] ITU-T X.1056. 2009. Security incident management guidelines for telecommunications organizations. https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ICTS-2022-PDF-E.pdf (Access Date: 14.11.2024).
  • [20] Palmer, G. 2001. “A Road Map to Digital Forencis Research”. Report From the First Digital Forensic Research Workshop (DFRWS)
  • [21] DOJ. 2008. Digital Forensics Analysis Methodology. https://www.justice.gov/sites/default/files/usao/legacy/2008/02/04/usab5601.pdf (Accessed Date: 12.03.2025)
  • [22] INTERPOL. 2019. Global Guidelines for Digital Forensics Laboratories. https://www.interpol.int/content/download/13501/file/INTERPOL_DFL_GlobalGuidelinesDigitalForensics (Accessed Date: 12.03.2025)
  • [23] Gupta, M. 2017. Blockchain For Dummies. 3rd IBM Limited Edition. John Wiley & Sons Inc. 51p.
  • [24] Wüst, K., Gervais, A. 2018. “Do you need a blockchain?”. 2018 Crypto Valley, Conference on Blockchain Technology (CVCBT). 45–54. IEEE.
  • [25] Baset, S. A., et al. 2018. Hands-On Blockchain with Hyperledger: Building Decentralized Applications with Hyperledger Fabric and Composer. Packt Publishing, Limited.
  • [26] R3. 2024. Corda 5.2: Key Concepts. https://docs.r3.com/en/platform/corda/5.2 /key- concepts.html (Accessed Date: 10.03.2025).
  • [27] GoQuorum. 2025. GoQuorum Documentation. https://goquorum.readthedocs.io/ (Accessed Date: 10.03.2025).
  • [28] IOTA. 2025. IOTA Architecture: Consensus. https://docs.iota.org/about-iota/iota-architecture/consensus (Accessed Date: 10.03.2025).
  • [29] Gürfidan, R., Tatlı, M. 2023. Performance Comparison of Secure Storage Methods for Digital Forensic Evidence. Uluslararası Sürdürülebilir Mühendislik ve Teknoloji Dergisi. 7(2). 131-138.
  • [30] Ami-Narh, J. T., & Williams, P. A. H. 2008. Digital forensics and the legal system: A dilemma of our times. Paper presented at the 6th Australian Digital Forensics Conference 10.4225/75/57b268ce40cb6
  • [31] Equifax Data Breach. https://archive.epic.org/privacy/data-breach/equifax/. (Accessed Date: 25.03.2025)

Adli Bilişime Hazır Bulunmayı Artırmak için Blok Zincir Tabanlı Bir Model Önerisi

Yıl 2025, Cilt: 29 Sayı: 1, 228 - 242, 25.04.2025

Mehmet Meral , Hasan Hüseyin Sayan

https://doi.org/10.19113/sdufenbed.1604169

Öz

Etkili olay müdahale mekanizmaları, güvenlik olayları sırasında sistem sürekliliğini korumak için çok önemlidir. Aynı derecede önemli olan, olası yasal işlemler için delillerin ve koruma zinciri kayıtlarının güvenli bir şekilde saklanmasıdır. Bununla birlikte, olay müdahale ve delillerin yönetilmesine ilişkin geleneksel yöntemler, ilgili taraflar arasında önceden var olan bir güven düzeyinin varsayımına dayandığından, tahrifata karşı savunmasız olabilir. Bu çalışmada, alarm yönetiminden vaka yönetimine kadar adli bilişim ve olay müdahale (DFIR) süreçlerindeki tüm işlemleri, özel izinli Hyperledger Fabric blok zincirinde saklamak için blok zinciri tabanlı bir model olan DFIRChain'i öneriyoruz. Blok zincir tabanlı modelimizi DFIR süreçlerine entegre ederek delillerin bütünlüğünü ve orijinalliğini sağlamayı, yasal uyumluluğu geliştirmeyi ve kuruluşların adli bilişim incelemelerine hazır bulunmalarına katkı sağlamayı amaçlıyoruz.

Anahtar Kelimeler

Adli bilişim Olay müdahalesi Adli bilişime hazır olma Blok zincir teknolojileri

Kaynakça

  • [1] Sachowski, J. 2019. Implementing Digital Forensic Readiness. 2nd Edition. CRC Press, New York, 503p.
  • [2] Communications‐Electronics Security Group. Digital Continuity to Support Forensic Readiness; The National Archives, Richmond, UK, 2011.
  • [3] International Standards Organization and International Electrotechnical Commission, ISO/IEC 27043 – Information Technology – Security Techniques – Digital Evidence Investigation Principles and Processes. 2012. Geneva, Switzerland.
  • [4] Valjarevic, A., Venter, H. 2013. A Harmonized Process Model for Digital Forensic Investigation Readiness. IFIP Advances in Information and Communication Technology, vol 410. Springer. Berlin, Heidelberg.
  • [5] Jaquet-Chiffelle, D., Casey, E. 2020. Bourquenoud, J., Tamperproof Timestamped Provenance Ledger Using Blockchain Technology, FSI Digital Investigation. 33.
  • [6] Burri, X., Casey, E., Bollé, T., Jaquet-Chiffelle, D. 2020. Chronological independently verifiable electronic chain of custody ledger using blockchain technology, FSI Digit. Investig. 32.
  • [7] Lone, A. H., & Mir, R. N. 2018. Forensic-chain: Ethereum blockchain based digital forensics chain of custody. Sci. Pract. Cyber Secur. J, 1, 21–27.
  • [8] Lone, A. H., Mir, R. N. 2019. Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer. Digital investigation. 44–55.
  • [9] Li, S., Qin, T., Min, G. 2019. Blockchain-based digital forensics investigation framework in the internet of things and social systems. IEEE Trans. Comput. Soc. Syst. 1433–1441.
  • [10] Kim,D., Ihm,S.Y., Son,Y. 2021. Two-Level Blockchain System for Digital Crime Evidence Management.
  • [11] Li, M., Lal, C., Conti, M., Hu, D. 2021. LEChain: A blockchain-based lawful evidence management scheme for digital forensics. Future Gener. Comput. Syst. 406–420.
  • [12] Alqahtani, S.S., Syed, T.A. 2024. ForensicTransMonitor: A Comprehensive Blockchain Approach to Reinvent Digital Forensics and Evidence Management. Information. 109.
  • [13] Özdemir, A. 2021. Cyber threat intelligence sharing technologies and threat sharing model using blockchain. M.S. - Master of Science. Middle East Technical University.
  • [14] Schneier, B., Kelsey., J. 1999. Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2. 159–176.
  • [15] LogSentinel. 2018. Merkle trees and I.T. clouds, https://github.com/LogSentinel/merkle-trees-documentation/releases/download/v0.1/MerkleTrees.pdf (Access Date: 12.11.2024).
  • [16] Moreno J., Serrano M.A., Fernandez E.B., Fernández-Medina E. 2020. Improving Incident Response in Big Data Ecosystems by Using Blockchain Technology. Applied Sciences.
  • [17] NIST SP 800-61. 2004. Computer security incident handling guide. http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf (Access Date: 13.11.2024)
  • [18] CMU/SEI-TR-015. 2004. Defining incident management processes for CSIRTs. https://insights.sei.cmu.edu/documents/1606/2003_002_001_14102.pdf (Access Date: 13.11.2024).
  • [19] ITU-T X.1056. 2009. Security incident management guidelines for telecommunications organizations. https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ICTS-2022-PDF-E.pdf (Access Date: 14.11.2024).
  • [20] Palmer, G. 2001. “A Road Map to Digital Forencis Research”. Report From the First Digital Forensic Research Workshop (DFRWS)
  • [21] DOJ. 2008. Digital Forensics Analysis Methodology. https://www.justice.gov/sites/default/files/usao/legacy/2008/02/04/usab5601.pdf (Accessed Date: 12.03.2025)
  • [22] INTERPOL. 2019. Global Guidelines for Digital Forensics Laboratories. https://www.interpol.int/content/download/13501/file/INTERPOL_DFL_GlobalGuidelinesDigitalForensics (Accessed Date: 12.03.2025)
  • [23] Gupta, M. 2017. Blockchain For Dummies. 3rd IBM Limited Edition. John Wiley & Sons Inc. 51p.
  • [24] Wüst, K., Gervais, A. 2018. “Do you need a blockchain?”. 2018 Crypto Valley, Conference on Blockchain Technology (CVCBT). 45–54. IEEE.
  • [25] Baset, S. A., et al. 2018. Hands-On Blockchain with Hyperledger: Building Decentralized Applications with Hyperledger Fabric and Composer. Packt Publishing, Limited.
  • [26] R3. 2024. Corda 5.2: Key Concepts. https://docs.r3.com/en/platform/corda/5.2 /key- concepts.html (Accessed Date: 10.03.2025).
  • [27] GoQuorum. 2025. GoQuorum Documentation. https://goquorum.readthedocs.io/ (Accessed Date: 10.03.2025).
  • [28] IOTA. 2025. IOTA Architecture: Consensus. https://docs.iota.org/about-iota/iota-architecture/consensus (Accessed Date: 10.03.2025).
  • [29] Gürfidan, R., Tatlı, M. 2023. Performance Comparison of Secure Storage Methods for Digital Forensic Evidence. Uluslararası Sürdürülebilir Mühendislik ve Teknoloji Dergisi. 7(2). 131-138.
  • [30] Ami-Narh, J. T., & Williams, P. A. H. 2008. Digital forensics and the legal system: A dilemma of our times. Paper presented at the 6th Australian Digital Forensics Conference 10.4225/75/57b268ce40cb6
  • [31] Equifax Data Breach. https://archive.epic.org/privacy/data-breach/equifax/. (Accessed Date: 25.03.2025)
Toplam 31 adet kaynakça vardır.

Ayrıntılar

Birincil Dil İngilizce
Konular Elektronik, Ağ Mühendisliği, Teknoloji Yönetimi ve İş Modelleri
Bölüm Makaleler
Yazarlar

Mehmet Meral 0009-0003-2240-1884

Hasan Hüseyin Sayan 0000-0002-0692-172X

Yayımlanma Tarihi 25 Nisan 2025
Gönderilme Tarihi 20 Aralık 2024
Kabul Tarihi 26 Mart 2025
Yayımlandığı Sayı Yıl 2025 Cilt: 29 Sayı: 1

Kaynak Göster

APA Meral, M., & Sayan, H. H. (2025). A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi, 29(1), 228-242. https://doi.org/10.19113/sdufenbed.1604169
AMA Meral M, Sayan HH. A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness. Süleyman Demirel Üniv. Fen Bilim. Enst. Derg. Nisan 2025;29(1):228-242. doi:10.19113/sdufenbed.1604169
Chicago Meral, Mehmet, ve Hasan Hüseyin Sayan. “A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness”. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi 29, sy. 1 (Nisan 2025): 228-42. https://doi.org/10.19113/sdufenbed.1604169.
EndNote Meral M, Sayan HH (01 Nisan 2025) A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi 29 1 228–242.
IEEE M. Meral ve H. H. Sayan, “A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness”, Süleyman Demirel Üniv. Fen Bilim. Enst. Derg., c. 29, sy. 1, ss. 228–242, 2025, doi: 10.19113/sdufenbed.1604169.
ISNAD Meral, Mehmet - Sayan, Hasan Hüseyin. “A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness”. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi 29/1 (Nisan 2025), 228-242. https://doi.org/10.19113/sdufenbed.1604169.
JAMA Meral M, Sayan HH. A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness. Süleyman Demirel Üniv. Fen Bilim. Enst. Derg. 2025;29:228–242.
MLA Meral, Mehmet ve Hasan Hüseyin Sayan. “A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness”. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi, c. 29, sy. 1, 2025, ss. 228-42, doi:10.19113/sdufenbed.1604169.
Vancouver Meral M, Sayan HH. A Blockchain-Based Model Proposal to Enhance Digital Forensics Readiness. Süleyman Demirel Üniv. Fen Bilim. Enst. Derg. 2025;29(1):228-42.
 Kapak Resmi İndir

e-ISSN :1308-6529
Linking ISSN (ISSN-L): 1300-7688

Dergide yayımlanan tüm makalelere ücretiz olarak erişilebilinir ve Creative Commons CC BY-NC Atıf-GayriTicari lisansı ile açık erişime sunulur. Tüm yazarlar ve diğer dergi kullanıcıları bu durumu kabul etmiş sayılırlar. CC BY-NC lisansı hakkında detaylı bilgiye erişmek için tıklayınız.