【Author】
Ali, Mohamed; Ismail, Ahmed; Elgohary, Hany; Darwish, Saad; Mesbah, Saleh
【Abstract】Digital evidence is critical in cybercrime investigations because it is used to connect individuals to illegal activity. Digital evidence is complicated, diffuse, volatile, and easily altered, and as such, it must be protected. The Chain of Custody (CoC) is a critical component of the digital evidence procedure. The aim of the CoC is to demonstrate that the evidence has not been tampered with at any point throughout the investigation. Because the uncertainty associated with digital evidence is not being assessed at the moment, it is impossible to determine the trustworthiness of CoC. As scientists, forensic examiners have a responsibility to reverse this tendency and officially confront the uncertainty inherent in any evidence upon which they base their judgments. To address these issues, this article proposes a new paradigm for ensuring the integrity of digital evidence (CoC documents). The new paradigm employs fuzzy hash within blockchain data structure to handle uncertainty introduced by error-prone tools when dealing with CoC documents. Traditional hashing techniques are designed to be sensitive to small input modifications and can only determine if the inputs are exactly the same or not. By comparing the similarity of two images, fuzzy hash functions can determine how different they are. With the symmetry idea at its core, the suggested framework effectively deals with random parameter probabilities, as shown in the development of the fuzzy hash segmentation function. We provide a case study for image forensics to illustrate the usefulness of this framework in introducing forensic preparedness to computer systems and enabling a more effective digital investigation procedure.
【Keywords】blockchain; chain of custody; digital evidence; digital forensics; fuzzy hash; image forensic
【标题】数字图像取证中的监管链追踪程序:基于灰度哈希和区块链的范式
【摘要】数字证据在网络犯罪调查中至关重要,因为它被用来将个人与非法活动联系起来。数字证据是复杂的、分散的、不稳定的,而且很容易被改变,因此,它必须受到保护。监管链(CoC)是数字证据程序的一个重要组成部分。监管链的目的是证明证据在整个调查过程中的任何时候都没有被篡改过。由于目前没有评估与数字证据相关的不确定性,因此不可能确定CoC的可信度。作为科学家,法医检查员有责任扭转这种趋势,正式面对他们赖以判断的任何证据中固有的不确定性。为了解决这些问题,本文提出了一个新的范式来确保数字证据(CoC文件)的完整性。新范式在区块链数据结构中采用了模糊散列,以处理在处理CoC文件时由易错工具引入的不确定性。传统的散列技术被设计为对小的输入修改敏感,只能确定输入是否完全相同。通过比较两个图像的相似性,模糊散列函数可以确定它们的不同程度。以对称性思想为核心,建议的框架可以有效地处理随机参数概率,这一点在模糊哈希分割函数的发展中得到了体现。我们提供了一个图像取证的案例研究,以说明这个框架在将取证准备引入计算机系统和实现更有效的数字调查程序方面的作用。
【关键词】区块链;监管链;数字证据;数字取证;模糊哈希;图像取证
评论