DEVELOPMENT OF FORENSIC EVIDENCE SECURITY SYSTEM USING

BLOCKCHAIN TECHNOLOG

Akinseye Oluwaseyitan Charles*

Department of Mathematical and Physical Sciences
Afe Babalola University
Ado Ekiti, Nigeria
akinseyeoc@pg.abuad.edu.ng

Dr. Abiodun Oguntimilehin

Department of Mathematical and Physical Sciences
Afe Babalola University
Ado Ekiti, Nigeria
abiodunoguns@abuad.edu.ng

Dr Oniyide Alabi Bello

Department of Mathematical and Physical Sciences
Afe Babalola University
Ado Ekiti, Nigeria
bellooa@abuad.edu.ng

Abstract— Digital evidence plays an important role in cybercrime investigations as it is used

to link people to their criminal activities. It is therefore of paramount importance to ensure the
integrity, authenticity, and verifiability of digital evidence as it moves through different
hierarchical levels in the evidence chain during criminal investigations. The system developed
in this work, called Digital Threat Investigator, is based on Hyperledger Fabric, which
supports an authorized network in which all participants must be authorized. Through the
blockchain channel, the forensic data management system achieves the isolation of various
services on the blockchain network according to the needs of users. A public key is used to
generate credentials tied to specific organizations. Permission settings for participants,
channels, and access control help to effectively address privacy and confidentiality concerns.
The results of the system tests showed that the latency steadily decreased as the number of
nodes in the blockchain decreased. The performance results also showed that there was an
increase from 150 ms to 353 ms as the number of nodes increased from 1 to 8. This system
proved to be a viable tool that could aid in digital forensic investigation and ensure the safe
handling of forensic evidence.
Keywords—Digital, blockchain, Hyperledger, cyber-crime forensic hierarchy

I. INTRODUCTION
Our society is becoming increasingly digitized. This can be seen in the number of
smartphones and computers coming onto the market. It is evident that this has led to easier
business transactions, higher productivity, profitable management, and easier access to
information [3]. However, these technologies have their drawbacks, digital crime has
increased and nations have grappled with these challenges. It may not be possible to
completely stop digital crimes; however, significant and useful improvements in digital crime
prosecution, processing, and storage of digital crime evidence have been implemented,
improving the crime investigation process [4]. A blockchain is a growing list of records. It
began with the invention of Bitcoin in 2008 and has since evolved, increasingly impacting all
sectors and industries [29]. It is a technology used to record details on a blockchain [28]. The
first block in a blockchain is called the genesis block and only contains the hash value of
subsequent blocks. The decentralized nature of the blockchain allows for the retrieval of
manipulated data [24]. This permits for data to be adequately verified ensuring its correctness
and purity [6]. Although the system can be amazingly complex, it can preserve digital
evidence and make it increasingly accessible to investigators [10].
Blockchain technology consists of a sequence of blocks that contain the ledger transaction.
However, there is nothing to prevent it from being used in this way in the future, as consensus
would need to be reached to add these systems to Bitcoin [18]. It records the transaction in a
ledger called a blockchain [25]. It is a distributed ledger that records transactions in which
values are stored and where multiple copies of ledgers exist and are distributed among
multiple participants in the criminal investigation process [27].
The ledger is distributed across multiple nodes over a network that is used to log each new
item of data that is added to the ledger. Every time new data is added or changed in the
system, the nodes have to agree on whether or not to add it to the blockchain. However, the
platform is beginning to expand its use beyond the financial sector [5].
Digital evidence plays a very important role in solving crimes, as it allows people to be
linked to their criminal activities, so there must be a guarantee of their integrity and
authenticity when moving from one hierarchy level to another [17]. If there are indications of
a change in evidence, it may not be valuable when brought to court [22,23]. The detection of
criminal activities is essential in the digital forensic investigation process [13]. Chain of
Custody refers to the documentation of the forensic registration process. It contains all the
important steps that the investigator takes to solve the crime [9]. This chain of custody aids
the investigation by allowing the investigator to show where the crime was committed, who
did it, and what type of equipment or tool was used to commit the crime. The evidence
collected is then uploaded to a blockchain to make it tamper-proof and preserve its purity
when presented in court [23]. The investigator examines the forensic copy to determine what
information or data can be gleaned from it. Subsequently, all the information received is
forwarded to the police along with the evidence [1]. However, the challenge with this system
is that digital security and evidence integrity can be compromised. It is possible for evidence
to be altered by an individual once the device is in police custody, or for someone to break
into the computer system used by the investigator to alter certain parts of the evidence [32].
This leaves the current system open to attack and unsafe for proper forensic investigation.
Faced with this challenge, blockchain technology has emerged as a possible solution [19].

II. RELATED WORKS

The earliest work on what resembled a blockchain was carried out by Stuart Haber and W.
Scott Stonetta in 1991 [33]. They presented a white paper that talked about the technology as
a way of verifying time stamps on documents and the study concluded that “time-stamping
could be extended to enhance the authenticity of documents for which the time of creating
itself is not the critical issue”. They improved on the system later in 1992 with the addition of
Merkle Trees which made it more efficient by following several documents to be collected in
one block. Sixteen years later, the modern Blockchain was invented by an unknown
individual going under the Pseudonym Satoshi Nakamoto in 2008. The goal of the Blockchain
according to Nakamoto was to host a public transaction ledger on the Blockchain for the
cryptocurrency Bitcoin [34]. The goal of the entire project was to create a decentralized
digital currency that could be used to solve the double spending problem.
In building an effective digital crime investigation system, it is important that the actors
develop trust from the process and for themselves. This is important as a lack of trust could
result in the evidence being tampered and subsequently make irrelevant in the investigative
process. To achieve this, [30] proposed a provenance process model for digital investigation
using Blockchain in a cloud environment. Their main thrust was to enhance the interaction
trust between stakeholders in the digital forensics’ investigation and handling process, thus
enhancing the credibility of the process. [8] stated that digital forensics is made up of four
processes which include identification, collection, organization and presentation. [36]
similarly enumerated the stages of digital forensics as identification, preservation, analysis
and presentation. Digital forensics involves the application of scientific processes in
identifying, collecting, organizing and presenting evidence [11]. This stage has two main
steps including evidence of examination and evidence analysis. During the evidence
examination, the investigator performs a thorough inspection of the data being used as
evidence. This inspection also involves the use of different forensic tools. These tools are
used for extracting and filtering the data that is of interest to the investigator and relevant to
the investigation process [35]. The analysis phase involves reconstructing events by analyzing
the data collected. The rationale behind the evidence analysis is to discover any evidential
material which will aid the technical as well as the legal perspective of the case.
Attacks on government platforms have been rampant since the invention of the internet.
Government databases store huge data about citizens and it is often a prey zone for hackers
who are looking to lynch on the information to use it for criminal purposes such as financial
fraud. [2] found a solution to this in his proposed system using blockchain. He proposed a
system based on blockchain applying the Ethereum framework. The results of his work
proved that Blockchain was promising in putting a check to financially related fraud in e-
governance, online product reviews and other online transactions ensuring integrity, trust,
immutability and authenticity. [15] also proposed a system based on the digital forensic
Blockchain platform Ethereum. It was observed that the Ethereum based system provided
integrity transparency and authenticity for data collected from multiple sources. Present
systems allow for loss in transit of evidence but what is needed is a system where the users
can readily acquire information and be certain of the information’s correctness when needed
[16]. Chain of Custody (CoC) is the consecutive documentation of the order of custody,
control, transfer, and analysis of physical, electronic, or digital evidence [21].
Detection of criminal activity is pivotal in the digital forensic investigation process. [12]
proposed a forensic investigation framework based on Blockchain whose aim is the detection
of criminal incidents in the internet of things environment and colleting interactions from
different entities in the internet of things. The proposed system could well model the
interaction transactions, but the system turned out inefficient in data collection and data
analysis in large scale. Before today’s digital era, photos, videos and documents only existed
in physical forms. If any of such items were used as criminal evidence, they had to be stored
and locked away in a special evidence room with access allowed to only authorized persons
[20]. The Hyperledger fabric consists of a blockchain network, a client side, a certificate
authority server. In addition to this, peer membership information in the blockchain can be
registered on the certification authority servers. This system can be maintained by generating
and distributing public digital keys and private digital keys as well as other keys [5].
[26] developed a system applying the decentralized nature of Blockchain which they called
Internet of things forensic chain (IoTFC). In their work titled Blockchain based Digital
Forensic Investigation Framework in the Internet of Things and Social Systems, the proposed
system was observed to have good authenticity, immutability and traceability, resilience and
distributed trust between evidential entities as well as examiners. They observed from their
system that the IoTFC could increase trust of both evidence items and examiners by providing
transparency of the audit train. [7] conducted a research titled "blockchain for the internet of
things: a systematic literature review. This research was concerned with the use and
adaptability of blockchain specifically in relation to IoT and other peer to peer devices.
Interestingly, they highlighted that the blockchain could be used for data abuse detection
without the need of a central reporting mechanism. However, they did not look at the wide
impact of blockchain on cyber security in general. Bitcoin is a decentralized network allowing
users to transact directives, peer to peer without a middle to manage the exchange of funds. It
records transaction in a distribute ledger called blockchain [25]. The Bitcoin is a network that
runs on a protocol known as blockchain. The blockchain has since evolved into a separate
concept and thousands of blockchains have been created using similar cryptographic
techniques. Bitcoin's current goal is to be a store of value as well as payment system. There is
however nothing to say that it would not be used in such a way in the future, through
consensus would need to be reached to add these systems to Bitcoin [18] Corda is a
distributed ledger software that processes and records data to promote a decentralized network
environment [14]. Compared to any kind of permissioned blockchain network, the Corda
blockchain allows users to have multiple parties coexist within one network and the users will
be able to inter operate with the same network system [31]. Corda differs from the typical
blockchain because the entire virtual machine or entire ledger system depends on the users
reaching a consensus. Any transaction between two individuals or groups will only be visible
to them and no one else. However, users who will be participating in the consensus can also
see them as they need to verify it for the sake of ledger [32]

Fig. 1. Hyperledger Fabric Framework

 III. METHODOLOGY
Related existing works in the field of securing forensic evidences were reviewed. Data was
obtained from an online source from https://digitalcorpora.org. The developed system, named
Digital Threat Investigator is based on Hyperledger Fabric, which supports a permissioned
network where all participants must be authorized. Through the blockchain channel, the
forensic data management system achieves the isolation of different services in the blockchain
network according to the needs of users. Channels can also be privatized and contain only a
specific set of participants. Programming was done using WordPress, HTML, CSS, and PHP.
A public key is used to generate permissions that are tied to specific organizations. Setting
permission for participants, channels, and access control help to address privacy and
confidentiality concerns effectively. Moreover, the storage and sharing of data assets can be
achieved through the blockchain. The original forensic data is fragmented, stored in the cloud,
and linked via the blockchain, while the usage record of the original data is stored on the
blockchain. The two processes work together for traceability and scalability of data
access.The system’s development architecture is shown in fig. 2
Fig. 2. System’s Architecture
The system development process follows the architecture shown in fig. 1, the stages involved
are discussed below:
A. Hunting for Evidences
When searching for evidence, a forensic investigator tries to find evidence from all possible
sources, depending on the perpetrator and the crime committed [20].
Forensic evidence is captured from crime scenes using digital recording devices such as
phones, digital cameras, etc. Forensic investigators are usually lawfully invited to crime
scenes.
B. Capturing Evidence
When the forensic investigator sees evidence, he captures the evidence. The different phases
of the evidence gathering process are: Evidence Collection: Refers to the collection of
evidence at the crime scene. In this case, the investigator takes pictures and videos of the
crime scene or the evidence site. To accomplish this, the investigator used a camera to capture
images and/or video of the crime scene or crime scene. Evidence Preservation: This is about
labeling and storing the collected evidence in a well-protected environment. To accomplish
this, the researcher appropriately labels each of the files and stores them in a well-labeled
folder on a storage device.
C. System Development using Blockchain Technology
This digital evidence security system called Digital Threat Investigator (DTI) in this work was
developed using blockchain technology based on Hyperledger Framework installed in virtual
and cloud-based Steem system and connected with a http/php user end is connected.
D. Testing and Deployment
At this stage of the work, among other things, satisfaction, processing speed, confidentiality
and other security requirements are analyzed. A replica of the actual production environment
was set up using multiple distributed clients or loggers and the hyper book scale client number
option, deploying the system on a virtual and cloud-based system. Tests to be performed
include scalability, throughput and latency, and efficient storage capacity.
E. Encryption of digital evidence
A five line of encrypting code was applied using the built in basic encrypt( ) function
applying Node JS in the hyperledger fabric framework for the encryption process of the
Digtital Threat Investigator. This encrypt( ) function takes argument data with the predefined
encryption password via environment variables ( .env). An encryption key is created based on
the aes256 algorithm which will encrypt data with the encryption key and return the encrypted
data.
Function encrypt(data){const cipher = crypto.createCipher('aes256', password);
let encrypted = cipher.update(data, 'utf8', 'hex'); encrypted += cipher.final('hex');return
encrypted;
}
F. Decryption of digital evidence
The Decryption process for this work involved another five line of code using the hyperledger
fabric’s decrypt ( ) function which is made available by Node JS. The decrypt() function
decrypts the encrypted data. The decrypt() function again takes one argument— cipherData.
With the password, it creates a decryption key based on the aes256 algorithm and
decrypt cipherData with the decryption key and subsequently returns plain data.
Function decrypt(cipherData) { const decipher = crypto.createDecipher('aes256',
password);
let decrypted = decipher.update(cipherData, 'hex', 'utf8'); decrypted += decipher.final('utf8');

return decrypted.toString();}
G Sharing of encryption and decryption keys amongst users of the application
A public key is a cryptographic key that can be distributed to the public and does not require
secure storage. Messages encrypted by the public key can only be decrypted by the
corresponding private key. Private Keys are used by the recipient to decrypt a message that is
encrypted using a public key. Since the message is encrypted using a given public key, it can
only be decrypted by the matching private key.

Figure 3 showing authentication process of public and private keys

IV. RESULT AND DISCUSSION
A. Digital Threat Investigator: A Private Hyperledger Network
The system is a cloud-based blockchain system based on the Ubuntu 18.04 LTS virtual
operating system on a Steam Cloud system. The virtual hard disk is very large because the
system requires a lot of hard disk resources. The Digital Threat Researcher is built on top of
the Hyperledger Fabric, which supports an authorized network in which all participants must
be authorized. Through the blockchain channel, the forensic data management system
achieves the isolation of various services on the blockchain network according to user needs.
The machine is a cloud-primarily based totally blockchain machine constructed on a digital
Ubuntu 18.04 LTS working machine on a Steam Cloud machine. The digital threat
investigator is made to be very massive due to the machine requiring many difficult disk
resources. The Digital risk investigator is primarily based totally on Hyperledger Fabric,
which helps a permission community wherein all individuals ought to be authorized. Through
the blockchain channel, the forensic information control machine achieves the isolation of
various offerings within side the blockchain community consistent with the wishes of users.

Fig. 3. Image showing the Installation of the hyperledger tools

B. Developing the User Interface
As mentioned above, the user interface was developed using WordPress. This is due to the
ease of development of the interface offered by WordPress, as well as the possibility of
connecting the blockchain system to it.
Fig. 4. shows the dashboard for the digital threat investigator platform.
C. Design Interface
For digital forensic investigations, evidence review is performed by authenticated entities,
ensuring privacy requirements are met. Because of this, only forensic evidence metadata is
stored in Digital Threat Investigator, an approved distributed ledger built on Hyperledger
Fabric on Steem. This is an attempt to provide audit and integrity services for the evidence
collected. In order to enable involved entities to access digital evidence, information about the
chronological history of the handling of the evidence must be recorded
Authenticated entities, also known as participants, can take ownership of forensic evidence,
issue new transactions, and create blocks. Figure 5 shows the Digital Threat Investigation
Platform user interface.
Fig.5. User Interface for the Digital Threat Investigator
D. Testing of the System
The chain/block ledger is filled first. This determines how the system behaves when large
amounts of data are present in the system. The next step involved running a read and write
transaction, where each transaction reads and modifies the block randomly. The system has
been tried and tested to ensure forensic evidence. The results of the system tests showed that
latency steadily decreased as the number of nodes in the blockchain decreased. There was a
reduction in latency from 270ms to 73ms. The performance results also showed that there was
an increase from 150 ms to 353 ms when the number of nodes increased from 1 to 8.
Fig.6. Latency graph of the blockchain system plotted by delay against several nodes

Fig.7. Graph of Transaction Throughput

V. CONCLUSION
This study designed and developed a new Digital Forensic Investigation (DFI) model that
included a digital blockchain to protect the confidentiality, integrity, and authenticity of
digital evidence. The results obtained showed that the Digital Threat Investigator model was
able to fulfill the attributes of confidentiality, integrity and authenticity of the digital evidence
and the Digital Threat Investigator model.
 ACKNOWLEDGMENT
My appreciation goes to Almighty GOD whose love, infinite mercy, and grace made it
possible for me to complete this project work successfully. My sincere appreciation goes to
my Supervisor - Dr. A. Oguntimilehin who doubles as the Head of Computer Science
Programme for his advice, tolerance, prompt attention and encouragement which led to the
successful completion of this work and the author thank Afe Babalola University, Ado Ekiti,
Nigeria for supporting this research.
REFERENCES
[1] Adeshola K. (2019), “Process memory investigation of the bitcoin clients electrum and
bitcoin core,” IEEE Access, vol. 5, pp. 22 385–22 398.
[2] Al-Nemrat D. (2018) “Identity theft on e-government/e-governance and digital forensics,”
International Symposium on Programming and Systems (ISPS), Algiers, Algeria. pp. 1–1.
[3] Aptara M. (2017), “The future of digital supply chain: Challenges and the road ahead,”
IEEE Security Privacy, vol. 15, no. 6, pp. 12–17.
[4] Aste M., Zeadally S., Baig Z., and Woodward A. (2017), “Internet of things block chain:
The need, process models, and open issues,” IT Professional, vol. 20, no. 3, pp. 40–49.
[5] Cebe M., Erdin E., Akkaya K., Aksu H., and Uluagac S. (2018), "Block4Forensic:
AnIntegrated Lightweight Blockchain Framework for Forensics Applications of Connected
Vehicles," in IEEE Communications Magazine, Miami, Florida. vol. 56, no. 10, pp 50 –
57.
[6] Chen A. and Mir A. (2018), “Supply chain-chain: Ethereum blockchain-based digital
supplychain chain of custody,” Scientific & practical cyber security journal-ISSN 2587-4667.
[7] Cognoscenti E., Parizi R., Zhang Q., and Choo K. (2016) BlockIPFS - Blockchain-
Enabled Interplanetary File System for Supply chain and Trusted Data Traceability. In
Proceedings of the 2019 IEEE International Conference on Blockchain (Blockchain), Atlanta,
GA, USA, 14–17 pp. 18–25.
[8] Daniel, L., & Daniel, L. (2012). Digital forensics for legal professionals. Syngress Book
Co, 1, 287–293.
[9] Gopalan Q. (2019), “Distributed consensus algorithm for events detection in cyber-
physical systems,” IEEE Internet of Things Journal, pp. 1–1.
[10] Hamayoun C. (2018). “A Blockchain Based New Secure Multi-Layer Network Model
for Internet of Things”. In Proceedings of the 2017 IEEE International Congress on
Internet of Things (ICIOT), Honolulu, Hawaii, USA, 25–30; pp. 33–41.
[11] Hemdan, E. E., & Manjaiah, D. H. (2018). CFIM : Toward Building New Cloud
Forensics Investigation Model. 545–554.
[12] Hossain M., Karim L., and Hasan R. (2018), “FIF-IoT: A Forensic Investigation
Frameworkfor IoT Using a Public Digital Ledger,” in 2018 IEEE International Congress on
Internet of Things (ICIOT), pp. 33–40, Honolulu, Hawaii, USA.
[13] Hosseini G., Frankenstein G., Carley K and Carley L. (2019), “A Socio-Computational
Approach to Predicting Bioweapon Proliferation,” IEEE Transactions on Computational
Social Systems, vol. 5, no. 2, pp. 458–467.
[14] Liu Y. and Hu S. (2015) “Cyberthreat Analysis and Detection for Energy Theft in Social
Networking of Smart Homes,” IEEE Transactions on Computational Social Systems, vol. 2,
no. 4, pp. 148 – 158, Southampton, United Kingdom.
[15] Lone A. and Mir A. (2018), “Forensic-chain: Ethereum blockchain-based digital
forensics chain of custody,” Scientific & practical cyber security journal— ISSN 2587-4667.
[16] Meffert, C., Clark, D., Baggili, I., & Breitinger, F. (2017). Forensic State Acquisition
from Internet of Things (FSAIoT): A General Framework and Practical Approach for IoT
Forensics through IoT Device State Acquisition. Proceedings of the 12th International
Conference on Availability, Reliability and Security, 56:1--56:11.
https://doi.org/10.1145/3098954.3104053
[17] Megget S. (2018), “IoT Supply chain: Amazon Echo as a Use Case,” IEEE Internet of
Things Journal, pp. 1–1.
[18] Mezzour G., Frankenstein G., Carley K and Carley L. (2018), “A Socio-Computational
Approach to Predicting Bioweapon Proliferation,” IEEE Transactions on Computational
Social Systems, vol. 5, no. 2, pp. 458–467.
[19] Miller M. (2018), “FIF-IoT: A Supply chain Investigation Framework for IoT Using a
Public Digital Ledger,” in 2018 IEEE International Congress on Internet of Things (ICIOT),
San Francisco, California, USA. pp. 33–40.
[20] Nyaletey E., Parizi R., Zhang Q. and Choo K. (2019) BlockIPFS - Blockchain-Enabled
Interplanetary File System for Forensic and Trusted Data Traceability. In Proceedings of the
2019 IEEE International Conference on Blockchain (Blockchain), Atlanta, Georgia, USA,
14–17 pp. 18–25.
[21] Osanaiye S. (2015), “Parallel Crime Scene Analysis Based on ACP Approach,” IEEE
Transactions on Computational Social Systems, vol. 5, no. 1, pp. 244–255.
[22] Parizi A., Roman R., and Lopez J. (2018), “Digital witness: Safeguarding digital
evidence by using secure architectures in personal devices,” IEEE Network, vol. 30, no. 6, pp.
34 – 41.
[23] Renuka L., and Trivedi X. (2021) “Compressed sensing signal and data acquisition in
wireless sensor networks and internet of things,” IEEE Transactions on Industrial Informatics,
vol. 9, no. 4, pp. 2177–2186.
[24] Robinson H., (2018) “Toward shared ownership in the cloud,” IEEE Transactions on
Information Blockchain and Security, vol. 13, no. 12, pp. 3019 – 3034.
[25] Shah A., Ganesan R., Jajodia S., and Cam H. (2018) "Understanding tradeoffs between
throughput quality and cost of alert analysis in a CSOC", IEEE Transactions on Information
Forensics Security, vol. 14, no. 5, pp. 1155-1170.
[26] Shancang L., Tao Q., Geyong M. (2019), "Blockchain-Based Digital Forensics
InvestigationFramework in the Internet of Things and Social Systems", IEEE Transactions on
Computational Social Systems, vol.6, no.6, pp.1433 - 1441.
[27] Tasatanattakool Z. (2018), “Behavior rhythm: A new model for behavior visualization
and its application in system security management,” IEEE Access, vol. 6, pp. 73 940–73 951.
[28] Tziakouris G. (2018), “Cryptocurrencies a forensic challenge or opportunity for law
enforcement? An Interpol perspective,” IEEE Security Privacy, vol. 16, no. 4,
[29] Watanabe A., Shabtai A., Puzis R., Elyashar A., Elovici Y., Roshandel M. and Peylo C
(2016), “Creation and Management of Social Network Honeypots for Detecting Targeted
Cyber Attacks,” IEEE Transactions on Computational Social Systems, vol. 4, no. 3, pp.65–79.
[30] Zhang J., Wu S., Jin B., and Du J. (2017), “A blockchain-based process provenance for
cloud forensics,” 3rd IEEE International Conference on Computer and Communications
(ICCC), Chengdu, China; pp. 2470 – 2473
[31] Ritzdorf H., Soriente C., Karame G., Marinovic S., Gruber D., and Capkun S. (2018)
“Toward shared ownership in the cloud,” IEEE Transactions on Information Forensics and
Security, vol. 13, no. 12, pp. 3019 – 3034.
[32] Valjarevic A. and Venter H. (2013), “A harmonized process model for digital forensic
investigation readiness,” in IFIP International Conference on Digital Forensics. Springer,
Orlando, Florida, USA; pp. 67 – 82.
[33] Haber S., and Stornetta W.S. (1991) How to time-stamp a digital document. J.
Cryptology 3,  99-111 https://doi.org/10.1007/BF00196791
[34] Nakamoto S. (2008) "Bitcoin: A Peer-to-Peer Electronic Cash System,"[Online].
Available: https://bitcoin.org/bitcoin.pdf
[35] Zawoad, S., Hasan, R., & Skjellum, A. (2015). OCF: an open cloud forensics model for
reliable digital forensics. 2015 IEEE 8th International Conference on Cloud Computing, pp.
437–444
[36] Zawoad, S., & Hasan, R. (2015). A trustworthy cloud forensics environment. IFIP
Advances in Information and Communication Technology, 462, 271–285.
https://doi.org/10.1007/978-3-319-24123-4_16