The Blockchain in Electronic Forensics: Trust in eDiscovery

Written by Yurii Lozinskyi

Engineering & Presales Director at VerySell 

Traditional forensics, which is essential for litigation of any investigation, aims to ensure that each piece of discovered evidence, whether digital or physical, is admissible in a court of law. Progress in Information Technology impacts all aspects of society, including forensics — which is undergoing a change towards digital management. Improved approaches to handling digital or physical evidence include collection, storage, and processing. New solutions are possible, including using Blockchain in electronic forensics. 

While physical evidence should be preserved and provisioned correctly, digital evidence must comply with requirements of relevance, authenticity, and consistency. This is the case because of the digital nature of much evidence related to digital crimes. Specifically, this evidence is modifiable, distributed (dispersed), and mobile — so it can cross distances easily. 

Digital evidence processing presents unique challenges, as numerous evidence sources and custodians in various locations and jurisdictions must be considered. For each Matter, also known as the eDiscovery Project, there must be evaluation and documentation of such aspects as: 

• Who relevant custodians of evidence sources are, and  
• What relevant evidence sources are available, collectible, and shippable for investigation 

During the Acquisition phase, it is also important to know if the collection is finished and evidence sources have already been collected — or, alternatively, if data collection and processing are still in progress.  

The solution to these challenges looks obvious. Major eDiscovery market players offer proprietary centralized software solutions as a single framework covering the whole Electronic Discovery Workflow.  

Electronic Discovery Workflow: Transformation Motivation 

In conjunction with a wide physical presence and qualified Digital Forensics professionals onboarded and equipped with well-developed infrastructure and facilities in places, these Digital Forensics service providers avoid Electronic Discovery Workflow segmentation, which increases digital evidence’s value in court. Such an approach sounds solid, yet is expensive, as the Total Cost of Ownership (TCO) of these facilities, equipment and specialists requires huge capital expenditures (CapEx) and operational expenditures (OpEx) that impact the overall cost of judicial proceedings.  

That is why eDiscovery services providers are constantly seeking ways to optimize costs — preferably, without significant investments into existing business infrastructure. At the same time, they’ll still need to maintain the existing Electronic Discovery Workflow — as demonstrated in Fig.1 below.  

A quick look at the eDiscovery Workflow shows that the existing approach focuses on the unification of disparate and geographically distributed processes of different types of activities and facilitation of its interoperation to run everything in-house. Such an approach is a significant cause of high overheads in eDiscovery — despite room for cost optimization, including inviting 3rd-parties to operate, partially or in full, such processes and tasks as Custodian Interviews, Device Management, Evidence Collection, and Evidence Shipment.  

The characteristics of digital evidence — especially its distribution (dispersion) and easy mobility — represent an opportunity to move from CapEx to OpEx and reduce the TCO of eDiscovery Workflow by inviting third parties in places. Ensuring a well-organized Chain-of-Custody tracking process addresses the challenges of third-party involvement in distributed forensics information processing and helps maintain high eDiscovery standards. 

By “well-organized CoC process,” we mean using software solutions based on reliable technology to prove neither evidence source media nor evidence itself was altered or destroyed without authorization during all eDiscovery stages. 

Shaping eDiscovery Process Adjustments 

All existing proprietary Electronic Chain of Custody (CoC) Software addresses the process of paperless documentation, notably the chronology of maintaining and processing digital evidence during eDiscovery. Thus, the CoC aims to prove at all levels that alleged evidence is relevant to the Production instead of being falsely modified or planted. 

Taking these facts into account, we can formulate general requirements for modern eDiscovery solutions. They should: 

• Consider the nature and characteristics of digital crime and digital evidence — most notably, its mobility and geographical distribution (dispersal) 
• Provide existing eDiscovery solution holders with a low-budget strategy to revamp existing software and create a trusted eDiscovery ecosystem. 
• Extend existing Electronic Chain of Custody automations with reliable and transparent approaches to guarantee collected evidence immutability and activity audit trails, which are admissible in a court of law 
• Empower existing processes of source media and evidence management, both physical and digital, with automation to avoid human error and run paperless eDiscovery routines (for example, enabling BAR/QR-codes and OCR capabilities in mobile applications for authorized workers like police officers in the field) 
• Protect and track not only source media and evidence, but also the Electronic Chain of Custody register itself from being altered or destroyed without authorization 

If your company uses an eDiscovery Software solution that doesn’t meet one or more of the market demands above, there is room for business optimization. Such business optimization, also known as Digital Transformation, aims to improve the eDiscovery Workflow processes to hit changing market demands (boosting revenue) as well as software solution modernization itself to reduce TCO and ensure scalability (reducing costs).  

So, the right technical approach really matters. 

Blockchain in Electronic Forensics: An Approach to Running the eDiscovery Ecosystem 

As a technical approach, Blockchain networks by design guarantee transparency, authenticity and security, immutability, and auditability.  Driven by Smart Contracts — software implementations of custom business logic — such networks allow running an immutable ledger or registry of facts as well as storing any kind of information. Consequently, this makes them the best fit for maintaining and tracing the Chain of Custody for forensic applications.  

Utilizing the power of private-permissioned blockchains, like Hyperledger, the owners of proprietary Electronic Forensics Software can easily create and publish Smart Contract-based interoperability conventions for third-party providers to set up eDiscovery ecosystems — while maintaining overall Electronic Forensics process ownership. 

For those looking for low-cost changes that ensure fast ROI, we suggest empowering the existing eDiscovery Solution with a Hyperledger-based extension. This approach brings the advantages of proven integrity and tamper resistance to the eDiscovery chain of custody — even in the event of a third-party presence. In most cases, it means minimal changes to existing eDiscovery business architecture in exchange for the flexibility to outsource part of eDiscovery processes to third parties, as represented in reference architecture below (Fig. 2.) 

The approach in Fig.2 extends the existing Main eDiscovery Software Solution, providing an immutable and separate copy of the event log transferred from the Azure-based software platform using an eDiscovery extension for third-party add-on.  

The main purpose of this add-on, developed by SmartDev, is to communicate with Smart Contract REST API, calling Smart Contract (known as ChainCode) functions on Blockchain side via simple API-calls like  

https://SmartContractAPI.com/channels/Tenant1/chaincodes/ManageEvidenceMetadata with body 

* There is the possibility to store structured and unstructured data in various format, i.e. Advanced Forensics Format (AFF), Raw, Digital Evidence Bag (DEB), EnCase Expert Witness Format (EWF), Gfzip, ProDiscovery, and SMART  

These small infrastructure changes in an existing solution ensure data privacy and isolation via Hyperledger channels, so sensitive information cannot be accessed accidentally or shared between Clients (Tenants). In case logical data insulation is insufficient, it is possible to set up separate Hyperledger infrastructure both on the cloud or on-premises.   

Information is replicated and encrypted across all ledgers — but can only be accessed by the Client who owns the channel and the owner of the Main eDiscovery Software Solution. This ensures the ecosystem is always safe, consistent, and auditable. 

The functionality of the eDiscovery extension for third-party add-on is exposed by third-party API via API Gateway for external eDiscovery service providers. It is the exact way eDiscovery Workflow owners can run a complex Digital Forensics ecosystem that is reliable, scalable, and safe with any number of authorized third parties serving any number of Clients.   

An eDiscovery Digital Transformation Roadmap 

SmartDev Fintech Practice engineers are always ready to help with a Digital Transformation Roadmap for your eDiscovery Company with Blockchain development professional services that address Proof of Concept activity. For example, we can help: 

• Evaluate existing eDiscovery business landscapes by identifying areas for optimization 
• Develop Digital Transformation Strategy and evaluate ROI 
• Investigate if using Blockchain technology makes business sense, and which blockchain system best meets your business requirements  
• Integrate Blockchain tech with existing eDiscovery solutions 
• Identify a set of general eDiscovery events to be stored via Blockchain, creating a consistent Digital Forensics ecosystem 
• Build a standardized schema for storing CoC and other eDiscovery events 
• Set up custom Blockchain networks, including nodes, access rules, and private channels to isolate data for the Client and other eDiscovery Workflow stakeholders  
• Develop and set up Smart Contract REST API 
• Create and deploy Smart Contracts 
• Implement a Blockchain explorer to view and query data on the ledger  
• Modernize existing eDiscovery solutions if needed, including cloud migration and software architecture optimization for scalability and availability  

Modern software solutions open new opportunities for Forensics companies and Digital Forensics ISVs by supporting cybercrime investigators to consider the informational nature of digital evidence. With these solutions, the evidence can be easily explored, extracted, and processed using advanced AI/ML algorithms — thus simplifying Matter processing in a court of law. 

Keeping up with the Times

Things are moving fast in the world of electronic forensics, and keeping ahead of the curve is crucial to maintaining reliability and viability in any court proceedings. Being able to keep excellent digital records in any case is an excellent step forward towards improved workflow.

Want to know how SmartDev can help with this? Curious to see what these changes mean for you? Reach out to us for a free quote and we’ll get one of our tech experts in touch with you. You may be surprised at just how much we can accomplish together.