APPLICATION OF DIGITAL FORENSIC INVESTIGATION SERVICES

Project Report

This thesis submitted

In the partial fulfillment of the requirement for the award of

MASTER OF COMPUTER APPLICATIONS

Submitted by
Mr. BADIGANTI BHANU SIVA YESWANTH
([Link].322228820010)
under the esteemed Guidance of
M.A PRASAD SIR (HOD)

DEPARTMENT OF MCA
DR. LANKAPALLI BULLAYYA COLLEGE
Affiliated to ANDHRA UNIVERSITY, Visakhapatnam & Approved
by AICTE, New Delhi Re-Accredited by NAACNEW RESAPUVANIPALEM
VISAKHAPATNAM-530013 , ANDHRA PRADESH
 DECLARATION

I (Badiganti Bhanu Siva Yeswanth) regd no : (322228820010) here by declare that the Project
entitled as (project title) “Application Of Digital Forensic Investigation Services” is an original
work done in the partial fulfillment of the requirements for the award of degree in Master Of
Computer Applications (MCA) in Dr. Lankapalli bullayya College , affiliated to ANDHRA
UNIVERSITY ,Visakhapatnam, I assure that this project work has not been submitted towards
any degree or diploma in any other colleges or universities.

badiganti bhanu siva yeswanth

(Regd no : 322228820010)
 ACKNOWLEDGEMENT

It is my prime duty to express my sincere gratitude to all those who have helped me to
Successfully completed this project. I also express my respectful and sincere thanks to My
project guide M.A PRASAD SIR. senior professor who has given timely advice and
Supported in my work.

I express respectful and sincere thanks to our guide. who has Mentored us throughout
project. your tireless effort and dedication have made this Project successful.

I would like to expertise, hard work, and commitment that have been
In valuable in delivering the project on time and meeting all the objectives. your all
Contribution to the project has been crucial, and without it, I would not have been able to
achieve the desired outcome. I express respectful and sincere thanks to our head of the
department. Dr.M.A PRASAD SIR, associate professor and the faculty members of our
department for the valuable cooperation . guidance and continuous support rendered by them
to me throughout my project work.

I express my gratitude to Dr. G.S. K. CHAKRAVARTHI, Dean of the Dr. Lankapalli

Bullayya College, for the facilities provided by him throughout the course. for the valuable
support and guidance provided by him through the course.

I also extend my thanks to other faculty members for their cooperation during my course
finally, I would like to thank all my friends and my parents for giving full advice and
Giving full support for the completion of the project.

badiganti bhanu siva yeswanth

(Regd no : 322228820010)
III
 ABSTRACT

The nature of the blockchain technology division can best fit the integrity requirements and
qualifications of evidence collected in digital forensics (DF) across legal boundaries. A new
blockchain- based DF acquisition framework (IoT) and communication platform sites is
proposed, which can provide proof of existence and asset retention to verify evidence. In
order to use the same attribute, we introduce the forensic forensics framework of IoT,
videlicet, IoT forensic chain (IoTFC), which can provide forensic dissipation with good
authenticity, consistency, traceability, flexibility, and trust based on copyright. and
investigators. The IoTFC can provide proof of tracking and track the appearance of evidence.
Details of evidence identification, retention, analysis, and contribution will be recorded in
blockchain chains. IoTFC can increase your confidence in both verification and viewing
information by providing clarity of the test method. This project describes a secure
connection using a blockchain security application. This proposed system is used to establish
a forgery to register a connection using the corresponding secret key. The nature of the
blockchain technology division can best fit the integrity requirements and qualifications of
evidence collected in digital forensics (DF) across legal boundaries. introduces a blockchain
forensics framework for IoT, videlicet, IoT forensic chain (IoTFC), which can provide
forensic dissipation with good authenticity, consistency, traceability, flexibility, and
distributed trust between proven topics and viewers.

I
V
 CONTENTS

[Link]
1. Introduction 01
2. Chapter:1
1.1 : Process of custody of the evidence 02
1.2 : Chain of custody - digital forensics 03
1.3 : Why never work with the original evidence 03
3. Chapter:2
2.1 Problem statement 05
2.2 Existing system 05
4. Chapter:3
3.1 What Is Blockchain Technology? 07
3.2 What is Hashing, exactly? 09
3.3 What is meant by SHA-256 Algorithm? 09
3.4 Proposed system 10
3.5 Modules 11
3.6 Algorithm 12
5. Chapter:4
4.1 Configuration 14
4.2 Project diagrams 14
4.3 Technology stack for the propose approach 16
4.4 Results 18
4.5 Conclusion 28

V
 INTRODUCTION

Cloud storage solution based on blockchain get customer data and break it down into smaller
pieces, then load an additional layer of protection and distribute it across the network. This is
made possible by blockchain capabilities such as hashing, private / public key encryption,
and active data (ledger). Another benefit is that the owners are hidden because the node no
longer stores the proprietors’ information instead, the members or consumers receive only
a piece of data as a result, all sensitive data is covered, and secure data redundancy and
loading balancing mechanisms are implemented for high availability and quick access.
Blockchain is the newest and most affordable option for accessing cloud storage. This is
because multiple small organizations participate in cloud storage by supplying their
computing power and space to store data. A blockchain is a growing list of records known as
blocks, which are linked using cryptography. Each block contains the cryptographic hash,
timestamp, and transaction data of the previous block.

1
 CHAPTER:1

THE CHAIN OF CUSTODY

The chain of custody proves part of the authenticity of the evidence. A paper trail is
maintained so that those in control of the evidence can be identified quickly and effectively at
any time and, if necessary, called to testify during the trial. A record of the chain of custody
must be kept and established in court while presenting evidence in the form of demonstration.
Otherwise, the evidence may be declared inadmissible in court, raising serious questions
about its validity, integrity and examination. Evidence must be handled carefully to avoid
tampering. Chain of custody is the chronological record or trace responsible for the custody,
control, transfer, analysis and disposition of physical or electronic evidence. The goal is to
show that the evidence linked to the crime claimed was collected from the scene, and was in
its original/unmodified form, rather than deliberately tampered with or "positioned" to show
someone guilty. The chain of custody ensures the integrity of the specimen. The transparency
of the method is demonstrated by the traceability of sample control, transfer and analysis
records.

PROCESS OF CUSTODY OF THE EVIDENCE

• DATA COLLECTION

The first step in the chain of custody protocols is data collection. Requires identifying,
classifying, documenting and obtaining data from all potentially relevant sources
while maintaining the integrity of the data and evidence.

• EXAMINATION

The chain of custody information, as well as the forensic process, are documented in
this phase. It is important to take photographs along with the process to document the
activities completed and the evidence uncovered.

2
 • ANALYSIS

The analysis phase is the result of the examination phase. In the analysis phase,
legally permitted approaches and techniques are used to obtain useful data to answer
the questions of the case.

• REPORTING

In the Examination and Analysis stage, this is the documentation phase.

1.2 : CHAIN OF CUSTODY- DIGITAL FORENSICS

Chain of custody is also known as paper trail, forensic link, or chronological document of
evidence in digital forensics. LOT devices, audio evidence, photos and other data held on
hard drives, flash drives and other physical media are used to obtain digital evidence. The
following steps must be followed according to the chain of custody for electronic devices:

• Keep original evidence safe.

• Take pictures of the tangible proof.

• Take pictures of digital evidence.

• Keep track of the date, time, and any other details about how the evidence was
obtained.

• Install forensic computers with a bit-for-bit clone of digital evidence material, then do
a hash test analysis to ensure the clone is working. When acquiring digital evidence
and creating a chain of custody, this should be taken into account.

1.3 Why Never Work with The Original Evidence?

When working with digital evidence, the most critical issue is that the forensic expert must
produce a complete duplicate of the evidence for forensic investigation. This is important
because when working copies are messed up or comparisons are made, an original copy
is

3
necessary. Storage Sterilization Media It is critical to ensure that the examiner's storage
device is forensically clean when acquiring evidence. If the examiner's storage media is
infected with malware, the infection can propagate to the system under investigation,
compromising all of the data. Keep track of any further information. All material brought to
the case investigator's attention throughout the examination process must be documented. A
complete report must include the following points:

• The name of the investigative agency.

• A one-off identifying code

• Name of the case investigator

• The identity of the submitter.

• The date on which the item was delivered.

• The report's publication date.

• A thorough description of the item submitted.

• The name and signature of the examiner

• An overview of the procedures performed during the test.

Outcomes

• It is critical to safeguard the integrity and security of digital evidence while collecting
it. It's critical to ensure the crime scene is entirely secure before and during the
search. In some situations, the examiner may only be able to do the following while
on-site:

• Count the number and types of computers.

• Interview the system administrator as well as the users. Determine the different types
and amounts of media, including removable media, and keep track of them. Check
whether the network is presence or not. Keep track of the details of the location where
the media was deleted.

• Identify off-site storage and/or computer resources.

• Figure out which software is exclusive.

• Determine the operating system you're using.

4
 CHAPTER: 2

2.1 PROBLEM STATEMENT

The chain of custody is the most important part of recording evidence. It is important to
show the court that the evidence is genuine, that is, it is the same evidence that was
collected at the crime scene. It was always in the custody of the person in charge of it, and
it never disappeared. A proof must satisfy certain criteria in order to be accepted as
evidence in court. Chain of custody, also known as chain of evidence, refers to the
continuance of ownership or custody of evidence as well as its movement and
placement from the time of discovery and retrieval until it is allowed, admitted and
accepted in court.

Possession of the defendant. To establish a reasonable doubt of guilt, the defense looks
for flaws or breaches in the chain of custody, evidence that might be "placed" illegally to
show the accused guilty. evidence that might e kept illegally to show the accused guilty.
An article of clothing can help you avoid all of them. The prosecution presents a series of
custodial documents to the court to prove that the object of evidence is indeed connected
with the alleged offense and that it was in evidence. From the time it is collected until it is
produced in court, it must always be in the physical possession of an identified, legally
authorized person.

5
2.2 EXISTING SYSTEM
Because many IoT nodes collect and analyze non-public data, they might Became a goldmine
of records for hostile actors. The ability to identify compromised nodes, as well as collect and
maintain evidence of an attack or malicious exploit, has become a priority in the successful
deployment of IoT networks. First, discuss current major security and forensics challenges in
the IoT space, followed by a brief discussion of papers published on this specific topic that
address identified challenges.

Disadvantages are Not capable of providing,

i) Trustworthy
ii) Integrity
iii) Improved provenance
iv) Availableness and flexibility
v) Extensibility

6
CHAPTER: 3

SOLUTION FOR PROBLEM

3.1 What Is Blockchain Technology?

Blockchain technology is a structure that stores transactional data, additionally called

the block, of the general public in numerous databases, called the “chain,” in a
network linked thru peer-to-peer nodes. A ‘digital ledger' generally we ca call this
kind of storage like that. each transaction on this ledger is allowed by using the
virtual signature of the proprietor, which authenticates the transaction and safeguards
it from tampering. consequently, the data the digital ledger consists of is
tremendously secure.

In easier phrases, the digital ledger is sort of a Google spreadsheet shared amongst
several computer systems in a network, wherein, the transactional information is
saved based on actual purchases. They see the data but they can't change the data.
The block consists of a digital signature, a timestamp, and different vital, applicable
data. It ought to be mentioned that the block doesn’t consist of the identities of the
individuals concerned within the transaction. This block is then transmitted
throughout all the network's nodes, and while the proper individual makes use of his
personal key and suits it with the block, the transaction receives completed correctly.

A blockchain is a distributed database or ledger shared among a computer network's

nodes. They are best known for their crucial role in cryptocurrency systems for
maintaining a secure and decentralized record of transactions, but they are not
limited to cryptocurrency uses. Blockchains can be used to make data in any industry
immutable—the term used to describe the inability to be altered.
Because there is no way to change a block, the only trust needed is at the point where
a user or program enters data. This aspect reduces the need for trusted third parties,

which are usually auditors or other humans that add costs and make mistakes.

7
  Blockchain is a type of shared database that differs from a typical database in the
way it stores information; blockchains store data in blocks linked together via
cryptography.
 Different types of information can be stored on a blockchain, but the most
common use for transactions has been as a ledger.
 In Bitcoin’s case, the blockchain is decentralized, so no single person or group
has control—instead, all users collectively retain control.
 Decentralized blockchains are immutable, which means that the data entered is
irreversible. For Bitcoin, transactions are permanently recorded and viewable to
anyone.

What is Blockchain Architecture?

8
 Figure:centralized,decentralized and distributed ledgers

Logically, a blockchain is a chain of blocks which contain specific information

(database), but in a secure and genuine way that is grouped together in a network (peer-
to-peer). In other words, blockchain is a combination of computers linked to each other
instead of a central server, meaning that the whole network is decentralized.

To make it even simpler, the blockchain concept can be compared to work done with
Google Docs. You may recall the days of tossing over doc. documents and waiting for
other participants to make necessary edits. These days, with the help of Google Docs, it
is possible to work on the same document simultaneously.

The blockchain technique allows digital information to be distributed, rather than

copied. This distributed ledger provides transparency, trust, and data security.
Blockchain architecture is being used very broadly in the financial industry. However,
these days, this technology helps create software development solutions for
cryptocurrencies and record keeping, digital notary, and smart contracts.

Database vs. Blockchain Architecture

Figure:Database vs Blockchain Architecture

9
 The traditional architecture of the World Wide Web uses a client-server network. In
this case, the server keeps all the required information in one place so that it is easy
to update, due to the server being a centralized database controlled by a number of
administrators with permissions.

In the case of the distributed network of blockchain architecture, each participant

within the network maintains, approves, and updates new entries. The system is
controlled not only by separate individuals, but by everyone within the blockchain
network. Each member ensures that all records and procedures are in order, which
results in data validity and security. Thus, parties that do not necessarily trust each
other are able to reach a common consensus.

The blockchain is a decentralized, distributed ledger (public or private) of different

kinds of transactions arranged into a P2P network. This network consists of many
computers, but in a way that the data cannot be altered without the consensus of the
whole network (each separate computer).

The structure of blockchain technology is represented by a list of blocks with

transactions in a particular order. These lists can be stored as a flat file (txt. format) or
in the form of a simple database. Two vital data structures used in blockchain include:
 Pointers - variables that keep information about the location of another
variable. Specifically, this is pointing to the position of another variable.
 Linked lists - a sequence of blocks where each block has specific data and links
to the following block with the help of a pointer.

Figure:
10
Logically, the first block does not contain the pointer since this one is the first in a
chain. At the same time, there is potentially going to be a final block within the
blockchain database that has a pointer with no value.
basically, the following blockchain sequence diagram is a connected list of records:

Figure:

Blockchain architecture can serve the following purposes for organizations and
enterprises:
Cost reduction - lots of money is spent on sustaining centrally held databases (e.g.
banks, governmental institutions) by keeping data current secure from cyber crimes
and other corrupt intentions.

History of data - within a blockchain structure, it is possible to check the history of

any transaction at any moment in time. This is a ever-growing archive, while a
centralized database is more of a snapshot of information at a specific point.

Data validity & security - once entered, the data is hard to tamper with due to the
blockchain’s nature. It takes time to proceed with record validation, since the

11
 process occurs in each independent network rather than via compound processing
power. This means that the system sacrifices performance speed, but instead
guarantees high data security and validity.

Types of Blockchain

Figure: Blockchain Architecture

As blockchain technology evolves, new variations have surfaced. This section

provides a brief introduction to four different models that have developed by
demand.

Public Blockchain

Public blockchains are permission less networks considered to be “fully

decentralized.” No one organization or individual controls the distributed ledger, and
its users can remain anonymous. As long as a user can provide proof of work, they
can participate in the network.

12
Private Blockchain

Private blockchains are permissioned networks. In the interest of garnering greater

control or privacy over a network, private blockchains have a single operator that’s in
charge of who can access the network and whether participants can view, verify or
create data on the blockchain.
Adding restricted access to an encrypted record-keeping ledger appeals to certain
organizations that work with sensitive information, like large enterprises or
government agencies.

Consortium Blockchain

Consortium blockchains, also known as federated blockchains, are permissioned

networks that are operated by a select group. Multiple users have the power to set the
rules, edit or cancel transactions. With shared authority, the blockchain may enjoy a
higher rate of efficiency and privacy.

Hybrid Blockchain

Hybrid blockchains combine elements of both public and private networks. They
feature selective transparency, which allows blockchain admins to restrict specific
parts of the blockchain to certain participant pools while maintaining public visibility
over the rest of the thread. This way, organizations are entitled to a certain level of
privacy when immutably sharing data independent of a third party.

The following table provides a detailed comparison among these three blockchain
systems:

13
How Does Blockchain Work?

14
 Let's have a closer look at what is a block in a blockchain. Each blockchain
block consists of:

 certain data
 the hash of the block
 the hash from the previous block

The data stored inside each block depends on the type of blockchain. For
instance, in the Bitcoin blockchain structure, the block maintains data about the receiver, sender,
and the amount of coins.

A hash is like a fingerprint (long record consisting of some digits and letters). Each
block hash is generated with the help of a cryptographic hash algorithm (SHA 256).
Consequently, this helps to identify each block in a blockchain structure easily. The
moment a block is created, it automatically attaches a hash, while any changes made in
a block affect the change of a hash too. Simply stated, hashes help to detect any changes
in blocks.

The final element within the block is the hash from a previous block. This creates a
chain of blocks and is the main element behind blockchain architecture’s security. As
an example, block 45 points to block 46. The very first block in a chain is a bit special -
all confirmed and validated blocks are derived from the genesis block.

Any corrupt attempts provoke the blocks to change. All the following blocks then carry
incorrect information and render the whole blockchain system invalid.

On the other hand, in theory, it could be possible to adjust all the blocks with the help of
strong computer processors. However, there is a solution that eliminates this possibility
called proof-of-work. This allows a user to slow down the process of creation of new
blocks. In Bitcoin blockchain architecture, it takes around 10 minutes to determine the
necessary proof-of-work and add a new block to the chain. This work is done by miners
- special nodes within the Bitcoin blockchain structure. Miners get to keep the
transaction fees from the block that they verified as a reward.

15
 Each new user (node) joining the peer-to-peer network of blockchain receives a full
copy of the system. Once a new block is created, it is sent to each node within the
blockchain system. Then, each node verifies the block and checks whether the
information stated there is correct. If everything is alright, the block is added to the local
blockchain in each node.

All the nodes inside a blockchain architecture create a consensus protocol. A consensus
system is a set of network rules, and if everyone abides by them, they become self-
enforced inside the blockchain.

For example, the Bitcoin blockchain has a consensus rule stating that a transaction
amount must be cut in half after every 200,000 blocks. This means that if a block
produces a verification reward of 10 BTC, this value must be halved after every 200,000
blocks.

As well, there can only be 4 million BTC left to be mined, since there is a maximum of
21 million BTC laid down in the Bitcoin blockchain system by the protocol. Once the
miners unlock this many, the supply of Bitcoins ends unless the protocol is changed.

To recap, this makes blockchain technology immutable and cryptographically secure by

eliminating any third-parties. It is impossible to tamper with the blockchain system; as it
would be necessary to tamper with all of its blocks, recalculate the proof-of-work for
each block, and also control more than 50% of all the nodes in a peer-to-peer network.

Benefits of Blockchains

Blockchain technology is a decentralized digital ledger system designed to securely

record and verify transactions across a network of computers. Here's a breakdown of
how it works and why it's significant:

1. Digital Ledger: A blockchain is essentially a digital ledger that keeps a record of

16
 transactions or data entries. This ledger is maintained by multiple participants
(nodes) in a network.
2. Blocks and Chain: Transactions are grouped into "blocks." Each block contains a
list of transactions and is linked to the previous block through a unique code called
a cryptographic hash. This forms a chain of blocks, hence the name "blockchain."
3. Decentralization: Unlike traditional centralized systems where a single authority
(like a bank or a company) maintains the database, blockchain operates on a
decentralized network. This means no single entity controls the entire system;
instead, multiple nodes validate and store the data.

4. Consensus Mechanisms: To agree on the state of the blockchain and validate

transactions, the network uses consensus mechanisms. Popular methods
include:
 Proof of Work (PoW): Nodes solve complex
mathematical problems to validate transactions and add
new blocks.
 Proof of Stake (PoS): Nodes are chosen to validate
transactions based on the amount of cryptocurrency they
hold and are willing to "stake" as collateral.
5. Security and Immutability: Once data is added to a blockchain, it is secured
through cryptographic hashing, making it extremely difficult to alter or tamper
with. Each block's hash is based on the previous block's hash, creating a secure,
unchangeable chain of records.
 Cryptographic Hashing: Each block’s hash is derived
from the previous block’s hash, creating a secure link
between blocks. Any attempt to alter information in a
block would change its hash, breaking the chain and
alerting the network.
17
  Immutability: Once a block is added to the blockchain, it
is very difficult to modify or delete. This immutability is a
key feature that ensures data integrity and trustworthiness.
6. Transparency: In many blockchain systems, all participants can access the
entire ledger and view the transaction history. This transparency helps prevent
fraud and ensures that the data is accurate and verifiable.
 Transparency: In public blockchains (like Bitcoin and
Ethereum), all transactions are visible to anyone with
access to the blockchain. This transparency helps in
auditing and ensures accountability.
 Privacy: While transaction details are visible, the
identities of the participants are often pseudonymous.
Private blockchains offer additional privacy features and
restrict access to authorized participants only.

7. Smart Contracts: Some blockchains, like Ethereum, support smart contracts.

These are programmable contracts that automatically execute and enforce terms
based on predefined rules, removing the need for intermediaries.
8. Applications: While blockchain is best known for its role in cryptocurrencies
like Bitcoin, its applications are broad and include supply chain management,
voting systems, healthcare records, identity verification.

Drawbacks of Blockchains

1. Technology cost: Although blockchain can save users money on transaction fees,
the technology is far from free. For example, the Bitcoin network's proof-of-work
system to validate transactions consumes vast amounts of computational power. In
18
 the real world, the energy consumed by the millions of devices on the Bitcoin
network is more than Pakistan consumes annually.
Some solutions to these issues are beginning to arise. For example, bitcoin-mining
farms have been set up to use solar power, excess natural gas from fracking sites,
or energy from wind farms.

2. Speed and Data inefficiency: Bitcoin is a perfect case study for the possible
inefficiencies of blockchain. Bitcoin's PoW system takes about 10 minutes to add a
new block to the blockchain. At that rate, it's estimated that the blockchain
network can only manage about seven transactions per second (TPS).10 Although
other cryptocurrencies, such as Ethereum, perform better than Bitcoin, blockchain
still

limits them. Legacy brand Visa, for context, can process 65,000 TPS.
Solutions to this issue have been in development for years. There are currently
blockchain projects that claim tens of thousands of TPS. Ethereum is rolling out a
series of upgrades that include data sampling, binary large objects (BLOBs), and
rollups. These improvements are expected to increase network participation,
reduce congestion, decrease fees, and increase transaction speeds.
The other issue with many blockchains is that each block can only hold so much
data. The block size debate has been and continues to be one of the most pressing
issues for the scalability of blockchains in the future.

3. Illegal activity: While confidentiality on the blockchain network protects users

from hacks and preserves privacy, it also allows for illegal trading and activity on
the blockchain network. The most cited example of blockchain being used for illicit
transactions is probably the Silk Road, an online dark web illegal-drug and money
19
 laundering marketplace operating from February 2011 until October 2013, when
the FBI shut it down.
The dark web allows users to buy and sell illegal goods without being tracked by
using the Tor Browser and make illicit purchases in Bitcoin or other
cryptocurrencies. This is in stark contrast to U.S. regulations, which require
financial service providers to obtain information about their customers when they
open an account. They are supposed to verify the identity of each customer and
confirm that they do not appear on any list of known or suspected terrorist
organizations.
This system can be seen as both a pro and a con. It gives anyone access to financial
accounts, but allows criminals to transact more easily. Many have argued that the
good uses of crypto, like banking the unbanked world, outweigh the bad uses of
cryptocurrency, especially when most illegal activity is still accomplished through
untraceable cash.

4. Regulation: Many in the crypto space have expressed concerns about government
regulation of cryptocurrencies. Several jurisdictions are tightening control over
certain types of crypto and other virtual currencies. However, no regulations have
yet been introduced that focus on restricting blockchain uses and development, only
certain products created using it.

5. Data storage: Another significant implication of blockchains is that they require

storage. This may not appear to be substantial because we already store lots of
information and data. However, as time passes, the number of growing blockchain
uses will require more storage, especially on blockchains where nodes store the
entire chain. Currently, data storage is centralized in large centers. But if the world
transitions to blockchain for every industry and use, its exponentially growing size
would mean more advanced techniques to reduce its size or that any participants
would need to continually upgrade their storage.

20
6. This could become significantly expensive in terms of both money and physical
space needed, as the Bitcoin blockchain itself was more than 581 gigabytes on June
29, 2024—and this blockchain records only bitcoin transactions.16 This is small
compared to the amount of data stored in large data centers, but a growing number
of blockchains will only add to the amount of storage already required for the
connected and digital world.

21
3.1 Example of Block

Blockchain technology makes use of hashing and encryption to secure the information,
depending especially at the SHA256 algorithm to secure the data. The address of the sender
(public key), the receiver’s cope with, the transaction, and his/her non-public key info are
transmitted through the SHA256 algorithm. The encrypted information is called hash
encryption.

22
3.2 What is Hashing, exactly?

It is a process of scrabbling raw data to the point that it can no longer be reproduced in its
original form. It takes a chunk of data and runs it through a function that performs
mathematical operations on it. It is hash function, and the output is called hash value/digest.

The hash function is responsible for transforming plaintext to its associated hash
digest, as seen in the fig below. They are intended to be irreversible, which means your digest
should not, under any circumstances, give you with the original plaintext. Hash functions,
regardless of the amount of repetitions, provide the same output value if the input remains
unaltered.

Fig: 3.2 Example of Hashing

Characteristics of Hash Functions

1. Deterministic: For a given input, the hash function will always produce the same output.
2. Fast Computation: Hash functions are designed to be efficient and quick to compute.
3. Preimage Resistance: It should be computationally infeasible to reverse the hash
function and retrieve the original input from the hash value.
4. Second Preimage Resistance: It should be infeasible to find a different input that results
in the same hash value as a given input.
5. Collision Resistance: It should be infeasible to find two different inputs that produce the
23
 same hash value.

Applications of Hashing
1. Data Integrity: Hashing is used to verify the integrity of data. For example, when
downloading files, a hash value provided by the source can be compared with the hash
value of the downloaded file to ensure it has not been corrupted or tampered with.
2. Cryptography: Hash functions are fundamental in cryptographic applications, including
digital signatures, password hashing, and encryption.
3. Hash Tables: Hashing is used in data structures like hash tables to efficiently retrieve,
insert, and delete data. The hash value serves as an index in the table.
4. Digital Signatures: Hashing is used in digital signatures to ensure the authenticity and
integrity of messages. The hash value of a message is signed with a private key to create
a digital signature.

Example of Hashing

Consider the input "hello":

 Input: "hello"
 Hash Function: SHA-256
 Hash Value: 2cf24dba5fb0a30e26e83b2ac5b0d7d9c7f3b74d4d59c6e0f1b2b8076b9b8a9d

The hash value is a fixed-size output (64 characters in hexadecimal for SHA-256) that uniquely

represents the input "hello".

3.3 What is meant by SHA-256 Algorithm?

It is one of the part in the SHA 2 algorithms family, Secure Hash Algorithm for short we call
as SHA. It was a cooperative effort between the NSA and NIST to introduce a replacement to
the SHA 1 family, which was losing power against brute force assaults. It was published in
2001. The 256 in the name refers to the final hash digest value, which means that
regardless of the amount of plaintext or

24
clear text, the hash value will always be 256 bits. In the SHA family, SHA 256 is more or
less comparable to the other algorithms. The following are some of the algorithm's most
notable features:
• Message Length: The clear text should not exceed 264 bits in length. To keep the digest as
random as possible, the size must be in the comparison area.
• Digest Length: For the SHA 256 algorithm, the hash digest length should be 256 bits, 512
bits for SHA-512, and so on. Larger digests often imply a lot more calculations at the expense
of performance and space.
• Irreversible: All hash functions, such as the SHA 256, are designed to be irreversible.
When you have the digest, you should not get a plaintext, and the digest should not return its
original value when you run it through the hash function again.

How It Works
1. Padding: The input data is padded to ensure its length is congruent to 448 modulo
512. Padding involves adding a single ‘1’ bit followed by enough ‘0’ bits, and then
appending a 64-bit representation of the original message length.
2. Initialize Hash Values: SHA-256 uses eight 32-bit words as initial hash values.
These values are constants defined by the SHA-2 standard.
3. Process Data in Chunks: The padded message is divided into 512-bit chunks. Each
chunk is further divided into 16 words of 32 bits each. These words are expanded into
64 words using a series of logical functions and bitwise operations.
4. Compression Function: Each chunk is processed using the SHA-256 compression
function, which involves a series of operations including bitwise logical functions,
modular additions, and rotations. The compression function updates the hash values
based on the processed chunk.
5. Produce Final Hash: After processing all chunks, the final hash value is produced by
concatenating the eight 32-bit hash values.

Applications
1. Cryptocurrencies: SHA-256 is integral to Bitcoin and other cryptocurrencies. It is
used for mining (proof-of-work) and for ensuring the integrity of transactions.
2. Data Integrity: SHA-256 is used to verify the integrity of data and ensure that it
has not been altered. This is common in software distribution and file verification.
3. Digital Signatures: It is used in digital signature algorithms to ensure that

25
 signatures are unique to the signed data and cannot be forged.
4. Password Hashing: SHA-256 can be used to hash passwords, though it is often
combined with other techniques (like salting and key stretching) to enhance
security.

3.4 : PROPOSED SYSTEM

Blockchain Technology gets over the above demanding situations and it could make
the records acquisition and validation extra correct and informative with the aid of
using an integration of the TEs and further information. For every TE item, its
provenance in addition to all associated analyzing activities may be traced lower back
to its origination. The IoTFC makes use of Blockchain to construct a close- loop
gadget that offers massive forensic evaluation benefits in a systematic and
competitively priced way.

Advantages

• Security
• Fast Processing
• Traceability
• Process integrity.

26
27
 3.5 Module

• Registration
• data collection
• cryptographic functions
• Blockchain Computing
• Performance Evaluation

3.5.1 : REGISTRATION

 The registration module permits the consumer and records proprietor to create a login
username and the password via way of means of • Entering your data like mail id,
phone number, name etc.
 Client can take advantage of access to sources saved inside the cloud by registering to
the community or cloud.

3.5.2 : DATA COLLECTION

• Data is collected on the basis of wireless sensor network in the defense sector.

• Blockchain is a decentralized, virtual ledger that is used to report transactions that

occur in a secure community using cryptographic technology.

• Due to the immutable and cryptographically tested security of a blockchain

community, it provides a way to remedy the problems that exist in the data industry.

3.5.3 : CRYPTOGRAPHIC

• The cryptographic hash feature is used to generate a virtual signature for each precise
block. There are a large variety of hash functions, however, the hashing feature it
uses is the SHA- 256 hashing algorithm blockchain.

28
3.5.4 : BLOCKCHAIN SYSTEM
• A blockchain is all approximately organizing and storing statistics according to a
predefined logic.

• Instead of being recorded and saved in the database of the respective server, it is
encrypted, and a replica is saved on each node belonging to the community.

3.5.5 : PERFORMANCE EVALUATE

• The overall performance of the gadget is analyzed through the security of the gadget.

• Integrity and accuracy analysis is done for the security of the system.

3.6 ALGORITHM

Cryptography includes written code that calls for legal interpreting and encryption. The
blockchain is managed through a community that sticks to the protocol for nodal releases
and validates new blocks. Miners authenticate transactions to be noted in the blockchain.
Mining calls for software with a set of rules, to authenticate and retrieve the data.
Cryptocurrency is virtual foreign currency in which encryption is used for the law and
technology of units of foreign currency. Cryptocurrency uses cryptography for security
and the blockchain age to record transactions. This mechanism is referred to as a
blockchain algorithm, from containing the chain of information to validating the
transaction in its entirety.

In blockchain, each node within the network results in the same conclusion, each
updating independently to the most well-known file that is a real professional file in
exchange for a real copy. Transactions are shown, and each node builds its own up-to-
date model of events. It represents the blockchain era specifically innovation in record-
keeping and distribution that removes the need for third parties to facilitate digital
interactions.

The blockchain era is an aggregate of technology implemented in diverse new ways. It is

constructed on a platform the usage of protocols, it’s miles on a peer-to-peer-community
29
that is a gadget of file and makes use of non-public key cryptography for identity. A set
of rules (algorithm) is a part of a protocol, The end result is a gadget of transactional
interactions that doesn't require relying on 3rd parties. The painting of securing virtual
relationships is naturally presented through the robust, simple, yet state-of-the-art
community structure of blockchain technology.

Cryptographic hash function

We use a cryptographic hash function to generate a digital signature for each unique
block. There are a lot of hash functions, but the hashing function used by the blockchain
is the SHA-256 hashing algorithm.

30
CHAPTER: 4

4.1 CONFIGURATION

4.1.1 HARDWARE SYSTEM CONFIGURATION:-

We use Processor – Pentium –IV, RAM –
4GB (minimum), Hardware Disk – 20GB
and
LI-FI Module.

4.1.2 SOFTWARE SYSTEM CONFIGURATION:- We use

Operating systems: Windows 7,8,10, Application Server: Net Beans,
Front End: Java and Back
End: SQL

4.2 PROJECT DIAGRAMS

4.2.1 USE CASE DIAGRAM

31
4.3 TECHNOLOGY STACK FOR THE PROPOSE APPROACH

4.3.1 FRONT END

Html5: It is used to create web pages. To arrange graphics on a webpage, to format
text as titles and headings, to link to different pages within a website, and to link to different
websites from our application it is used.
Css3: It is used for styling our web application.
A standard and set of technologies that developers use to create dynamically-generated
webpages by using Jakarta Server Pages. By using Java code, as well as HTML and XML
syntax Developers write these webpages.
Integrated development environment: NetBeans.

32
4.3.2 Back end
Apache server: Helps in establishing a connection between a server and the browsers of
website visitors (Firefox, Google Chrome, Safari, etc.) while delivering files back and forth
between them (client-server structure). A specific file or resource requests by using browser
and initiates the process.

MySQL: This is the database we use to store data about the 4 entities explained above and
display the relevant data between the entities for their communication.

33
4.4 RESULTS

We have created a Class called Block, Which contains a hash value and the hash value
of the previous hash value, the time stamp

Fig: 4.4.1 Creation of Block having a hash value and the hash value of the previous
hash value, the time stamp.

34
The blocks of the Blockchain are created using this code

Fig: 4.4.2 The code for creating blocks

The database is connected using the code below

Fig: 4.4.3 Code for connecting to database

35
Steps to execute the project

Step: 1

We have used XAMPP for Backend connecting Our Database and the Apache server. We
have to start the both Apache and SQL modules before executing the project on NetBeans.

Fig: 4.4.4 Using XAMPP control panel

36
Step: 2

After activating XAMPP we have to run our code in Netbeans then the website will be
opened in localhost.

Fig: 4.4.5 Using NetBeans

37
Step: 3

Local host will open the Frame work home page

Fig:4.4.6 Home page

38
Step: 4

 Now we navigate from Home Page to Admin Page.

 We need to log in as an Admin to collect the data we want to store it in
Blockchain.
 As soon as we logged in as an admin we will get the option to collect data.
 When we clicked the collect button we will be able to select the Files from our
device.

Fig: 4.4.7 Collect forensic data

39
Step: 5

After selecting the desired file we need to send the request to the repository to Store
the desired file in the blockchain.
As we click the send request to the repository the request will be sent to Repository.

Fig: 4.4.8 Send Request to Repository

40
Step: 6

Now we need to log out from Admin and Login as Repository in repository we can see the
requests made by the Admin so that we can approve the requests and the file can be stored in
BlockChain. As soon as we approve the requests we can see the blocks created for the file
with the Hash codes.

Fig: 4.4.9 View Block Data

41
Step: 7

Then for the Defence System to verify the files they need to login as Defence so that they can
check the files we have stored in the blockchain.
After logged in they can choose which file they want to verify the selected file will be opened
but it was shown in Encrypted mode we have provided a button to see the original file as
soon as they click the button they can see the decrypted version the file.
But no one can change the file as the contents in the blockchain were immutable.

Fig: 4.4.10 Encrypted Data show in case dataset Step: 8

42
We will get the original data in a case dataset.

Fig: 4.4.11 Original Data show in case dataset

43
 4.5 CONCLUSION

Considering the blockchain-based forensic investigation framework for forensic research a

wide range of devices, evidence, and data types more in today's complex IoT ecosystem The
basic concept is to receive objects from IoT devices and write to them. Blockchain-based
IoTFC was designed to be of origin, traceable, after the links have been verified, and the
relationship between each piece of evidence must be auditable.

Recently, blockchain solutions have been offered both for forensic evidence and intrusion
detection because blockchain can solve problems in both scenarios, Trust, honesty, openness,
accountability, and safe data exchange are all challenges that need to be addressed. Taking
Action applied the topic of trust management. In collaborative intrusion detection networks,
blockchain may be used to cope with insider threats while simultaneously improving overall
security The cooperating IDS nodes communicate information. The authors recommended
that the network's generated (raw) alerts be stored as transactions in a permissioned
blockchain. Refer to challenges of Confidentiality when collaborating nodes belong to
different trust domains, as the shared data may contain sensitive information associated with
individuals or organizations, such as IP addresses and packet payloads, in addition to the
dimension of trust between IDS nodes. Methods for transferring encrypted material, as well
as merely hashed data rather than raw data, are discussed. It is critical in forensic
investigations that evidence is not tampered with when it moves from one entity to another.

Blockchain can be used to verify the validity and validity of the methods of collecting,
storing and disseminating digital evidence, as well as offering a full perspective of all
interactions in the CoC. It is important to ensure that members of the blockchain-based CoC
have read/write access to the distributed ledger. propose a private blockchain that may be
used in digital forensics to maintain evidence integrity. The authors also want to record the
activities made by each
party while engaging with the evidence. on the other hand, collects interactions between IoT
devices and verifies their authenticity using a blockchain to uncover illicit occurrences that
may be used as evidence.

44
REFERENCE

"A blockchain-based process provenance for cloud forensics," 1 december 2017. [Online].
Available: [Link]
provenance-for-cloud-Zhang- Wu/48eff5ee66cf0ad553c07763192b31bb747a306f.

G. Tziakouris's, "Cryptocurrencies—A Forensic Challenge or Opportunity for Law

Enforcement? An INTERPOL Perspective," 1 july 2018. [Online]. Available:
[Link] es

A_Forensic_Challenge_or_Opportunity_for_Law_Enforcement_An_I NTERPOL_Perspective.
L. M. Cullell, "Digital Forensics and Blockchain," 3 june 2018. [Online]. Available:
[Link] bf3af5e7153c?
source=---------3------------------
&msclkid=4c8656f1c63c11ec8f85e354544f36f8.

"A Forensic Investigation Framework for IoT Using a Public Digital Ledger," 1 july 2018.
[Online]. Available: [Link]
Investigation-Framework-for-IoT-Hossain-
Karim/edc6280c29e0378444ccdf6ea58bbbfab9acecd0?msclkid=be3e
7c94c63711ec91860edc353cdc5e.

45
S. L. L. D. X. a. X. Wang, "Compressed sensing signal and data acquisition in
wireless sensor networks and internet of things," [Online]. Available:
[Link]

L. D. Xu, "Internet of Things in Industries: A Survey," 10 Novebmer 2014. [Online].

Available: [Link] [Link]/10.1109/tii.2014.2300753?msclkid=8fc434bcc63611ec94541f
05aec7bb2a.

C. X. X. Z. Y. Zhang, "SCLPV: Secure Certificateless Public Verification for Cloud-Based

Cyber-Physical-Social Systems Against Malicious Auditors," 1 DECEMBER 2018.
[Online]. Available: [Link]
Certificateless-Public-Verification-Zhang-
Xu/a48627888bbaa822623a83bdb8bab9b42c338cae?msclkid=df1fa9
80c63411ec8f92dd2eb8209336.

46