Blockchain technology at the service of forensic research
Currently, for most crimes, there is at least a piece of digital evidence that is collected and must be examined. However, contrary to physical evidence, digital evidence is very easily manipulated, which perplexes the processes. As a result, the interactions among the different entities are far more complex. Moreover, in most cybercrime cases, the first responders are not from law enforcement agencies (LEAs). The above creates a very heterogeneous mixture of entities that span from the private sector to LEAs and the judicial system across different jurisdictions where different processes are followed. The EU-funded LOCARD project developed a novel platform to model and manage these interactions so that they can be automated and audited.
A modular toolkit that supports cooperation in crime investigation
“We developed, tested, and validated a chain of custody (CoC) platform over a permissioned blockchain to have a common immutable medium to keep track of the progress of an investigation but also to allow entities that do not necessarily trust each other to collaborate,” explains Constantinos Patsakis, project coordinator. “Currently, LOCARD platform is the only CoC platform that can simultaneously provide such functionality with such high-security guarantees.” The platform features a crowdsource module to collect citizen reports of selected violations, a crawler to detect and correlate online deviant behaviour, and a toolkit for investigators that will assist them in collecting online and offline evidence. The immutable storage and identity management system aim to protect privacy and regulate access to evidence data through Fast Identity Online (FIDO) authentication. Users can authenticate themselves by using either hardware FIDO authenticators like USB/BT/NFC security sticks or platform authenticators exploiting Trusted Platform Module (TPM) technology. Blockchain technology assures that information about the evidence cannot be manipulated, allowing simultaneously interoperability without the interference of a trusted third party. The LOCARD platform has many and different beneficiaries as it is meant to be a collaboration platform for LEAs, the private sector, and the judicial system to provide a unique CoC platform. In this regard, one can consider the case that a digital forensics expert/cybersecurity firm commits the evidence that they found in their investigation. The evidence can be used in a court or passed to an LEA who may later request evidence from another LEA abroad or pass the case to them.
The challenges of building a holistic operational platform
Given that LOCARD involves almost 20 different organisations across Europe, the COVID-19 pandemic resulted in many ‘hiccups’ in terms of communication and delivery. As for the actual R&D part of the project, the biggest challenge has been homogenising the diverse policies used by different LEAs. “Of course, we expected many differences when we were writing the proposal; however, when these differences are not just theoretical, and they are subject to the different legal framework of each country, the big differences in what can be accessed, by whom, when, how, from whom the consent must be provided etc., the challenge is significantly augmented,” explains Patsakis. Despite the bottlenecks, though, LOCARD managed to safeguard the integrity and transparency of the cross-jurisdictional CoC. The project’s most recent contribution is a collective response to the EC consultation on the proposed Cyber Resilience Act, prepared along with eight EC projects.
Keywords
LOCARD, evidence, LEA, digital evidence, CoC, crime investigation, operational platform, blockchain technology, chain of custody, law enforcement agencies
