Forensic Science International: Digital Investigation 42-43 (2022) 301470

Contents lists available at ScienceDirect

Forensic Science International: Digital Investigation

journal homepage: www.elsevier.com/locate/fsidi

A systematic literature review of blockchain-based Internet of Things

(IoT) forensic investigation process models

Alex Akinbi a, *, Aine MacDermott a, Aras M. Ismael b
a
School of Computer Science and Mathematics, Liverpool John Moores University, 3 Byrom Street, Liverpool, L3 3AF, United Kingdom
b
Information Technology Department, College of Informatics, Sulaimani Polytechnic University, Sulaymaniyah, Iraq

a r t i c l e i n f o a b s t r a c t

Article history: Digital forensic examiners and stakeholders face increasing challenges during the investigation of
Received 15 February 2022 Internet of Things (IoT) environments due to the heterogeneous nature of the IoT infrastructure. These
Received in revised form challenges include guaranteeing the integrity of forensic evidence collected and stored during the
13 September 2022
investigation process. Similarly, they also encounter challenges in ensuring the transparency of the
Accepted 15 September 2022
Available online 1 October 2022
investigation process which includes the chain-of-custody and evidence chain. In recent years, some
blockchain-based secure evidence models have been proposed especially for IoT forensic investigations.
These proof-of-concept models apply the inherent properties of blockchain to secure the evidence chain
Keywords:
Blockchain
of custody, maintain privacy, integrity, provenance, traceability, and verification of evidence collected
IoT forensics and stored during the investigation process. Although there have been few prototypes to demonstrate
Digital forensics the practical implementation of some of these proposed models, there is a lack of descriptive review of
IoT these blockchain-based IoT forensic models.
In this paper, we report a comprehensive Systematic Literature Review (SLR) of the latest blockchain-
based IoT forensic investigation process models. Particularly, we systematically review how blockchain is
being used to securely improve the forensic investigation process and discuss the efficiency of these
proposed models. Finally, the paper highlights challenges, open issues, and future research directions of
blockchain technology in the field of IoT forensic investigations.
© 2022 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license
(http://creativecommons.org/licenses/by/4.0/).

1. Introduction around 50 billion IoT devices in use around the world by 2030
(Statista, 2020). Forensic investigators, law enforcement agents,
Internet of Things (IoT) forensics is described as a branch of and legal experts have also taken a significant interest in IoT fo-
digital forensics, where the identification, collection, organization, rensics due to the proliferation of these devices (Chung et al., 2017).
and presentation processes deal with the IoT infrastructures to The always active, always generating characteristic of these devices
establish the facts about a criminal incident (Zawoad and Hasan, makes them excellent digital witnesses, capturing traces of activ-
2015). The proliferation of IoT devices used in smart homes, com- ities of potential use in investigations (Servida and Casey, 2019).
mercial environments, medical facilities, and the energy sector has Digital evidence from IoT devices has also been used in several
led to a paradigm shift and growing interest in IoT forensic criminal cases (BBC, 2018; Hauser, 2017). The inherent vulnerabil-
research. In recent times, we have also witnessed the vast devel- ities of these devices have also made them susceptible to threats by
opment of software applications, gadgets, and virtual assistants cybercriminals who continue to launch highly disruptive and large-
that enable remote monitoring and management of several IoT scale attacks with increasing levels of sophistication (Chernyshev
devices, especially in smart homes (Akinbi and Berry, 2020). By the et al., 2018). Hence, making IoT forensics is crucial to digital in-
end of 2018, there were an estimated 22 billion IoT-connected de- vestigations and incident response for the foreseeable future.
vices in use around the world and forecasts suggest there will be However, the fast pace of development and nature of IoT envi-
ronments brings a variety of forensics challenges which include
evidence identification, collection, preservation, analysis, and cor-
* Corresponding author.
relation (Conti et al., 2018). Forensic examiners have struggled to
E-mail addresses: [email protected] (A. Akinbi), [email protected]. overcome the existing challenges of IoT forensics especially due to
 MacDermott), [email protected] (A.M. Ismael).
uk (A. the nature of complex IoT ecosystems and the lack of a standardized

https://doi.org/10.1016/j.fsidi.2022.301470
2666-2817/© 2022 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).
  MacDermott and A.M. Ismael
A. Akinbi, A. Forensic Science International: Digital Investigation 42-43 (2022) 301470

IoT forensic investigation process. Many of the IoT forensic chal- overview of the research goals, main contributions and research
lenges are well documented in previous studies (Li et al., 2019a; questions. In Section 4, we discuss and present the research
MacDermott et al., 2018; Zhang et al., 2019). Moreover, existing methodology with which the primary studies were selected for the
digital forensic tools and methods do not support newer IoT de- systematic literature review and analysis. Section 5 presents the
vices. These digital forensic tools are plagued by numerous limi- results and summary of key findings from the selected primary
tations and are incapable of fitting with the infrastructure of the IoT studies. In Section 6, we discuss the results of the related research
environment, which is heterogeneous by nature (Ahmed Alenezi questions. Section 7 describes open issues and potential future
et al., 2019; Dawson and Akinbi, 2021). Several IoT forensic research directions. Finally, Section 8 concludes the paper.
models and frameworks have been proposed to address these
challenges and help accomplish a thorough investigation, espe- 2. Related works
cially in smart home environments. However, their implementa-
tion is limited to specific scenarios, scope, and devices. The To the best of our knowledge, there are no studies specifically
diversity of IoT devices running proprietary software, limitation of related to Systematic Literature Reviews (SLRs) of blockchain
device storage, lack of access to evidential data stored on cloud application to IoT forensic investigation models and frameworks.
environments, and variety of native communication protocols used However, there are recent studies that have conducted surveys and
by these devices (Bluetooth Low Energy, Bluetooth, ZigBee, Wi-Fi, SLRs on the application of blockchain to IoT security (Casino et al.,
NFC, RFID, etc.), makes several IoT forensic investigation process 2019; Conoscenti et al., 2016; Salman et al., 2019; Taylor et al.,
models inadequate for digital evidence admissibility in criminal 2020; Yli-Huumo et al., 2016) and IoT forensics in general
proceedings. (Ahmed Alenezi et al., 2019; Atlam et al., 2020; Chernyshev et al.,
These existing IoT forensic investigation models also face new 2018; Hou et al., 2020; Kebande et al., 2020; Kebande and Ray,
challenges including inaccessibility of data from different sources, 2016; Lutta et al., 2021; Stoyanova et al., 2020; Yaqoob et al.,
privacy concerns, privacy laws, data provenances in multiple loca- 2019). These studies provide a valuable reference point to our
tions, evidence transparency and traceability, data analysis of large study and form the basis for understanding how blockchain tech-
volumes of datasets, etc (Li et al., 2019b). Most notably are the nology has been implemented in the IoT research domain. Espe-
difficulties which surround the secure chain of custody due to cially in the field of IoT forensic investigation process models, we
increasing data volatility and complex data transit routes among discuss and examine in this section topics by selected authors that
the IoT architecture (Chernyshev et al., 2018; Hegarty et al., 2014). have influenced our study.
Since IoT forensic evidence data may be gathered from multiple In 2018, Chernyshev and colleagues (Chernyshev et al., 2018)
remote locations, which significantly complicates the mission of conducted a concise review of the state of the art of conceptual
maintaining a proper chain of custody (O'Shaughnessy and Keane, digital forensic models that can be applied to the IoT environment.
2013; Stoyanova et al., 2020). Hence, current research towards new They concluded that the current conceptual IoT forensic process
IoT forensic investigation process models has been proposed to models still require extensive scientific validations in practice and
address these challenges which adopt the use of blockchain tech- do not address the confidentiality and integrity of evidence, espe-
nology. The popularity of blockchain technology and its application cially for IoT environments. They recommend reliable process
has seen a rapid increase in many sections such as finance, smart models will be essential to conduct successful digital forensics in-
contracts, logistics, pharmaceutical industries, and cybersecurity vestigations in IoT environments.
(Taylor et al., 2020). Most importantly in the context of this paper, Alenezi et al. (A. Alenezi et al., 2019) conducted a review of the
its application to IoT forensics. state of the art on IoT forensics in 2019. In the study, they identified
The use of blockchain could enable forensics examiners to and explored several proposed IoT forensic frameworks most
address issues surrounding evidence traceability, transparency, notably the Digital Forensic Investigation Framework for IoT (DFIF-
auditability, and accountability due to the secure and immutable IoT) (Kebande and Ray, 2016) which adheres to the ISO/IEC
nature of cryptographic hash links between blocks and transactions 27043:2015 standard, a Cloud-Centric Framework for isolating Big
(Li et al., 2019b). This allows a secure digital chain of custody among data as forensic evidence from IoT infrastructures (CFIBD-IoT)
trusted IoT devices and architecture. Therefore, creating a guaran- (Kebande et al., 2017) and a Forensic Investigation Framework for
teed transparent method of decentralized preservation of digital IoT Using a Public Digital Ledger (FIF-IoT) (Hossain et al., 2018b)
evidence mitigates the risk that evidence held by a central arbi- amongst others. Although the proposed FIF-IoT framework imple-
trator may be accidently corrupted by examiners or damaged by ments a public ledger using blockchain technology to ensure
malicious insiders. It is important to identify the existing research integrity, confidentiality, anonymity, and non-repudiation of the
specifically related to the application of blockchain technology to digital evidence, the review is not comprehensive and is limited to
the challenges of IoT forensics, to address how several IoT investi- the discussion of only this framework.
gation process models offer solutions to address them. To identify Atlam et al. (2020) conducted a review of state-of-the-art
what research and forensic models have been proposed for block- research and recent studies on IoT forensics investigation process
chain and IoT forensics, it is necessary to map out relevant research models. Interestingly, they highlighted the lack of suitable forensic
papers and scholarly works systematically. tools that can prevent accidental modifications in IoT environment
This paper seeks to focus on existing literature concerning the endpoints and the need for a novel IoT forensic investigation pro-
use of blockchain as a supporting technology for IoT forensic cess method to address these issues. Moreover, they did not review
investigation process models, which includes areas of digital fo- the application of blockchain to IoT forensics. The study indicated
rensics related to evidence authenticity, transparency, traceability, how the use of Artificial Intelligence (AI) can help address some of
integrity, and accountability of forensic evidence and chain of the challenges and issues associated with various stages of digital
custody within a case examination. The main purpose of this study forensics investigation lifecycle such as evidence collection, evi-
is to critically examine existing literature and works on blockchain- dence preservation, analysis, and presentation of the evidence.
based forensic investigation process models and use our under- Similarly, a SLR on the state of IoT forensics was conducted by
standing to develop future research directions. Hou et al. (2020). They found that 8 out of 58 of the research papers
The rest of this paper is organised as follows. Discussion of proposed forensic investigation models for IoT. They highlighted
related works is presented in Section 2. Section 3 provides a brief that although these models are in the early stages and developed
2
  MacDermott and A.M. Ismael
A. Akinbi, A. Forensic Science International: Digital Investigation 42-43 (2022) 301470

based on hypothetical case studies, they still face the challenge of 4. Systematic literature review methodology
maintaining the forensic soundness of digital evidence, especially
for IoT forensics which is a prerequisite for admission in a court of To achieve the objectives of reviewing the most relevant studies
law. However, they discussed two models namely Probe-IoT and answering the research questions, we conducted the SLR under
(Hossain et al., 2018a) and FIF-IoT(Hossain et al., 2018b) which use the guidance published by Kitchenham and Charters. According to
blockchain technology to acquire and preserve evidence in IoT- Kitchenham and Charters (2007), a Systematic Literature Review
based systems. Since 2018, the application of blockchain has (SLR) is “a form of secondary study that uses a well-defined meth-
diversified especially in the field of IoT forensics so our study aims odology to identify, analyse and interpret all available evidence related
to investigate what research studies currently exist specifically to a specific research question in a way that is unbiased and repeat-
regarding IoT forensic investigation process models and blockchain able” (Kitchenham, B. and Charters, 2007).
technology implementation.
Stoyanova et al. (2020) and Lutta et al. (2021)surveyed recent IoT
4.1. Search strings and databases
forensics challenges, approaches, and open issues. They highlighted
the challenges of maintaining IoT forensic evidence chain of cus-
There are numerous publications on blockchain technology and
tody. In the study, they presented a brief overview of a few block-
its application to the IoT forensic investigation process over the
chain-based IoT investigation frameworks that have been proposed
years; it is for this reason that we utilised specific keywords and a
to secure evidence integrity using decentralized blockchain-based
time frame to search the digital libraries specified to obtain the
solutions. Their study provides a valuable start to our study since
primary studies. These criteria are necessary to get the most rele-
the field of digital forensics and IoT forensics advances quickly.
vant and up-to-date resources for this research. The online digital
Therefore, it is essential to consider the most recent research ap-
libraries consulted include IEEE Xplore, Science Direct, ACM Digital
proaches and studies specifically for both theoretical and practical
Library and Springer Link. These digital libraries are appropriate to
blockchain-based IoT forensics models and frameworks as a guide
conduct the searches as they cover the most relevant topics and
to new research activities in the field of IoT forensics.
credible papers in digital forensic science and software engineer-
ing. The libraries were also consulted for simplicity and ease of use.
Therefore, the following search strings and keywords were imple-
mented for initiating the search on each of the online libraries:
3. Research goals and contributions (“blockchain” OR “distributed ledger”) AND (“IoT forensics” OR
“Internet of Things forensics”)
The purpose of this study is to analyse existing studies, their
findings and to summarize the research efforts in the application of
These search strings or keywords above were entered into IEEE
blockchain technology to the IoT forensic investigation process.
Xplore digital library search bar, as well as the Science Direct, ACM
This study focuses on IoT investigation models and frameworks
Digital Library and the Springer Link (with the Boolean operators
that implement blockchain technology to secure the evidence chain
AND/OR used as filters for the searches). Primary studies were
of custody and maintain privacy, integrity, and preservation of
performed by conducting searches using the online digital libraries
forensic evidence collected. To achieve this aim, we developed
on 27th December 2021, to obtain up-to-date academic sources
three research questions that this study attempts to address as
relevant to this study and we considered publications from 1st
presented in Table 1.
January 2018 up to 27th December 2021; to produce the primary
This study complements existing research studies by using an
studies for the Systematic Literature Review.
SLR to identify primary studies related to blockchain-based IoT
forensic investigation models and frameworks up to late 2021. It
also provides an up-to-date study and the current state of IoT 4.2. Search inclusion and exclusion criteria
forensic investigation processes to ensure the integrity of evidence
collection, preservation, and secure chain of custody. The study It was observed that some of the literature returned from the
provides IoT forensic researchers and investigators interested in the search results were irrelevant and outside the scope of this study.
implementation of blockchain technology in IoT forensics, with a Therefore, as part of the SLR guidelines, the method of inclusion
comprehensive review of studies, and presents data to express and exclusion criteria was used to eliminate the irrelevant papers.
ideas and considerations in the realm of blockchain-based IoT The criteria for inclusion were based on the selected paper's rele-
forensic investigation. Finally, this work provides an opportunity vance to blockchain technology and its application to IoT Forensics
for future research works to investigate and address the open issues and IoT Investigation Processes, which must be peer-reviewed and
and challenges to help ensure a secure and reliable blockchain- written in English. The exclusion criteria, on the other hand, were
based IoT forensic investigation process. based on papers that are not relevant to blockchain technology and

Table 1
Research questions.

Research Questions (RQ) Discussion

RQ1. What are the latest blockchain-based IoT forensic There have been notable use cases of blockchain technology in areas such as cryptocurrency, IoT security and
investigation process models? cybersecurity in general. Moving beyond these, this research will identify and review two categories of IoT
forensic investigation process models based on pubic and permissioned blockchain platforms (see Section 6.1).
RQ2. How is blockchain being used to improve the IoT Practical implementation of blockchain has been deployed in ensuring the integrity of recordkeeping, data
forensic investigation process? privacy and security. This will provide an understanding of blockchain technology used to guarantee the
integrity, provenance, privacy, and chain of custody of evidential artefacts collected and stored during IoT
forensic investigations (see Section 6.2).
RQ3. How efficient are the blockchain-based IoT forensic A summary of performance metrics results of selected primary studies with respect to their performance
investigation process models? evaluation comparison criteria is presented (see Section 6.3).

3
  MacDermott and A.M. Ismael
A. Akinbi, A. Forensic Science International: Digital Investigation 42-43 (2022) 301470

its application to IoT Forensics and IoT Investigation Processes.

Other exclusion criteria include duplication of published sources,
papers not peer-reviewed and literature that is not published in
English. The key criteria for inclusion or exclusion of studies are
summarized in Table 2.

4.3. Selection of results

The different databases were searched, and the total results

from the initial searches carried out using the search strings and
keywords on all four online digital libraries generated 6,086 pub-
lications. To further refine the results, further checks using the in-
clusion and exclusion criteria were applied for a more stringent
result. With this process, 3,984 publications were excluded from
the initial search results, bringing the number down to 2,102
publications. Following that, the exclusion criteria based on titles
and abstract was implemented; and as a result, 2,070 publications
were also excluded altogether, bringing the number down to 32
primary studies. The 32 publications were read in full, after which a
further re-application of the inclusion and exclusion criteria,
resulted in the removal of 13 publications. This process brought the
total number of primary studies down to 19 papers.
Further implementation of forward and backward snowballing
(Achimugu et al., 2014; Wohlin, 2014) to search through citations
and references were applied and we identified an additional 4 Fig. 1. Selection of primary studies for the SLR.
papers to include. As a result, the total figure for the number of
papers to be included is 23. second most popular theme which accounts for 29%. The proposed
Finally, the exclusion exercise to refine the results was based on frameworks use blockchain to ensure secure, immutable, traceable,
a quality assessment check which focuses on the selected papers’ and verifiable evidential data collected and stored during IoT
context, date of publication, and relevance to the research ques- forensic investigations. Data Provenance is the third most popular
tions RQ1, RQ2 and RQ3. Hence, the final set of primary studies for theme accounting for 24%, while frameworks that address Privacy
the SLR is 16. Fig. 1 shows the number of publications selected at and Identity Anonymity of stakeholders or participants are 15%.
each stage of the primary studies selection process. These findings also show any framework designed to ensure the
integrity of evidential data and secure chain of custody must also
compensate for the origin of data accessed by multiple stake-
5. Results holders involved with the forensic investigation process (from ev-
idence collection, analysis, examination, and presentation).
These papers were read in full, and the data extraction process Although most of the primary studies are designed specifically for
was carried out on them as summarized in Table 3. The 16 papers IoT forensic investigations, few frameworks appear to be generic
were classified based on the specific aim of addressing the chal- and can be applied to digital investigations processes including IoT,
lenges of securing the evidence chain of custody and maintaining computer and mobile forensic investigations.
privacy, integrity, and preservation of IoT forensic evidence The use of Ethereum blockchain decentralized technology ap-
collected. The themes identified by the studies showed an exten- pears to be the most popular blockchain technology used by the
sive level of blockchain-based IoT forensic frameworks and models majority of the proposed frameworks from the primary studies.
are focused on securing the evidence chain of custody. This is followed by the use of custom distributed ledgers and
Fig. 2 shows the percentages of themes and different applica- Hyperledger blockchain, respectively. Other papers from the pool of
tions of blockchain technology to specific areas of the IoT forensic primary studies were mostly proposing the use of Merkle signa-
investigation process based on the frameworks and models pro- tures for addressing the integrity and data provenance of digital
posed in our final set of primary studies. The themes identified in evidence stored and can be accessed securely during the forensic
the primary studies show that most of the studies use blockchain to chain of custody. In general, all the primary studies reveal the
maintain the secure Chain of Custody (32%). Data Integrity is the

Table 2
Summary of inclusion and exclusion criteria.

Inclusion Criteria Exclusion Criteria

1. The selected paper must be relevant to blockchain 1. The paper focuses on the application of blockchain to IoT security.
technology application
to IoT forensics and IoT forensic investigation process.
2. The paper must also provide a practical or theoretical 2. The paper falls outside the broader field of blockchain technology application to IoT forensics and IoT
application of forensic investigation process.
blockchain to the IoT forensic investigation process.
3. The paper must be peer-reviewed. 3. Papers that are not peer-reviewed.
4. The paper must be written in English language. 4. Papers not written in English and duplicates of published papers.
5. The paper must be published in a conference proceeding or 5. Grey literature (white papers, editorial comments, book reviews, government documents and blog posts)
journal

4
  MacDermott and A.M. Ismael
A. Akinbi, A. Forensic Science International: Digital Investigation 42-43 (2022) 301470

Table 3
Key findings of primary studies.

Primary Qualitative Data Blockchain Technology (Consensus Blockchain Application to IoT forensic
Study Algorithms and/or Blockchain Platforms) Category investigation
(PS)

[PS1] A proof-of-concept blockchain-based IoT forensic chain Custom distributed ledger Public Chain of Custody
framework (IoTFC). The framework provides full data
provenance, privacy, availability, transparency, traceability,
trust, and continuous integrity of IoT forensic artefacts and
evidential data.
[PS2] Blockchain-based IoT forensics framework (BIFF) enhances the Custom distributed ledger & Practical Permissioned Chain of Custody & Privacy and
integrity, authenticity, and non-repudiation properties for IoT Byzantine Fault Tolerance (PBFT) Identity Anonymity
forensic artefacts and evidential data. The proposed framework
also provides anonymity for the digital witness/evidence
submitter from the public.
[PS3] Blockchain-based framework for securely collecting, preserving, Distributed Hyperledger Fabric Permissioned Chain of Custody
and verifying the integrity of digital evidence recovered from
compromised IoT networks.
[PS4] This paper focuses on a proof-of-concept multi-blockchain Proof of Stake (PoS) & Multi-chain Public Data Provenance & Data Integrity
framework that utilizes a cost-efficient approach for blockchain
guaranteeing integrity and validating provenance. The
framework utilizes a combination of low-cost blockchain
networks to temporarily store forensic evidence data before
permanent storage in an Ethereum blockchain network.
[PS5] This study proposes a proof-of-concept IoT forensic Custom distributed digital ledger Public Chain of Custody, Data Provenance
investigation framework (Probe-IoT). The framework is & Integrity
designed to implement the use of a public digital ledger to
ensure the integrity, confidentiality, and non-repudiation of
digital forensic evidence collected during incident response. The
proposed framework is designed to store interactions between
IoT devices and their users and store such evidence securely in a
distributed blockchain network.
[PS6] Like the IoT forensic investigation framework (Probe-IoT), this Proof of Work (PoW) & Ethereum Public Chain of Custody, Data Provenance,
blockchain-based forensic investigation framework for IoT (FIF- Data Integrity & Privacy and
IoT) provides a mechanism to collect digital IoT forensic artefacts Identity Anonymity
stored in the public digital ledger and verify the integrity of the
stored evidence.
[PS7] A generic and scalable blockchain-based framework (Block-DEF) Custom mixed/multi-chain blockchain Permissioned Data Provenance, Chain of Custody,
designed primarily for the scalability, integrity, validity, privacy, based on Practical Byzantine Fault Tolerance Data Integrity & Privacy and
and traceability of digital evidence collected and stored in a (PBFT) Identity Anonymity
trusted cloud storage system.
[PS8] A proposed blockchain-based framework that stores all Proof of Work (PoW) & Ethereum (Geth) Permissioned Chain of Custody & Data Integrity
communications of IoT devices in a blockchain. By leveraging the
use of Bitcoin or Ethereum, the integrity and transparency of the
data can be maintained for forensic investigation purposes.
[PS9] Data provenance and integrity blockchain-based forensic Custom distributed ledger Public Chain of Custody, Data Provenance
framework (TrustIoV), designed for the Internet of Vehicles & Data Integrity
(IoV). The proposed system leverages blockchain technology to
secure the provenance of digital evidence collected from IoV
things.
[PS10] Proposed permissioned blockchain-based framework Custom private digital ledger based on Permissioned Data Provenance, Data Integrity &
(Block4Forensic), that provides integrity and provenance of data Practical Byzantine Fault Tolerance (PBFT) Privacy and Identity Anonymity
and evidence collected from smart and connected vehicles for or Stellar Consensus Protocol (SCP)
post-accident forensic investigation and analyses.
[PS11] Proof of concept generic blockchain-based framework that Ethereum Public Data Provenance & Data Integrity
provides a data provenance system collects from IoT devices and
stores the data in a tamper-proof distributed ledger by
leveraging Ethereum.
[PS12] Proposal for the use of a permissioned blockchain-based Raft, Istanbul Byzantine Fault Tolerance Permissioned Chain of Custody & Data Integrity
framework that offers a secure digital evidence storage system (IBFT) & Ethereum (Geth)
that guarantees digital evidence integrity and admissibility.
[PS13] A generic proof of concept permissioned blockchain-based Hyperledger Composer/Fabric Permissioned Data Provenance, Chain of Custody
framework that enforces integrity, transparency, authenticity, & Data Integrity
security, and auditability of digital evidence chain of custody.
[PS14] The blockchain-based architecture leverages the use of a Proof of Work (PoW) & Ethereum Permissioned Data Provenance, Chain of Custody
blockchain consortium to generate and verify the integrity of & Data Integrity
digital evidence.
[PS15] A proof-of-concept blockchain-based framework (LEChain) that Clique-Proof of Activity (PoA) & Ethereum Permissioned Data Provenance, Chain of Custody,
leverages Ethereum to manage secure access control, privacy, Privacy, Data Integrity & Privacy
transparency, and integrity of the entire chain of evidence in and Identity Anonymity
digital forensic investigations.
[PS16] A proof-of-concept blockchain-based framework, Internet-of- Hyperledger Fabric & Ethereum (Geth) Permissioned Chain of Custody & Privacy and
Forensic (IoF) leverages a private multi-blockchain approach on Identity Anonymity
different layers of the IoT architecture and environment for a
secure evidence chain of custody.

5
  MacDermott and A.M. Ismael
A. Akinbi, A. Forensic Science International: Digital Investigation 42-43 (2022) 301470

pivotal role of blockchain technology in addressing the challenges faster, and energy-efficient compared to the public blockchain.
of maintaining the integrity, confidentiality, verification, and non- Given these, the latest blockchain-based IoT forensic investigation
repudiation of the digital evidence collected and stored during the process models and frameworks are categorized into public and
IoT forensic investigation process. permissioned ones.

6. Discussion of results - Public blockchain-based d Primary studies [PS1], [PS4], [PS5],

[PS9], use a mixture of hybridized blockchain which consists of
The application of blockchain since its inception more than ten custom public distributed digital ledgers. This is due to their
years ago has gone far beyond its use in finance and cryptocurrencies lightweight nature, less resource-intensive processes and
such as Bitcoin and is currently being applied to solve many practical networking to hash blocks of transactions compared to well-
problems. The preliminary keyword search yielded numerous results established platforms like Ethereum adopted by primary studies
on blockchain which shows there is significant and growing interest [PS6], [PS11]. These lightweight blockchain mechanisms are
in the research and application of blockchain technology to provide more suitable for heterogeneous IoT environments considering
practical solutions in many areas such as cloud security (Li et al., the number of nodes that may be required to process hash
2018; Zhu et al., 2019) and IoT security (Khan and Salah, 2018). The blocks and achieve network consensus for public blockchains.
majority of the proposed blockchain-based IoT frameworks from the - Permissioned blockchain-based d Primary studies [PS2], [PS3],
primary studies offer a proof-of-concept application of blockchain in [PS7], [PS8], [P10], [PS12], [PS13], and [PS14], all leverage a
maintaining the integrity, provenance, and secure chain of custody of permissioned blockchain for the blockchain-based IoT forensic
evidential IoT forensic data. investigation process model where the identity and roles of the
Notable exceptions that provide practical implementation authorized forensic investigation stakeholders are known to the
include judicial use case frameworks for secure electronic evidence other stakeholders. It is also managed in a controlled environ-
chain of custody [PS14] and LEChain [PS15]. Both studies demon- ment governed by a consortium that deploys it. However, pri-
strated the practical application of blockchain by building pro- mary studies [PS2], [PS7], [P10], [PS15], and [PS16], are the only
totypes based on the Ethereum platform to conduct their permissioned-based blockchain models that implement pri-
experimental analysis. The proof-of-concept blockchain-based vacy-anonymity mechanisms to address the issue associated
investigation frameworks for the Internet of Things [PS8], [PS11] with the identity of all authorized stakeholders.
and [P16] which are based on the Ethereum platform, also pro-
vided practical implementation using prototypes [PS6] described
the use of a custom distributed public digital ledger but used 6.2. RQ2. How is blockchain being used to improve the IoT forensic
Ethereum for the proof-of-concept experiments. Primary studies investigation process?
[PS7], and [PS9], use custom digital ledgers for their prototypes. In
[PS4], the researchers used a hybrid multi-chain proof-of-work Considering the heterogeneous nature of IoT, the dimensions of
mechanism adopting Stellar and EOS to store evidence data potential evidence collection and the scope of investigations con-
blocks in a central database before writing the calculated hash to tinues to be more challenging. IoT forensic investigations need to
the Ethereum platform. Forensic-Chain [PS13] is the only proof-of- identify, preserve, analyse, and present the digital evidence
work that provided implementation built on an Hyperledger collected from the IoT components in a forensically sound and
Composer prototype. secure manner. From the primary studies, it is clear that the uti-
Overall, the solutions proposed in each framework did not lisation of blockchain technologies did not alter the existing IoT
change the existing IoT forensic investigation process but leverage forensic investigation process but rather leverages the properties of
the properties of blockchain technology to ensure the evidence blockchain for a secure digital investigation process. The inherent
collected and stored during the investigation process is tamper- properties of blockchain technology make it resistant to data
resistant, immutable, and secure. However, the selection of block- modification due to its public ledger and consensus mechanisms.
chain technology and platform used depends on factors such as Based on the applications of blockchain technology to the IoT
privacy, performance, computational cost, energy consumption, forensic investigation process presented from the results of the SLR
practical implementation, and overall efficiency. and the categories identified in RQ1, we discuss how these block-
chain-based IoT investigation process models are applied to
6.1. RQ1. What are the latest blockchain-based IoT forensic improve secure evidence chain of custody, maintain privacy,
investigation process models? integrity, data provenance and preservation of forensic evidence
collected and stored. The latest studies in the SLR suggested the
A public or permissionless blockchain is the most in-depth following application of blockchain as follows:
distributed blockchain system and an untainted decentralized
mechanism (Chen et al., 2020). It is considered to be transparent - Chain-of-custodyd existing digital forensics processes use hash
because it is open to all users and nodes. However, the drawbacks of functions to maintain the integrity and prevent modification of
the public blockchain are that since the system is open to all nodes evidential artefacts, files and disk images collected and stored
and users, it lacks complete privacy and anonymity. This can lead to during digital forensic investigations. If the hash values for the
a weaker network, security of the evidence chain of custody and original and copy are the same, it is highly unlikely that the
traceability of the stakeholders’ identity. Therefore, the admissi- original and copy are not the same. However, the use of hash
bility of digital evidence can be subjected to scrutiny when pre- functions only validates their integrity but not the examination
sented in court. Moreover, anyone can run a node and join the of events in real-time by forensic stakeholders or custodians,
network (Bano et al., 2019). For these reasons, many of the pro- especially for IoT forensics. There is also the probability of hash
posed frameworks in the primary studies opted for a permissioned collisions as most digital extraction tools use either MD5
or private blockchain-based investigation model which is restricted (Message Digest) or SHA (Secure Hash Algorithm) hashing to
to a consortium where all of the identities of all nodes that run the check the integrity of digital evidence. This collision can deny
consensus are known, and only authorized access is permitted. the usage of such digital evidence in a court of law (Lone and
Permissioned blockchain is also considered to be more scalable, Mir, 2019; Rasjid et al., 2017). During the transfer of evidence,
6
  MacDermott and A.M. Ismael
A. Akinbi, A. Forensic Science International: Digital Investigation 42-43 (2022) 301470

technology are one way to make data more trustworthy by

providing tamper-proof information about the origin and history of
evidence data records. Considering the Internet of Vehicles (IoV)
forensics, primary studies [PS9], [P10] describe how investigators
can use the blockchain secure provenance of evidence to establish
facts about road traffic incidents, therefore eliminating the need for
a trusted arbiter. Recording data provenance provides a foundation
for assessing authenticity, enabling trust, and allowing
reproducibility.

- Privacy and identity anonymityd Privacy and identity anonymity

of participants and stakeholders remain a constant challenge
especially in the realm of public blockchains like Bitcoin and
Ethereum for digital forensic investigations since they rely on
data being transparent and verifiable by every participant (Lone
and Mir, 2019; Sigwart et al., 2019). Primary study [PS6], which
utilizes a custom distributed public blockchain, proposed each
blockchain transaction should contain the public keys of the
involved participants in addition to hashes and signatures.
Fig. 2. Blockchain application in IoT forensic investigation process. However, the identities of the parties are not included in the
evidence transaction. Only the blockchain escrow service has
the mapping between identities and public keys. Other primary
hash functions do not provide tamper-proof resistance of digital studies [PS2], [PS7], [PS10], [PS15], and [PS16], proposed the use
evidence from malicious participants or investigators in a way of pseudo-identities to satisfy the anonymity of participants,
that guarantees transparency, traceability, and non-repudiation. stakeholders and evidence custodians using randomized cryp-
tographic hashing techniques and Merkle signatures. To ensure
By leveraging the inherent properties of blockchain technology, the privacy and confidentiality of evidence data stored on the
the entire chain of custody lifecycle in IoT digital forensics can blockchain, primary study [PS15], [PS16], proposed authentica-
guarantee transparency, tamper-resistance, and verifiability. The tion and access control mechanisms to prevent unauthorized
majority of primary studies in this SLR [PS1], [PS2], [PS3], [PS5], entities from accessing blockchain evidence data. Primary study
[PS6], [PS7], [PS8], [PS9], [PS12], [PS13], [PS14], [PS15], [PS16], use [PS15] provides a secure audit trail and authentication using
blockchain to address issues surrounding evidence traceability, group signatures. It ensures privacy and identity anonymity by
auditability, and accountability due to the secure and immutable leveraging anonymous authentication. It also achieves access
nature of blocks and transactions. As new evidence is collected and control by utilizing ciphertext-policy attribute-based
added to the storage medium block, both public and permissioned encryption.
blockchain distributed ledgers ensure an immutable record of the
evidence log and guarantee evidence integrity by detecting any
modification or alteration in the evidence chain. When the evi- 6.3. RQ3. How efficient are the blockchain-based IoT forensic
dence has been submitted, it cannot be modified but can only be investigation process models?
updated by submitting the latest evidence [PS7]. The blockchain is
used to certify the authenticity and legitimacy of the procedures Due to the inherent peer-to-peer and distributed nature of
used to gather, store, and transfer digital evidence, as well as, to blockchain-based transactions, the implementation of blockchain is
provide a comprehensive view of all the interactions in the chain of considered resource-intensive and expensive. Currently, there are
custody [PS1], [PS2], [PS3], [PS7], [PS8]. Primary study [PS12] con- no conventional tools and standards that can provide performance
veys how the chain of custody forms the forensic link of evidence evaluations for different blockchain solutions (Zheng et al., 2019).
sequence of control, transfer, and analysis to preserve evidence However, performance benchmark frameworks for analysing
integrity and prevent its contamination. blockchains such as Blockbench (for permissioned blockchains)
(Dinh et al., 2017) and Hyperledger Caliper (for mixed blockchain
- Data integrity and Data provenanced The decentralized nature solutions) (Hyperledger Caliper, 2021) have been proposed.
of blockchain technologies can well match the needs of integrity Empirical studies on the performance evaluation of blockchain
and provenances of evidence collecting in digital forensics platforms have been carried out, especially for permissioned
across jurisdictional borders [PS1], [PS4], [PS5], [PS6], [PS7], blockchain platforms and are well documented in the study by
[PS8], [PS9], [PS10], [PS11], [PS12], [PS13], [PS14], [PS15], [PS16]. Dabbagh et al. (2021). Performance evaluation of blockchain plat-
These studies leverage blockchain for the provenance of any forms measures different metrics including execution time, latency,
event or data collected to be traced back to where it initially throughput, energy consumption, and scalability.
entered the process in question, hence increasing transparency In our SLR, the performance evaluations for the different pro-
of the audit trail. To ensure data integrity, primary studies [PS5], posed blockchain-based IoT forensic investigation process models
[PS6], and [PS15], propose the hash value of the evidence data be vary significantly and are measured in similar ways including the
signed by the data uploader or participants before it is stored on cost, privacy, and security benefit of their implementation. This is
the blockchain. Primary studies [PS7], [PS12], go further by due to the different consensus algorithms and performance char-
storing the value derived from the hash value of the evidence acteristics of public and permissioned-based blockchain platforms
file name combined with the hash value of the evidence on the used by each proposed model. To increase performance, only the
blockchain. evidence information (signature hashes and metadata) is stored on
the blockchain, while the raw evidence data is stored on a trusted
Data provenance solutions combined with blockchain storage platform or off-chain database [PS3], [PS5], [PS6], [PS7],
7
  MacDermott and A.M. Ismael
A. Akinbi, A. Forensic Science International: Digital Investigation 42-43 (2022) 301470

[PS15]. Primary study [PS4] utilizes hash functions along with blockchain-based IoT forensic investigation process model could
Merkle signatures to reduce cost and data size written to public impact the choice of selection for IoT forensic investigations. Each
blockchains. If the computed Merkle root and the hash value which model has its performance characteristics under various condi-
is saved on the Ethereum platform match, the investigators know tions, and one may outperform the other in terms of a specific
with certainty that the data centre has provided valid or tamper- performance metric. However, the utmost importance of each
proof IoT hash data. They know that the existence of the transaction model is to ensure, authenticity, integrity, transparency, and a
in the blockchain has been validated by different multi-chain secure audit trail of digital evidence as it moves along different
miners and that there is an extensive Proof-of-Work (PoW) or stages of hierarchy in the chain of custody during the forensic
computation time ensuring the integrity of the hash data. The investigation process. The comparison of the performance evalua-
platform infrastructure of the Hyperledger Composer prototype tions conducted by 11 out of 16 selected primary studies is sum-
used in [PS13] outperforms that of a permissioned-based Ethereum marised in Table 4.
prototype used in [PS15] in terms of all performance metrics.
Similarly, experiments conducted in [PS7], which uses the Practical
Byzantine Fault Tolerance (PBFT) consensus algorithm, show that 7. Open issues and future research directions
the IoT forensic investigation process model outperforms the model
proposed in [PS15] which uses Clique, a kind of Proof of Activity Based on the findings and discussion of results (addressing RQ1,
(PoA), as the consensus mechanism based on communication RQ2 and RQ3), we describe several open issues, challenges, and
overhead. future research directions.
A comparison of performance evaluation results between [PS13]
and [PS16] using Hyperledger Caliper as a performance evaluation - Security issuesdThe majority of the proposed blockchain-based
benchmark showed significant differences. The results show that in IoT forensic investigation process models are focused on solving
a 2-organization-1-peer network model with each Send Rate of issues associated with maintaining the integrity and authen-
49tps after 9 and 10 rounds of tests respectively, [PS16] attained ticity of digital evidence generated by billions of IoT devices that
higher throughput and lower latency (Throughput ¼30tps and need to be stored and accessed during a digital forensic inves-
Average Latency ¼9.86 s) compared to [PS13] (Throughput ¼13tps tigation for its admissibility in a court of law. They guarantee
and Average Latency ¼11.85 s). It is worth noting that the primary data provenance, privacy, availability, transparency, traceability,
study [PS16] uses both Hyperledger Fabric and permission based trust, and continuous integrity of IoT forensic artefacts and
Ethereum platform (Go Ethereum/Geth) for their prototype simu- evidential data. The security of the underlying blockchain
lation. However, details of the consensus algorithms’ impact on infrastructure of the proposed models remains an issue and may
performance analysis in both experiments were not taken into be subject to security attacks. It can be observed from Table 3,
consideration. that only a few primary studies implemented access control
In primary studies [PS8] and [PS16], the cost-effectiveness mechanisms to address the issues of unauthorised access by
associated with gas consumption to cover 800 pieces of evidence participants, privacy, and identity anonymity. Details of identity
was conducted. The results highlighted that the price to pay for gas vulnerabilities (replay, impersonation and Sybil attacks) where
consumption for the prototype proposed in [PS16] is approximately an adversary attempts to compromise the identity of blockchain
the same compared to that of [PS8] (0.000000048 Ethereum and users are well documented in the study by Dasgupta et al.
0.00000005 Ethereum respectively). Both experiments assumed (2019). Several real attacks on blockchain systems were
the denomination of Gwei as 1 Gwei is equivalent to 0.000000001 covered extensively by Li et al. (2020). The blockchain in-
Ethereum and 10 Gwei per gas is used for fast transmission. frastructures can also be overloaded by DDoS (Distributed
However, the block size increased from 0.5 KB to 3.34 KB and 0.4 to Denial of Service) attacks which can deplete huge resources of
1.34 KB for primary studies [PS16] and [PS8] respectively. In their the network and make legitimate users unable to respond to
cost analysis, primary study [PS4] proposed the use of multi-chain service requests promptly (Alkurdi et al., 2019; Zheng et al.,
(Stellar and EOS) blockchain platforms as a cheaper alternative to 2019). Due to computation costs, a handful of primary studies
Ethereum. proposed off-chain data storage of IoT evidence data while evi-
In summary, the overall performance of each proposed dence information is stored on the blockchain. Hence, off-chain
data storages are susceptible to malicious attacks, as they do not

Table 4
Summary of performance metrics results from selected primary studies.

Primary Performance Metrics

Study (PS)
Blockchain Blockchain Platform Consensus Algorithm Latency Execution Throughput Energy Computational Scalability
category time consumption cost

[PS4] Public Multi-chain Proof of Stake (PoS) 7 ✓ 7 7 ✓ 7

[PS6] Public Ethereum Proof of Work (PoW) 7 ✓ 7 ✓ 7 7
[PS7] Permissioned Mixed/Multi-chain Practical Byzantine Fault 7 7 7 7 7 ✓
Tolerance (PBFT)
[PS8] Permissioned Ethereum (Geth) Proof of Work (PoW) 7 7 ✓ ✓ ✓ 7
[PS9] Public Custom Not reported 7 ✓ 7 ✓ ✓ 7
[PS11] Public Ethereum Not reported ✓ 7 ✓ 7 7 7
[PS12] Permissioned Ethereum (Geth) Raft and IBFT 7 ✓ 7 7 7 ✓
[PS13] Permissioned Hyperledger Composer/ Not reported ✓ 7 ✓ 7 7 7
Fabric
[PS14] Permissioned Ethereum Proof of Work (PoW) 7 7 7 7 7 ✓
[PS15] Permissioned Ethereum (Geth) Clique-Proof of Activity (PoA) ✓ ✓ ✓ 7 ✓ 7
[PS16] Permissioned Hyperledger Fabric & Not reported ✓ 7 ✓ ✓ ✓ 7
Ethereum (Geth)

8
  MacDermott and A.M. Ismael
A. Akinbi, A. Forensic Science International: Digital Investigation 42-43 (2022) 301470

take advantage of the security, reliability, and transparency 8. Conclusion

properties of the blockchain.
In this paper, we focused on blockchain-based IoT forensic
Therefore, it is essential that studies that include rigorous se- investigation process models. We conducted a systematic literature
curity testing and evaluation be carried out on these proposed review of the latest models and examined how these proposed
models to ensure resilience against attacks and review their impact models are designed to improve the evidence chain of custody,
on the soundness of IoT forensic investigations. maintain privacy, guarantee integrity, provenance, traceability, and
verification of evidence collected and stored during the investiga-
- Performance evaluation issuesd The performance evaluation tion process. Our findings show that most of the blockchain-based
results only highlight the differences between the execution IoT forensic investigation process models are used to improve the
layers of these blockchain-based IoT forensic investigation evidence chain of custody, data integrity, data provenance, privacy,
process models. The details and effect of the consensus algo- and identity anonymity in that order. Our study also revealed that
rithm on the performance evaluation of these models were not the majority of the proposed models are based on permissioned
analysed and presented. A handful of proposed models did not blockchain. We reviewed the efficiency of selected proposed
describe the specific consensus algorithm utilized either. models and prototype proofs-of-concept, based on their perfor-
Moreover, each prototype proposed in the primary studies did mance evaluation results and metrics. Finally, we highlighted
not highlight the versions of Ethereum, Hyperledger Fabric/ challenges, open issues, and potential research directions to
Composer or other blockchain platforms utilized. Studies have address them. Our potential future research agenda includes an
shown the differences between blockchain versions (Dinh et al., empirical evaluation of the security of these proposed blockchain-
2017; Nasir et al., 2018; Pongnumkul et al., 2017) and consensus based IoT forensic investigation models and other newer models in
algorithms (Hao et al., 2018) impact performance metrics. an attempt to address the security issues described in Section 7.
Similarly, performance evaluations based on scalability issues,
the increase in the size of the blockchain and the number of
participants (nodes) interacting with evidence data on the
blockchain platform were addressed only in a few of the primary
studies [PS1],[PS7], [PS8], [PS11], [PS12]. This shows that further Primary studies
performance evaluation research needs to be conducted for the
proposed models as this research area of blockchain application
to IoT forensics is still in its nascent stage.

[PS1] S. Li, T. Qin, G. Min, Blockchain-Based Digital Forensics Investigation Framework in the Internet of Things and Social Systems, IEEE Trans. Comput. Soc. Syst. 6 (2019)
1433e1441. https://doi.org/10.1109/TCSS.2019.2927431.
[PS2] D.P. Le, H. Meng, L. Su, S.L. Yeo, V. Thing, BIFF: A Blockchain-based IoT Forensics Framework with Identity Privacy, in: IEEE Reg. 10 Annu. Int. Conf. Proceedings/
TENCON, 2019. https://doi.org/10.1109/TENCON.2018.8650434.
[PS3] S. Brotsis, N. Kolokotronis, K. Limniotis, S. Shiaeles, D. Kavallieros, E. Bellini, C. Pavue, Blockchain solutions for forensic evidence preservation in iot environments,
in: Proc. 2019 IEEE Conf. Netw. Softwarization Unleashing Power Netw. Softwarization, NetSoft 2019, 2019. https://doi.org/10.1109/NETSOFT.2019.8806675.
[PS4] S. Mercan, M. Cebe, E. Tekiner, K. Akkaya, M. Chang, S. Uluagac, A Cost-efficient IoT Forensics Framework with Blockchain, in: IEEE Int. Conf. Blockchain
Cryptocurrency, ICBC 2020, 2020. https://doi.org/10.1109/ICBC48266.2020.9169397.
[PS5] M. Hossain, R. Hasan, S. Zawoad, Probe-IoT: A public digital ledger based forensic investigation framework for IoT, in: INFOCOM 2018 - IEEE Conf. Comput.
Commun. Work., Institute of Electrical and Electronics Engineers Inc., 2018: pp. 1e2. https://doi.org/10.1109/INFCOMW.2018.8406875.
[PS6] M. Hossain, Y. Karim, R. Hasan, FIF-IoT: A Forensic Investigation Framework for IoT Using a Public Digital Ledger, in: 2018 IEEE Int. Congr. Internet Things, IEEE,
2018: pp. 33e40. https://doi.org/10.1109/ICIOT.2018.00012.
[PS7] Z. Tian, M. Li, M. Qiu, Y. Sun, S. Su, Block-DEF: A secure digital evidence framework using blockchain, Inf. Sci. (Ny). (2019). https://doi.org/10.1016/j.ins.2019.04.011.
[PS8] J.H. Ryu, P.K. Sharma, J.H. Jo, J.H. Park, A blockchain-based decentralized efficient investigation framework for IoT digital forensics, J. Supercomput. 75 (2019) 4372
e4387. https://doi.org/10.1007/s11227-019-02779-9.
[PS9] M. Hossain, R. Hasan, S. Zawoad, Trust-IoV: A trustworthy forensic investigation framework for the internet of vehicles (IoV), in: Proc. - 2017 IEEE 2nd Int. Congr.
Internet Things, ICIOT 2017, 2017. https://doi.org/10.1109/IEEE.ICIOT.2017.13.
[PS10] M. Cebe, E. Erdin, K. Akkaya, H. Aksu, S. Uluagac, Block4Forensic: An Integrated Lightweight Blockchain Framework for Forensics Applications of Connected
Vehicles, IEEE Commun. Mag. (2018). https://doi.org/10.1109/MCOM.2018.1800137.
[PS11] M. Sigwart, M. Borkowski, M. Peise, S. Schulte, S. Tai, Blockchain-based Data Provenance for the Internet of Things, in: Proc. 9th Int. Conf. Internet Things, ACM, New
York, NY, USA, 2019: pp. 1e8. https://doi.org/10.1145/3365871.3365886.
[PS12] L. Ahmad, S. Khanji, F. Iqbal, F. Kamoun, Blockchain-based chain of custody: Towards real-time tamper-proof evidence management, in: ACM Int. Conf. Proceeding
Ser., 2020. https://doi.org/10.1145/3407023.3409199.
[PS13] A.H. Lone, R.N. Mir, Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer, Digit. Investig. 28 (2019) 44e55. https://
doi.org/10.1016/j.diin.2019.01.002.
[PS14] S. Chen, C. Zhao, L. Huang, J. Yuan, M. Liu, Study and implementation on the application of blockchain in electronic evidence generation, Forensic Sci. Int. Digit.
Investig. 35 (2020) 301001. https://doi.org/10.1016/j.fsidi.2020.301001.
[PS15] M. Li, C. Lal, M. Conti, D. Hu, LEChain: A blockchain-based lawful evidence management scheme for digital forensics, Futur. Gener. Comput. Syst. 115 (2021) 406
e420. https://doi.org/10.1016/j.future.2020.09.038.
[PS16] G. Kumar, R. Saha, C. Lal, M. Conti, Internet-of-Forensic (IoF): A blockchain based digital forensics framework for IoT applications, Futur. Gener. Comput. Syst. 120
(2021) 13e25. https://doi.org/10.1016/j.future.2021.02.016.

9
  MacDermott and A.M. Ismael
A. Akinbi, A. Forensic Science International: Digital Investigation 42-43 (2022) 301470

Declaration of competing interest Hauser, C., 2017. In: Connecticut Murder Case, a Fitbit Is a Silent Witness [WWW
Document]. New York Times. https://www.nytimes.com/2017/04/27/nyregion/
in-connecticut-murder-case-a-fitbit-is-a-silent-witness.html. accessed 5.4.20.
The authors acknowledge there is no conflict of interest. Hegarty, R.C., Lamb, D.J., Attwood, A., 2014. Digital evidence challenges in the
internet of things. In: Proceedings of the Tenth International Network Confer-
Data availability ence (INC) 2014, pp. 162e220.
Hossain, M., Hasan, R., Zawoad, S., 2018a. Probe-IoT: a public digital ledger based
forensic investigation framework for IoT. In: INFOCOM 2018 - IEEE Conference
No data was used for the research described in the article. on Computer Communications Workshops. Institute of Electrical and Elec-
tronics Engineers Inc., pp. 1e2. https://doi.org/10.1109/
INFCOMW.2018.8406875
Acknowledgements Hossain, M., Karim, Y., Hasan, R., 2018b. FIF-IoT: a forensic investigation framework
for IoT using a public digital ledger. In: 2018 IEEE International Congress on
Internet of Things (ICIOT). IEEE, pp. 33e40. https://doi.org/10.1109/
This research did not receive any specific grant from funding ICIOT.2018.00012.
agencies in the public, commercial, or not-for-profit sectors. Hou, J., Li, Y., Yu, J., Shi, W., 2020. A survey on digital forensics in internet of things.
IEEE Internet Things J. 7, 1e15. https://doi.org/10.1109/JIOT.2019.2940713.
Kebande, V.R., Ray, I., 2016. A generic digital forensic investigation framework for
References internet of things (IoT). In: 2016 IEEE 4th International Conference on Future
Internet of Things and Cloud (FiCloud). IEEE, pp. 356e362. https://doi.org/
Achimugu, P., Selamat, A., Ibrahim, R., Mahrin, M.N.R., 2014. A systematic literature 10.1109/FiCloud.2016.57.
review of software requirements prioritization research. Inf Softw Technol. Kebande, V.R., Karie, N.M., Venter, H.S., 2017. Cloud-Centric Framework for isolating
https://doi.org/10.1016/j.infsof.2014.02.001. Big data as forensic evidence from IoT infrastructures. In: 2017 1st International
Akinbi, A., Berry, T., 2020. Forensic investigation of google assistant. SN Comput Sci Conference on Next Generation Computing Applications (NextComp). IEEE,
1, 272. https://doi.org/10.1007/s42979-020-00285-x. pp. 54e60. https://doi.org/10.1109/NEXTCOMP.2017.8016176.
Alenezi, Ahmed, Atlam, H., Alsagri, R., Alassafi, M., Wills, G., 2019. IoT forensics: a Kebande, V.R., Mudau, P.P., Ikuesan, R.A., Venter, H.S., Choo, K.-K.R., 2020. Holistic
state-of-the-art review, challenges and future directions. In: Proceedings of the digital forensic readiness framework for IoT-enabled organizations. Forensic Sci.
4th International Conference on Complexity, Future Information Systems and Int.: Reports. https://doi.org/10.1016/j.fsir.2020.100117.
Risk. SCITEPRESS - Science and Technology Publications, pp. 106e115. https:// Khan, M.A., Salah, K., 2018. IoT security: review, blockchain solutions, and open
doi.org/10.5220/0007905401060115. challenges. Future Generat. Comput. Syst. 82, 395e411. https://doi.org/10.1016/
Alenezi, A., Atlam, H.F., Wills, G.B., Alsagri, R., Alassafi, M.O., 2019. IoT forensics: a j.future.2017.11.022.
state-of-the-art review, challenges and future directions. In: COMPLEXIS 2019 - Kitchenham, B., Charters, S., 2007. Guidelines for performing systematic literature
Proceedings of the 4th International Conference on Complexity, Future Infor- reviews in software engineering. In: Technical Report, Ver. 2.3 EBSE Technical
mation Systems and Risk. Report. EBSE. https://www.elsevier.com/__data/promis_misc/
Alkurdi, F., Elgendi, I., Munasinghe, K.S., Sharma, D., Jamalipour, A., 2019. Blockchain 525444systematicreviewsguide.pdf.
in IoT security: a survey. In: 2018 28th International Telecommunication Net- Li, J., Wu, J., Chen, L., 2018. Block-secure: blockchain based scheme for secure P2P
works and Applications Conference, ITNAC 2018. https://doi.org/10.1109/ cloud storage. Inf. Sci. https://doi.org/10.1016/j.ins.2018.06.071.
ATNAC.2018.8615409. Li, S., Li, S., Choo, K.-K.R., Sun, Q., Buchanan, W.J., Cao, J., 2019a. IoT forensics:
Atlam, H.F., El-Din Hemdan, E., Alenezi, A., Alassafi, M.O., Wills, G.B., 2020. Internet amazon echo as a use case. IEEE Internet Things J. https://doi.org/10.1109/
of Things Forensics: A Review. https://doi.org/10.1016/j.iot.2020.100220. JIOT.2019.2906946, 1e1.
Internet of Things 100220. Li, S., Qin, T., Min, G., 2019b. Blockchain-based digital forensics investigation
Bano, S., Sonnino, A., Al-Bassam, M., Azouvi, S., McCorry, P., Meiklejohn, S., framework in the internet of things and social systems. IEEE Trans. Comput. Soc.
Danezis, G., 2019. SoK. In: Proceedings of the 1st ACM Conference on Advances Syst. 6, 1433e1441. https://doi.org/10.1109/TCSS.2019.2927431.
in Financial Technologies. ACM, New York, NY, USA, pp. 183e198. https:// Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q., 2020. A survey on the security of blockchain
doi.org/10.1145/3318041.3355458. systems. Future Generat. Comput. Syst. 107, 841e853. https://doi.org/10.1016/
BBC, 2018. Amazon Asked to Share Echo Data in US Murder Case [WWW Docu- j.future.2017.08.020.
ment]. BBC.co.uk. https://www.bbc.co.uk/news/technology-46181800. accessed Lone, A.H., Mir, R.N., 2019. Forensic-chain: blockchain based digital forensics chain
5.3.20. of custody with PoC in Hyperledger Composer. Digit. Invest. 28, 44e55. https://
Hyperledger Caliper, 2021. Hyperledger Caliper [WWW Document]. https://www. doi.org/10.1016/j.diin.2019.01.002.
hyperledger.org/use/caliper. accessed 4.24.21. Lutta, P., Sedky, M., Hassan, M., Jayawickrama, U., Bakhtiari Bastaki, B., 2021. The
Casino, F., Dasaklis, T.K., Patsakis, C., 2019. A systematic literature review of block- complexity of internet of things forensics: a state-of-the-art review. Forensic
chain-based applications: current status, classification and open issues. Tele- Sci. Int.: Digit. Invest. 38, 301210. https://doi.org/10.1016/j.fsidi.2021.301210.
matics Inf. https://doi.org/10.1016/j.tele.2018.11.006. MacDermott, A., Baker, T., Shi, Q., 2018. Iot forensics: challenges for the Ioa era. In:
Chen, S., Zhao, C., Huang, L., Yuan, J., Liu, M., 2020. Study and implementation on the 2018 9th IFIP International Conference on New Technologies, Mobility and
application of blockchain in electronic evidence generation. Forensic Sci. Int.: Security (NTMS). IEEE, pp. 1e5. https://doi.org/10.1109/NTMS.2018.8328748.
Digit. Invest. 35, 301001. https://doi.org/10.1016/j.fsidi.2020.301001. Nasir, Q., Qasse, I.A., Abu Talib, M., Nassif, A.B., 2018. Performance analysis of
Chernyshev, M., Zeadally, S., Baig, Z., Woodward, A., 2018. Internet of things fo- hyperledger fabric platforms. Secur. Commun. Network. https://doi.org/10.1155/
rensics: the need, process models, and open issues. IT Prof 20, 40e49. https:// 2018/3976093.
doi.org/10.1109/MITP.2018.032501747. O'Shaughnessy, S., Keane, A., 2013. Impact of cloud computing on digital forensic
Chung, H., Park, J., Lee, S., 2017. Digital forensic approaches for Amazon Alexa investigations. In: IFIP Advances in Information and Communication Technol-
ecosystem. Digit. Invest. 22, S15eS25. https://doi.org/10.1016/j.diin.2017.06.010. ogy. https://doi.org/10.1007/978-3-642-41148-9_20.
Conoscenti, M., Vetro, A., De Martin, J.C., 2016. Blockchain for the Internet of Things: Pongnumkul, S., Siripanpornchana, C., Thajchayapong, S., 2017. Performance anal-
a systematic literature review. In: Proceedings of IEEE/ACS International Con- ysis of private blockchain platforms in varying workloads. In: 2017 26th Inter-
ference on Computer Systems and Applications. AICCSA. https://doi.org/ national Conference on Computer Communications and Networks, ICCCN.
10.1109/AICCSA.2016.7945805. https://doi.org/10.1109/ICCCN.2017.8038517, 2017.
Conti, M., Dehghantanha, A., Franke, K., Watson, S., 2018. Internet of Things security Rasjid, Z.E., Soewito, B., Witjaksono, G., Abdurachman, E., 2017. A review of colli-
and forensics: challenges and opportunities. Future Generat. Comput. Syst. 78, sions in cryptographic hash function used in digital forensic tools. Procedia
544e546. https://doi.org/10.1016/j.future.2017.07.060. Comput. Sci. 116, 381e392. https://doi.org/10.1016/j.procs.2017.10.072.
Dabbagh, M., Choo, K.-K.R., Beheshti, A., Tahir, M., Safa, N.S., 2021. A survey of Salman, T., Zolanvari, M., Erbad, A., Jain, R., Samaka, M., 2019. Security services using
empirical performance evaluation of permissioned blockchain platforms: blockchains: a state of the art survey. In: IEEE Communications Surveys and
challenges and opportunities. Comput. Secur. 100, 102078. https://doi.org/ Tutorials. https://doi.org/10.1109/COMST.2018.2863956.
10.1016/j.cose.2020.102078. Servida, F., Casey, E., 2019. IoT forensic challenges and opportunities for digital
Dasgupta, D., Shrein, J.M., Gupta, K.D., 2019. A survey of blockchain from security traces. Digit. Invest. 28, S22eS29. https://doi.org/10.1016/j.diin.2019.01.012.
perspective. J. Bank. Finan. Technol. 3, 1e17. https://doi.org/10.1007/s42786- Sigwart, M., Borkowski, M., Peise, M., Schulte, S., Tai, S., 2019. Blockchain-based data
018-00002-6. provenance for the internet of things. In: Proceedings of the 9th International
Dawson, L., Akinbi, A., 2021. Challenges and opportunities for wearable IoT foren- Conference on the Internet of Things. ACM, New York, NY, USA, pp. 1e8. https://
sics: TomTom Spark 3 as a case study. Forensic Sci. Int.: Reports 3, 100198. doi.org/10.1145/3365871.3365886.
https://doi.org/10.1016/j.fsir.2021.100198. Statista, 2020. IoT Connected Devices Worldwide 2030 [WWW Document]. Statista
Dinh, T.T.A., Wang, J., Chen, G., Liu, R., Ooi, B.C., Tan, K.L., 2017. BLOCKBENCH: a Research Department.
framework for analyzing private blockchains. In: Proceedings of the ACM SIG- Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E., Markakis, E.K., 2020.
MOD International Conference on Management of Data. https://doi.org/10.1145/ A survey on the internet of things (IoT) forensics: challenges, approaches, and
3035918.3064033. open issues. IEEE Commun. Surv. Tutor. 22, 1191e1221. https://doi.org/10.1109/
Hao, Y., Li, Y., Dong, X., Fang, L., Chen, P., 2018. Performance analysis of consensus COMST.2019.2962586.
algorithm in private blockchain. In: IEEE Intelligent Vehicles Symposium, Pro- Taylor, P.J., Dargahi, T., Dehghantanha, A., Parizi, R.M., Choo, K.-K.R., 2020.
ceedings. https://doi.org/10.1109/IVS.2018.8500557. A systematic literature review of blockchain cyber security. Digit. Commun.

10
  MacDermott and A.M. Ismael
A. Akinbi, A. Forensic Science International: Digital Investigation 42-43 (2022) 301470

Netw. 6, 147e156. https://doi.org/10.1016/j.dcan.2019.01.005. for the internet of things. In: 2015 IEEE International Conference on Services
Wohlin, C., 2014. Guidelines for snowballing in systematic literature studies and a Computing. IEEE, pp. 279e284. https://doi.org/10.1109/SCC.2015.46.
replication in software engineering. In: ACM International Conference Pro- Zhang, X., Choo, K.-K.R., Beebe, N.L., 2019. How do I share my IoT forensic experi-
ceeding Series. https://doi.org/10.1145/2601248.2601268. ence with the broader community? An automated knowledge sharing IoT
Yaqoob, I., Hashem, I.A.T., Ahmed, A., Kazmi, S.M.A., Hong, C.S., 2019. Internet of forensic platform. IEEE Internet Things J. https://doi.org/10.1109/
things forensics: recent advances, taxonomy, requirements, and open chal- JIOT.2019.2912118, 1e1.
lenges. Future Generat. Comput. Syst. 92, 265e275. https://doi.org/10.1016/ Zheng, X., Zhu, Y., Si, X., 2019. A survey on challenges and progresses in blockchain
j.future.2018.09.058. technologies: a performance and security perspective. Appl. Sci. 9, 4731. https://
Yli-Huumo, J., Ko, D., Choi, S., Park, S., Smolander, K., 2016. Where is current doi.org/10.3390/app9224731.
research on Blockchain technology? - a systematic review. PLoS One. https:// Zhu, L., Wu, Y., Gai, K., Choo, K.K.R., 2019. Controllable and trustworthy blockchain-
doi.org/10.1371/journal.pone.0163477. based cloud data management. Future Generat. Comput. Syst. https://doi.org/
Zawoad, S., Hasan, R., 2015. FAIoT: towards building a forensics aware eco system 10.1016/j.future.2018.09.019.

11