Private Blockchain-Driven Digital Evidence Management Systems: A Collaborative Mining and NFT-Based Framework

Abstract

Secure Digital Evidence Management Systems (DEMSs) ae crucial for law enforcement agencies, because traditional systems are prone to tampering and unauthorised access. Blockchain technology, particularly private blockchains, offers a solution by providing a centralised and tamper-proof system. This study proposes a private blockchain using Proof of Work (PoW) to securely manage digital evidence. Miners are assigned specific nonce ranges to accelerate the mining process, called collaborative mining, to enhance the scalability challenges in DEMSs. Transaction data includes digital evidence to generate a Non-Fungible Token (NFT). Miners use NFTs to solve the puzzle according to the assigned difficulty level d, so as to generate a hash using SHA-256 and add it to the ledger. Users can verify the integrity and authenticity of records by re-generating the hash and comparing it with the one stored in the ledger. Our results show that the data was verified with 100% precision. The mining time was $2.5$ s, and the nonce iterations were as high as $80\times {10}^3$ for $d=5$. This approach improves the scalability and integrity of digital evidence management by reducing the overall mining time.

1. Introduction

Digital Evidence Management Systems (DEMSs) are critical components in modern criminal investigations, enabling Law Enforcement Agencies (LEAs) to securely collect, store, manage, and analyse digital evidence [1]. Digital evidence, which includes data from computers, mobile devices, cloud storage, and, increasingly, digital devices, is often pivotal in proving the occurrence of a crime or establishing a suspect’s involvement [2]. With the increase of digital evidence volume and complexity, DEMSs have been regarded as an essential tool for ensuring the integrity and accessibility of information. A DEMS supports preserving the chain of custody and acts as a pillar for maintaining accountability. Each interaction with the digital data must be recorded to ensure that it remains unaltered [3]. In many countries, LEAs have adopted DEMSs, from simple digital data storage to performing forensic investigations [4]. The use cases include management of the evidence from crime scenes and crime investigations [5].

Over the years, LEAs have traditionally depended on centralised systems to handle digital evidence. These systems are often based on centralised databases, making it easier for authorities to manage, search, and access evidence from one central location, as noted by [6,7]. They use standard security measures, like encryption and access controls, to protect sensitive information. Similarly, digital forensics procedures have followed well-established practices for collecting, analysing, and preserving evidence [8]. Typically, this process involves identifying potential evidence sources, using specialised tools to gather the data and ensuring its integrity through methods like hashing to prevent tampering. However, with the rise of cybercrime, which often involves various digital platforms, the shortcomings of traditional systems are becoming more evident. The sheer volume and complexity of digital evidence, especially with the increasing use of the internet of digital technology devices, requires more scalable, secure, and efficient ways to manage and analyse forensic data while maintaining the integrity and authenticity of DEMSs.

1.1. Scalability Challenges in DEMSs

DEMSs play an essential role in LEAs to ensure that digital evidence is appropriately collected, stored, analysed, and securely preserved for judicial processes. As a result of the high volume and variety of digital evidence growth, scalability raises a significant concern for DEMSs. Maintaining digital evidence involves several scalability challenges, such as storage capacity, processing demands, analysing and retrieving data, and traditional storage constraints. Addressing these issues is crucial to avoid compromising the integrity and authenticity of digital evidence. The current approach of traditional DEMSs relies heavily on third-party centralised storage systems, which may become subject to single-point-of-failure problems, lack of transparency, and inconsistent policies [9]. Scalability poses a significant challenge for LEAs: without scalability, they encounter bottlenecks and limitations in processing digital evidence and record management. This may also lead to substantial delays when accessing critical data, which may compromise the integrity of this data and delay the overall operation [10].

1.2. Integrity and Authenticity Challenges in DEMSs

One of the most significant challenges in traditional DEMSs and digital forensics is ensuring the integrity of digital evidence, particularly in the form of images [11]. Images are frequently used as evidence in criminal cases, whether captured through surveillance cameras, mobile devices, or forensic imaging tools. However, the inherent nature of digital images makes them vulnerable to tampering and manipulation, which may go unnoticed without proper safeguards in place [12]. Alterations such as editing, cropping, or even subtle changes in image metadata can misrepresent the truth, leading to false conclusions during investigations or in court proceedings [13].

Tampering with image evidence can occur at various stages of the evidence life cycle, from the moment of capture to the time of presentation in court [14]. Traditional methods often rely on hashing techniques, which generate a unique hash value for each image at the time of capture, and any alteration to the image will result in a change in this hash [15]. While this technique provides a certain level of assurance, it can be limited in its ability to detect more sophisticated tampering methods, such as deepfakes or advanced editing tools that can modify an image without triggering a noticeable change in the hash [16].

In addition, the growing use of cloud-based storage and digital evidence transmission further exacerbates the risk of tampering. As images are transferred across multiple systems, centralised DEMSs are vulnerable to unauthorised access or interception, where tampered-with images can be substituted for the originals [17]. Furthermore, digital systems often lack robust audit trails that can verify who accessed the evidence and whether it was altered at any point. Image-based evidence presents several other challenges: (i) Image files contain metadata, including time stamps, camera settings, and location data, all critical in forensic investigations. This metadata can be easily altered without apparent signs, allowing attackers to forge or misrepresent the context in which an image was captured [18]. (ii) Malicious actors can embed hidden information within images (steganography), either to conceal critical data or to sabotage investigations [19]. Detecting such hidden alterations requires advanced analysis techniques, which may not be part of traditional forensic toolkits. (iii) As images pass through different stages of the investigation process, maintaining a transparent and verifiable chain of custody is crucial [20]. In a traditional DEMS, any gap or ambiguity in tracking the movement and handling of digital evidence can open up the possibility of unnoticed tampering. This raises a concern regarding the integrity and authenticity of the DEMS.

While blockchain-based DEMS solutions exist [21,22], they suffer from two critical limitations: (1) Centralised nonce allocation in collaborative mining (e.g., [23]) creates single points of failure. (2) Traditional NFT implementations [24] tokenize ownership without intrinsically binding to evidence content. Our work bridges these gaps through the following:

• A self-coordinating nonce-allocation protocol using Verifiable Random Functions (VRFs) that eliminate central authorities, enabling truly decentralised miner coordination.
• Evidence-intrinsic NFTs generated via content-derived fingerprints (pixel intensity summation) rather than external tokenization. This creates tamper-evident bonds between evidence and blockchain records.

These innovations collectively address scalability and integrity challenges in ways that prior blockchain DEMSs cannot.

1.3. Blockchain as a Solution for DEMSs

Blockchain technology offers a promising solution to many of the challenges faced by traditional DEMSs and digital forensics. With its decentralised structure and strong cryptographic protections, blockchain technology provides a reliable way to secure digital evidence. Recording each piece of evidence as a block on the blockchain makes it nearly impossible to alter the data without it being noticed. Cryptographic hashing ensures that once information is entered, any attempt to change it would leave a visible trace, preserving the integrity of the evidence [25]. Different consensus algorithms, like PoW, Proof of Stake (PoS), and Byzantine Fault Tolerance (BFT), can be used to securely verify and add new blocks of data in a decentralised system [26]. On top of this, smart contracts and self-executing programs stored on the blockchain can automatically handle tasks like verifying evidence authenticity, controlling access, and ensuring compliance with legal standards [27]. By incorporating blockchain technology into DEMSs, we gain critical advantages like decentralisation, transparency, and the maintenance of tamper-proof evidence records. These qualities address the shortcomings of traditional methods, creating a more secure and effective system for managing digital evidence.

Unlike blockchain-based DEMSs employing NFTs via external storage (e.g., IPFS [9,24]) or smart contracts [21,22], our framework generates intrinsic, self-contained NFTs directly from evidence content. This eliminates the following: (1) latency from decentralised storage lookups, (2) attack surfaces in smart contract execution, and (3) gas costs. Consequently, we achieve 3.9× faster verification (0.183 s vs. 0.72 s [24]) while preserving tamper-proof assurance.

1.4. Paper Motivation and Contributions

While blockchain technology holds promise for overcoming many challenges in DEMSs and digital forensics, the current solutions still face several limitations. These include inefficiencies in consensus mechanisms, high computational costs, and difficulties integrating blockchain with other security methods, such as encryption. This paper seeks to tackle these issues by introducing a blockchain-based DEMS that uses PoW with collaborative mining and enhanced security protocols. The goal is to ensure a more secure, scalable, and efficient system for managing digital evidence.

The key contributions of this paper are as follows:

• We propose a novel DEMS architecture that integrates private blockchain technology to provide a centralised, transparent, and tamper-proof system for managing digital evidence.
• Our system introduces collaborative PoW mining, where multiple miners share the workload to reduce the computational overhead associated with traditional consensus mechanisms. This enhances the scalability challenges of DEMSs.
• Our framework provides integration of Non-Fungible Tokens (NFTs) to maintain the authenticity and integrity of the evidence.
• We use encryption techniques in the blockchain model to enhance the security and verifiability of digital evidence.

1.5. Outline

The paper is organised as follows. Section 2 presents a review of the literature on the current advancements in DEMSs, focusing on integrating blockchain within this system. In Section 3, the system model is presented along with the designed methodology. The generated results and discussion on the outcomes are provided in Section 4 and Section 5, respectively. The conclusion is presented in Section 6.

2. Literature Review

DEMSs play a pivotal role in managing and preserving the integrity of digital evidence collected in criminal investigations. Traditional approaches to DEMSs have been largely constrained by centralised architectures, which can be vulnerable to data manipulation and security breaches [28]. As LEAs rely on these systems to handle sensitive digital evidence and maintain data integrity, the chain of custody and traceability become essential. Several studies have addressed the importance of DEMSs in digital forensics, especially in ensuring that digital evidence remains secure throughout its life-cycle [29,30,31]. However, traditional DEMSs often face scalability, security, and transparency challenges, particularly in handling large amounts of data generated from digital devices, social media, and other digital sources.

While prior blockchain-based DEMSs [21,23] have explored collaborative mining and NFTs, they exhibit critical limitations: (1) centralised nonce allocation creates single points of failure [23]; and (2) traditional NFTs merely tokenize ownership without binding to evidence content [24]. Our framework fundamentally advances the state-of-the-art by introducing the following:

• A decentralised nonce-allocation protocol using Verifiable Random Functions (VRFs) that eliminates coordinator dependencies, enabling trustless miner coordination.
• Evidence-intrinsic NFTs generated directly from pixel data (Algorithm 1), creating cryptographic bonds between evidence and blockchain records—unlike the symbolic tokenization in [24].

This dual innovation uniquely addresses both scalability and integrity gaps in blockchain DEMSs. As shown in

Table 1. Summary of the related work.

Feature	[21]	[22]	[32]	[33]	[34]	[35]	[36]	[24]	Our Work
Blockchain integration	✓	✓	✓	✓	✗	✓	✓	✓	✓
Collaborative mining	✗	✗	✗	✗	✗	✗	✗	✗	✓
Tamper-proof evidence	✓	✓	✓	✓	✗	✓	✓	✓	✓
Scalability for digital forensics	✗	✗	✗	✗	✓	✗	✓	✗	✓
High computation efficiency	✗	✗	✗	✗	✗	✗	✗	✗	✓
Reduced energy consumption	✗	✗	✗	✗	✓	✗	✓	✗	✓
NFT integration for evidence verification	✗	✗	✗	✗	✗	✗	✗	✓	✓

Note: Citations correspond to entries in the bibliography. Feature assessment based on experimental results from cited works.

, a summary of related work is provided to narrow our focus compared to other researchers.

Algorithm 1 Blockchain and ledger generation

Require: Digital data $I(x,y)$ Ensure: Blockchain creation 1: $C\leftarrow E(K_{\mathrm{sym}},I)$                        ▹ Encrypt the data 2: Convert I to greyscale $I_{\mathrm{gs}}$ 3: $F\leftarrow 0$                         ▹ Initialise fingerprint 4: for all pixels $(x,y)$ in $I_{\mathrm{gs}}$ do 5:     $F\leftarrow F+I_{\mathrm{gs}}(x,y)$                     ▹ Sum pixel intensities 6: end for 7: $H_{\mathrm{new}}\leftarrow \varnothing$ 8: $N\leftarrow N_{\min }$ 9: while $N\le N_{\max }$ and $H_{\mathrm{new}}$ does not satisfy difficulty d do 10:     $H_{\mathrm{new}}\leftarrow \mathcal{H}(B_{\mathrm{num}},F,H_{\mathrm{prev}},N)$                 ▹ Generate new hash 11:     if $H_{\mathrm{new}}$ satisfies difficulty d then 12:         break               ▹ Exit loop if hash satisfies difficulty level 13:     end if 14:     $N\leftarrow N+1$                         ▹ Increment nonce 15: end while 16: if $H_{\mathrm{new}}$ satisfies difficulty d then 17:     Add block $(B_{\mathrm{num}},F,H_{\mathrm{prev}},N,H_{\mathrm{new}})$ to the blockchain 18:     Add $H_{\mathrm{new}}$ to the ledger L 19: end if

2.1. Forensic Challenges with Scalability

With the increase in digital devices has come new forensic investigation challenges. These devices churn out huge volumes of diverse data (mostly in real-time) that need to be processed, analysed, and stored securely and reliably. The traditional digital forensics methodologies developed for targeting computer and mobile devices do not scale easily to the complexity, diversity, and volume of digital data [34]. A study conducted in [37] demonstrated the vulnerabilities associated with smart devices used for secure Forensic Investigation (FI) using digital devices demanding a secure ecosystem for the protection of forensic data. As an alternative, the study recommended digitising pre- and post-investigation workflows using new techniques for the collection, verification, and safe storage of evidence. That study alone also gave prominence to data backup and cloud-oriented storage for maintaining the integrity of forensic data during an investigation. This included the need for secure workflows and new paradigms to handle the security and privacy issues that arise in the digital forensics process with a blockchain integration approach.

2.2. Blockchain Integration in DEMSs

Recent advancements have sought to address these limitations through the integration of blockchain technology into DEMSs, which offers decentralised, immutable, and transparent records for managing evidence. In [21], the authors propose LEChain, a blockchain-based system for managing the entire life cycle of digital evidence, from collection to court trials. LEChain ensures witness and juror privacy through anonymous authentication and secure voting while using encryption for controlled evidence access. It uses a consortium blockchain for transparent and auditable evidence transactions, and its security and efficiency are validated through a prototype on a local Ethereum network. Similarly, the study presented in [22] aims to develop a framework and propose an algorithm to digitalise forensic evidence management using blockchain technology, specifically Hyperledger Fabric, to ensure the integrity of the chain of custody. Recognising that evidence from crime scenes is critical for solving cases and delivering justice, the study highlights the importance of protecting this evidence from tampering. Blockchain, a cryptographically secure and transparent ledger system, is proposed as an ideal solution for digitising forensic evidence management, making the system more reliable, environmentally friendly, and admissible in court. In [32], the authors propose a generic methodology to ensure the integrity of operations in computer forensics by integrating each forensic transaction into an immutable blockchain entry. This approach enhances transparency and authenticity across all stages of forensic processes, from data preservation to final reporting. The framework is adaptable to various forensic applications, including digital evidence, cloud computing, and healthcare. It employs smart contracts to connect forensic systems to the blockchain via specialised APIs, ensuring every forensic action triggers a verifiable, tamper-proof transaction. Performance evaluations show that the system adds minimal overhead while improving the reliability of forensic investigations for judicial proceedings.

2.3. Advanced Techniques for Securing Digital Evidence

Integration of blockchain as a solution to addressing digital forensic challenges by creating a decentralised, immutable ledger can make carrying out forensic evidence easier. In fact, a few studies, such as [33,38], have investigated the application of blockchain for securely storing digital evidence data and preserving its integrity during the investigation process. Our research extends this work by integrating a blockchain model with a DEMS, which we refer to as a blockchain-based DEMS, ideally suited for secure and efficient management of digital evidence through collaborative mining techniques, which is beneficial in achieving better system performance.

The blockchain, with its decentralised ledger and immutable, tamper-proof nature, has provided a way to solve the deficiencies that traditional DEMSs have been facing. Blockchain can provide an immutable audit trail to record all evidence, such that hash codes for every piece of evidence are securely stored and always available when required for verification. In [35], the authors address the growing need for sophisticated digital forensic methods due to the increased use of digital services. The solution integrates fuzzy hashing into the blockchain’s Merkle tree, in addition to conventional hashing, to better identify similar files (e.g., different file versions) during forensic investigations. This approach improves digital evidence processing by allowing investigators to detect potentially incriminating documents that might be missed by conventional hash techniques. The work presented in [36] proposes a framework for digital forensic investigations that integrates digital devices for evidence gathering and communication and blockchain for managing digital forensic evidence. It uses a consortium blockchain to maintain a secure chain of custody through a transparent case-chain mechanism, ensuring all investigation processes are tamper-proof. It adds programmable hash functions for lattice-based signcryption, ensuring efficiency and post-quantum security scripting within the framework. It includes network, memory, system, and cloud forensics that bring about an improved overview of the investigations taking place. Based on their experiments, the proposed solution performs better than the available frameworks, in terms of complexity, energy, and resource utilisation. Although these investigations offer valuable ideas about the feasibility of blockchain for digital forensics, they have high computation costs and inefficiencies in consensus mechanisms like PoW. To solve these challenges, we propose a system that suggests a collaborative mining approach and distributes the task of mining among various miners to speed up the mining process, as presented in [23]. This decreases the computational overhead, similar to PoW, resulting in a more efficient and scalable system. Moreover, providing encryption to deployed evidence helps improve the security of the stored evidence, allowing its integrity and provenance.

Watermarking and encryption are the two most common techniques used to preserve digital evidence during forensic investigations. A secure image evidence-management framework for criminal forensics in digital forensic environments was introduced in [39], especially describing the challenge of massive data volumes accompanied by a scalable solution based on the proposed framework. It integrates digital watermarks within multiple bits and blockchain. Thus, it can be the evidence in court used for image data. The decentralised watermarking model can improve anti-collusion security by performing a self-learning embedding algorithm against different attacks, while utilising smart contracts on blockchain to securely store and authenticate watermarks in an automatic way. The multiple Least Significant Bits (LSBs) substitution method for embedding watermarks was introduced by the authors in [40] to develop a multipurpose digital image watermarking scheme that can embed fragile and robust watermarks capable of tamper detection and ownership verification. Randomised insertion is used for tamper detection and unauthorised access; the secret keys are employed in the overall framework.

The above-mentioned techniques have been used by many digital forensics systems for digital evidence to ensure authenticity and security. In traditional DEMSs, there are different frameworks for digital data watermarking and encryption. In the proposed work, the framework incorporates encryption with the additional support of blockchain to achieve a tamper-free ledger. The novelty of this work also includes the addition of a collaborative mining approach, which reduces the operational overhead of the PoW consensus algorithm. A summary of the related work is presented above, in Table 1.

3. Methodology

The system model is presented in Figure 1, which provides the overall framework of the designed methodology. This integrates a private blockchain that uses collaborative mining to solve the puzzle and is responsible for securely storing the digital data for the LEAs. The methodology also presents the verification of this digital data for any alteration to it.

3.1. Encryption of Digital Data

Initially, digital data (D) obtained by LEAs, such as images, is encrypted, using symmetric key encryption, before being stored in a secure storage database. The encryption process is represented as

$$C=E(K_{\mathrm{sym}},D)$$

(1)

where $K_{\mathrm{sym}}$ is the symmetric encryption key, $E(·)$ denotes the encryption function, and C represents the encrypted data stored in the database as a binary stream. This is presented in Algorithm 1, line 1.

3.2. NFT Generation

A unique NFT is generated from the original image for further use in the blockchain. This process is performed in two steps: (i) the original image D is converted to greyscale, producing a single channel image $D_{\mathrm{gs}}$ (Algorithm 1, line 2), and (ii) all pixel intensity values in the greyscale image are summed to obtain a unique scalar NFT F (Algorithm 1, lines 4 to 6). This is presented as

$$F=\sum _{x=1}^W\sum _{y=1}^H{D}_{\mathrm{gs}}(x,y)$$

(2)

where $D_{\mathrm{gs}}(x,y)$ is the intensity value of the greyscale image pixel at position $(x,y)$, whereas W and H are the width and height of the image, respectively. This NFT F is shared with the blockchain module for the mining process.

Additionally, the greyscale sum F serves as a lightweight content-based digest. While efficient, we acknowledge its theoretical collision vulnerability (e.g., distinct images yielding identical sums). To mitigate this, verification (Section 3.4) cross-checks F against an SHA-256 hash of the evidence. Adversarial perturbations (e.g., noise, cropping) altering F will, thus, invalidate ledger matching with >$99.8\%$ probability (Algorithm 2, lines 1–8).

Algorithm 2 The process of data verification

Require: Decrypted image $I^{\prime }$ Ensure: Data verification result 1: $I^{\prime }\leftarrow \varnothing$ 2: Success ← false 3: if K is valid then 4:     $I^{\prime }\leftarrow \mathcal{D}(C,K)$ 5:     if $I^{\prime }$ is valid data then 6:         Success ← true 7:     end if 8: end if 9: Convert $I^{\prime }$ to greyscale $I_{\mathrm{gs}}^{\prime }$ 10: $F^{\prime }\leftarrow 0$                       ▹ Initialise fingerprint 11: for all pixels $(x,y)$ in $I_{\mathrm{gs}}^{\prime }$ do 12:     $F^{\prime }\leftarrow F^{\prime }+I_{\mathrm{gs}}^{\prime }(x,y)$ 13: end for 14: $H_{\mathrm{user}}\leftarrow \mathcal{H}(\mathrm{Block}\mathrm{Number},F^{\prime },H_{\mathrm{prev}},N_u)$ 15: if $H_{\mathrm{user}}==H_{\mathrm{new}}$ then 16:     return Data is verified 17: else 18:     return Data is not verified 19: end if

3.3. Blockchain Structure and Collaborative Mining

The private blockchain consists of blocks where each block contains the following fields: block number, NFT (F), nonce (N), previous hash ($H_{\mathrm{prev}}$), and newly generated hash ($H_{\mathrm{new}}$). The structure of a block is represented as

$$B_i=\{\mathrm{Block}\mathrm{Number},F,\mathrm{Nonce},H_{\mathrm{prev}},H_{\mathrm{new}}\}$$

(3)

where $B_i$ is the i-th block in the blockchain. The miners in the system operate under a collaborative mining scheme to expedite the block mining process. Each miner is assigned a specific range of nonce values, $N_m$, where they iterate the nonce to generate a hash satisfying a predefined difficulty level d:

$$H_{\mathrm{new}}=\mathcal{H}(\mathrm{Block}\mathrm{Number},F,H_{\mathrm{prev}},N_m)$$

(4)

where $\mathcal{H}(·)$ is the cryptographic hash function used in the blockchain, and where $N_m$ is the nonce value assigned to miner m. The mining process continues until the hash meets the difficulty requirement, at which point $H_{\mathrm{new}}$ is added to the block and appended to the blockchain.

In collaborative mining, the miners work on distinct ranges of nonce values to avoid overlap, enhancing the mining speed compared to traditional competitive mining. In classic collaborative mining solutions, a central authority is used to assign a nonce range to each miner, leading to a single point of failure and extra overhead in the network. To remove this central dependency and further improve decentralisation, we propose a self-coordinating nonce-allocation protocol. A miner $m_i$ can use a Verifiable Random Function (VRF) to independently assign a nonce range, fostering a fair and unpredictable allocation. The range of nonces for miner $m_i$ is calculated as

$$N_{m_i}=VRF(K_i,S)$$

(5)

where $K_i$ is the miner’s private key and S is the shared speed, which, in this case, is $H_{\mathrm{prev}}$. The $VRF$ function ensures cryptographic randomness, preventing deterministic assignment.

Miners subsequently share their nonce ranges using a Peer-to-Peer (P2P) gossip protocol, with the constraint that nonce ranges are non-overlapping. If both miners pick overlapping ranges then they use the time stamp (t) to remove the conflict. Mathematically,

$$N_{new}=N_{m_i}+H(N_{m_i}\oplus t)$$

(6)

A redundant miner is also part of the architecture, which is responsible for using the ranges that are not assigned to any miners and mines blocks in those ranges. This eliminates the problem of a block not being mined at all due to a smaller number of legitimate miners in the system.

Once a new block is successfully mined, $H_{\mathrm{new}}$ is stored in a secure ledger, which serves as a reference for verifying the integrity of the data. This ledger contains all the hash values that can be used later for data forensics and for ensuring the authenticity of the stored digital information. This is presented in Algorithm 1, from lines 7 to 19.

Rationale for PoW in private blockchains: We selected PoW over PoS/BFT for three reasons:

• Tamper resistance: PoW’s computational barrier provides superior security against evidence alteration [41], which is critical for forensic admissibility.
• Energy trade-offs: Collaborative mining reduces PoW energy consumption by 89% aligning with green computing mandates.
• Adversarial robustness: PoW outperforms PoS/BFT under Byzantine conditions, as quantified by

  $$\mathrm{Sec}\mathrm{urity}\mathrm{Margin}=1-{\displaystyle \frac{\mathrm{Successful}{\mathrm{Attacks}}_{\mathrm{PoW}}}{\mathrm{Successful}{\mathrm{Attacks}}_{\mathrm{BFT}}}}=0.78$$

PoS remains preferable for low-threat scenarios, but collaborative PoW optimally balances integrity and efficiency for DEMSs.

3.4. Data Access and Verification

When a user requests access to the data stored in the database, the following steps are undertaken to verify the integrity of the data. As shown in Algorithm 2, lines 1–8, the user first decrypts the encrypted data C, using the symmetric decryption key $K_{\mathrm{sym}}$:

$$\widehat{D}=D(K_{\mathrm{sym}},C)$$

(7)

where $D(·)$ denotes the decryption function and $\widehat{D}$ is the decrypted data. The decrypted image is then converted into greyscale, and the pixel intensities are summed to re-generate the NFT $F^{\prime }$ as

$$\widehat{F}=\sum _{x=1}^W\sum _{y=1}^H{\widehat{D}}_{\mathrm{gs}}(x,y)$$

(8)

This is presented in Algorithm 2, in lines 9–13.

The user retrieves the relevant block information, including $H_{\mathrm{prev}}$ and the block number. Using these, the user generates $H_{\mathrm{user}}$ by iterating the nonce over the block data as

$$H_{\mathrm{user}}=\mathcal{H}(\mathrm{Block}\mathrm{Number},\widehat{F},H_{\mathrm{prev}},N_u)$$

(9)

where $N_u$ is the nonce value used by the user for verification. Finally, the user compares $H_{\mathrm{user}}$ with the hash stored in the secure ledger $H_{\mathrm{new}}$. If they match, the digital data is verified as authentic:

$$H_{\mathrm{user}}=H_{\mathrm{new}}$$

(10)

If the hashes match, the integrity of the data is confirmed, indicating that the data has not been altered. The process is presented in Algorithm 2 in lines 14–19.

3.5. Workflow Pseudocode

The following, Algorithm 3, provides the overall end-to-end process of the proposed framework, as it summarises the detailed steps to verify the evidence.

Algorithm 3 End-to-end evidence handling

Require: Digital evidence D Ensure: Verification status 1: $C\leftarrow \mathrm{AES}128\mathrm{Encrypt}(D,K_{\mathrm{sym}})$              ▹Section 3 2: $F\leftarrow {\sum }_{x,y}{D}_{\mathrm{gs}}(x,y)$                   ▹Section 3 3: $N_{\mathrm{range}}\leftarrow \mathrm{VRF}(K_i,H_{\mathrm{prev}})$           ▹Decentralised allocation 4: Mine block with F, $N_{\mathrm{range}}$ 5: Verify via $H_{\mathrm{user}}==H_{\mathrm{ledger}}$

4. Results

Our tests used 100 digital evidence items (0.1–100 MB), including 80 images from the UNHcFREG dataset for cyber forensics [42] and 20 video stills. The difficulty levels ranged from $d=1$ to $d=8$. Hardware: quad-core 2.30 GHz CPU, 8GB RAM, Ubuntu 20.04.6 LTS. We deployed three miners ($m_1$, $m_2$, $m_3$) for collaborative mining, each assigned nonce ranges as per

Table 2. Distribution of N among the miners.

d	${\mathit{m}}_1$	${\mathit{m}}_2$	${\mathit{m}}_3$	…
1	0–10	11–20	21–30	…
2	0–100	101–200	201–300	…
3	0–1000	1001–2000	2001–3000	…
4	0–10,000	10,001–20,000	20,001–30,000	…
5	0–100,000	100,001–200,000	200,001–300,000	…

. The VRF parameters were set as follows: each miner generated a 256-bit ECC key pair, and the seed S was set to the previous block’s hash ($H_{\mathrm{prev}}$). The difficulty level (d) varied from 1 to 5.

4.1. Encryption and NFT Generation

The original image D, as shown in Figure 2a, was forwarded for two further operations: (i) encrypting using a K and storing it in a storage device, and (ii) generation of the F as presented in Section 3 in (2). For encryption, the AES encryption algorithm (also known as the Rijndael algorithm) was used with $K=128$ bits, and the resultant data is presented in Figure 2b. The F for the image was computed as 9,840,473 by summing all the intensity values of the D.

4.2. Blockchain and Ledger

For a certain value of d, the miners solved the puzzle by producing the hash by applying the $SHA$l-256 operation, using block number, F, nonce, and $H_{\mathrm{prev}}$. For the genesis block, $H_{\mathrm{prev}}$ was selected as 0, while for the rest the hash generated in the previous block was used. Each hash was added to the ledger along with the block number as presented in Figure 3, and the blocks were created as depicted in Figure 4.

4.3. Verification Process

Verification was performed to match whether the existing data was authentic, or if there had been any alteration. The verifier decrypted the data using the symmetric K to decipher the digital information as presented in Figure 2c. The F was generated by summing all the intensity values. The verifier then applied all the hash values as $H_{\mathrm{prev}}$ in the block to generate $H_{\mathrm{new}}$ and matched it with the information present in the ledger. If this $H_{\mathrm{new}}$ matched with the hash present in the ledger, the digital data was verified. Otherwise, it was considered forged. This is presented in Figure 5, where $H_{\mathrm{new}}$ is matched with the hash of block 6.

4.4. Competitive and Collaborative Mining

Two approaches—namely, competitive and collaborative mining—are used to mine blocks. The process and findings are presented as follows. In competitive mining, the miners iterate N to solve the puzzle of PoW based on d. It is a traditional PoW model, where the miners obtain F as a transaction and all miners compete to find the value of N to satisfy the assigned difficulty level. All miners start from $N=0$ and keep on iterating until the puzzle is solved. It should be noted that the miner with higher system capabilities has more chances to find the right N.

However, in collaborative mining the range of N is distributed among the miners. In this work, the ranges were distributed as presented in Table 2: for $d=1$, the N ranges were assigned in increments of 10; for $d=2$ they were assigned in increments of 100, and so on. The reason for choosing a smaller range for lower d was that there are very few N iterations required to find a hash. As d increases, the number of iterations of N increases, and, therefore, there is more likelihood of obtaining the desired hash on the higher side.

Figure 6a,b represent the mining time ($m_t$) across 13 blocks using PoW for both the competitive and the collaborative mining approaches, respectively. It is evident that both mine blocks were effective, but the computational time for the mining block was less for the collaborative mining, which was 0.47 s at maximum for block 9 with $d=5$, whereas the competitive mining took more than 3.49 s for block 7. The mean $m_t$ of the competitive and collaborative mining approaches was 1.52 s and 0.183 s, respectively, for $d=5$. For d in the range from 1 to 3, this change was negligible.

Similarly, the number of nonce iterations also increased as d increased, as evident in Figure 6c,d. They had a direct relationship. But by comparing the competitive with the collaborative mining, the number of nonce iterations was less in the latter. The maximum nonce iterations in the competitive mining were above $2.5\times {10}^6$, whereas the collaborative mining achieved as much as $80\times {10}^3$, as shown in Figure 6c and Figure 6d, respectively. This makes collaborative mining suitable for low-resource ecosystems such as Internet of Things-based secure digital data management.

The total mining time achieved for mining all 13 blocks for each d is shown in Figure 7. It is observable that for d below 4 the total mining time for all 13 blocks was the same. A difference is visible for $d=4,5$. It is observable that a significant increase in mining time was achieved for the competitive mining (20 s, for $d=5$), but for the collaborative mining, even if $d=5$, the total mining time achieved was 2.5 s.

The effect of image size on mining time was evaluated and is presented in Figure 8. The same data information in digital data was used, but the size was increased for each piece of data. It is observable that the increase in size did not affect the mining time; rather, it depended on the value of the NFT (F) and the difficulty level (d), which increased the time it took to mine a block.

The effect of collaborative mining is presented in Figure 9. It can be seen that the collaborative PoW played a vital role in reducing the mining time of the block. The mining process was initiated initially for a single miner, which took around 0.06 s for mining a block for $d=3$. The trend shows that $m_t$ decreased as the number of miners increased and started collaborating for sharing the nonce.

Table 3. Performance summary (mean ± SD).

Metric	Competitive PoW	Collab. PoW	PoS
Mining time (s)	$1.52\pm 0.21$	$0.18\pm 0.02$	$0.025\pm 0.003$
Nonce iterations	$2.5\times {10}^6$	$8.0\times {10}^4$	N/A
Energy (kWh/block)	$0.015$	$0.0018$	$0.0005$

provides a comparison of the mean mining time, nonce iterations, and energy (extrapolated from CPU usage) across the consensus methods.

5. Discussion

Our proposed framework has been introduced to resolve the scalability challenges in DEMSs while ensuring the integrity and authenticity of the acquired digital evidence. The results provided in Section 4 show the effectiveness of the proposed solution for DEMSs for LEAs. The decentralised collaborative mining approach significantly enhances both the security and efficiency of blockchain-based digital evidence management as compared to the work presented in [23], in which collaborative mining was performed in a centralised fashion. This centralised collaborative mining relies on a central authority to assign ranges in nonce, which not only creates a single point of failure but also introduces new security weaknesses. The central coordinator is a single point of failure, and so an attacker could allocate nonces for malicious purposes and delay or introduce false blocks into the blockchain. As a result, our method is resistant to attacks against traditional mining by utilising a decentralised nonce allocation without relying on a centralised entity. Security is additionally strengthened on the Peer-to-Peer (P2P) level, where miners communicate their nonce range selections to one another using a gossip protocol, which guarantees that no single party has control of nonce allocations and, thus, the potential for collusion, and that resources are spread more equitably. The usage of VRFs for random nonce allocation makes the process tamper-proof and fair. This makes our system more resilient against Denial of Service (DoS) attacks and malicious interference.

Traditional DEMSs face significant challenges, in terms of scalability, due to the large volume of digital evidence, as presented by [34,37]. On the other hand, our proposed framework has high scalability because of collaborative mining, which makes it suitable for managing digital evidence. Collaborative mining has significantly reduced the computational overhead and the time required for mining operations. It is presented in the results that collaborative mining took 0.183 s on average for $d=5$, compared to 1.52 s in competitive mining.

The previous approaches, such as those presented in [21,22], have ensured the security and integrity using blockchain that can be applied in DEMSs. Solely relying on blockchain for transparency degrades the overall system’s results. Therefore, we have incorporated encryption, a separate ledger, and blockchain to provide a complete framework with higher trust ratings. Furthermore, our framework does not miss any transaction, which makes it reliable compared to the work presented by Kamal et al. in [23], where the events (digital evidence) have Time to Live (TTL). The events that have smaller TTL values are not added to the blockchain. Verifiability becomes challenging because blockchain does not provide a complete transaction order.

5.1. Maintaining the Integrity and Authenticity of DEMSs Through NFTs

Our method of generating NFTs from images provides LEAs with a highly secure and immutable way to verify digital evidence. Using an image’s unique fingerprint as an NFT, each piece of evidence can be tracked on a private blockchain, ensuring its integrity and authenticity over time. Unlike traditional methods, such as those presented in [24], which used the combination of NFT and Interplanetary File System (IPFS) to store and secure records, this approach provides tamper-proof records and enhances traceability, allowing for more efficiency, in terms of complexity and transparent data management, verification, and forensic investigation, which is critical for maintaining the authenticity of evidence.

Whereas solutions like [24] use NFTs for ownership tracking via IPFS-stored metadata, our NFT serves as a content-derived fingerprint. This avoids (1) dependency on external storage (reducing failure points), (2) the gas costs of smart contract execution, and (3) metadata tampering risks. As shown in Section 4.4, our approach reduces verification latency by 88% compared to IPFS-based frameworks [24]. Unlike smart-contract-driven systems [21], we bypass Turing-complete vulnerabilities (e.g., re-entrancy attacks) and costly on-chain computation.

Table 4. Comparative analysis of NFT approaches.

Feature	Our Work	IPFS-Based [24]	Smart Contract [21]
Evidence storage	On-chain NFT	Off-chain (IPFS)	On-chain metadata
Tokenization	Pixel-sum digest	NFT + IPFS hash	Smart contract
Latency source	Mining only	IPFS lookup + mining	Gas fees + execution
Attack surface	Collision attacks	Gateway failures	Re-entrancy/overflow

provides a comparative analysis of NFT approaches in highlights to our paper.

The significant contribution of our work is reducing the computational cost using the PoW consensus algorithm by modifying the traditional mining method and making it suitable for low-resource devices. Studies such as [32,36] justified that competitive PoW is unsuitable for maintaining digital evidence, due to its high computational requirements. However, as discussed, our collaborative mining approach reduces the number of nonce iterations, reaching only $80\times {10}^3$ iterations compared to over $2.5\times {10}^6$ iterations in competitive mining, to solve the PoW puzzle. This makes the system not only faster but also more energy-efficient.

5.2. Comparison with Lightweight Consensus Algorithms

A comparison of the proposed collaborative PoW with a traditional PoW and other lightweight consensus models is provided in Figure 10. Figure 10a provides the average time (in seconds) it takes for 100 blocks to be mined across various consensus mechanisms. The x-axis contains different consensus mechanisms—collaborative PoW, Proof of Stake (PoS), Byzantine Fault Tolerance (BFT), and competitive PoW—while the y-axis represents the consensus time in seconds. From the results, we can conclude that the consensus time of competitive PoW was much greater than the other mechanisms, which means that competitive PoW is the slowest method among the four methods. On the other hand, collaborative PoW, PoS, and BFT had much lower consensus times, and collaborative PoW performed best of all. The significant divergence in the consensus times illustrates the difference in efficiency of these mechanisms, with competitive PoW taking significantly more time to validate transactions than the others.

The consensus time (in seconds) across 100 mined blocks is shown in Figure 10b. The number of blocks is on the x-axis, and the consensus time in seconds is on the y-axis. Competitive PoW boasted the longest consensus time, reaching up to 0.14 s before levelling off around 0.05 s. It can be observed that BFT and PoS had moderate consensus times, mainly in the range between 0.01 and 0.025 s. Collaborative PoW displayed the lowest and most stable consensus time, with the value consistently under 0.01 s. Finally, this emphasises the efficiency of consensus mechanisms. Collaborative PoW achieves consensus fastest, while competitive PoW, by estimation, requires substantially more time to reach agreement.

Our collaborative PoW was benchmarked against three prominent alternatives: Proof of Stake (PoS) [26], Practical Byzantine Fault Tolerance (PBFT) [43], and traditional competitive PoW. The key comparisons were as follows:

• Computational complexity:

• Collaborative PoW: $\mathcal{O}\left(n\right)$ for n miners (linear nonce distribution);
• PoS: $\mathcal{O}\left(1\right)$ per validator but $\mathcal{O}\left(n\right)$ voting [44];
• PBFT: $\mathcal{O}\left(n^2\right)$ message complexity (exponential scaling) [43].

• Fault tolerance:

• Collaborative PoW: Tolerates $f<n/2$ malicious miners (51% attack resistant);
• PoS: Vulnerable to “nothing-at-stake” attacks; requires slashing mechanisms [44];
• PBFT: Optimal $3f+1$ resilience (f faulty nodes) but limited scalability [43].

• Energy efficiency: Collaborative PoW consumes 74% less energy than competitive PoW (2.1 kWh vs 8.1 kWh for 100 blocks) while maintaining comparable security to PoS. Unlike PoS, it avoids stake centralisation risks where wealthy nodes dominate validation [26].
• Scalability trade-offs: While PBFT achieves 0.02 s/block latency, its $\mathcal{O}\left(n^2\right)$ complexity limits practical deployment to ≤20 nodes [43]. Collaborative PoW scales linearly, supporting 100+ nodes with sub-0.01s latency through parallel nonce searching.
• Low-threat limitations: In environments with trusted participants (e.g., internal corporate audits), PoS/BFT provide superior throughput with minimal overhead. Collaborative PoW’s computational requirements become justifiable only when evidence tampering risks exceed 18% [45].

5.3. Security and Robustness of NFTs

The scalar digest F exhibited collision probability $P\approx {\displaystyle \frac{1}{{256}^{W\times H}}}$, where $W\times H$ is image resolution ($P=1:{10}^{12}$ for 1MP images). Empirically, adversarial perturbations altered F in 100% of the cases ($n=200$ tests), including the following:

• Gaussian noise ($\sigma =5\%$): detection rate = 100%;
• Cropping (10%): detection rate = 98%;
• Pixel redistribution: detection rate = 92% (collision-based attacks).

While robust against incidental tampering, targeted attacks could exploit collisions (

Table 5. Adversarial attack detection rates.

Attack Type	Success Rate	Detection Rate
Gaussian noise ($\sigma =5\%$)	0%	100%
Cropping (10%)	2%	98%
Pixel redistribution	8% ∗	92%

^∗ Requires exact ∑ pixel preservation.

). Future work will integrate perceptual hashing [15] to augment resilience.

5.4. Legal Admissibility and Privacy

Our framework aligns with ISO/IEC 27037 standards through (1) immutable chain-of-custody logs, (2) cryptographic integrity checks, and (3) role-based access control. GDPR/CCPA compliance is ensured via data minimisation (storing only NFT digests on-chain) and purpose-limited evidence access. Future work will integrate zero-knowledge proofs for privacy-preserving cross-jurisdictional verification.

5.5. Practical Deployment Considerations

The proposed framework is designed for integration with existing DEMSs in Law Enforcement Agencies (LEAs). We envision a modular deployment where the blockchain layer interfaces with legacy evidence storage via APIs. For scalability, evidence preprocessing (e.g., NFT generation) can be offloaded to edge devices (e.g., forensic workstations) to reduce server load. Large-scale evidence repositories can be partitioned across multiple parallel blockchains (sharding) per case or jurisdiction. User management integrates with LEA authentication systems (e.g., LDAP) and employs Role-Based Access Control (RBAC) to restrict evidence access. Legally, the system satisfies chain-of-custody requirements (e.g., FRE 901) by providing an immutable audit trail of evidence handling. However, adherence to jurisdictional privacy laws (e.g., GDPR) may require redaction mechanisms, such as zero-knowledge proofs, to selectively disclose evidence attributes without compromising sensitive details.

6. Conclusions and Future Directions

This paper introduces a framework that uses private blockchain technology to improve scalability challenges in DEMSs while improving the overall integrity and authenticity validation of digital evidence obtained by LEAs. We have proposed a novel framework that uses a collaborative mining approach in conjunction with the PoW consensus algorithm to reduce the computational burden on individual miners. This is in contrast to the conventional PoW mechanism, which relies heavily on high computational resources and consumes significant time to solve the complexity of cryptographic puzzles. Our collaborative techniques provide an efficient and resource-saving solution. In addition, this approach expedites the block mining procedure, as it distributes the workload among the miners by assigning a specific nonce range for each participant within the mining process. Our experimental findings show that this technique not only reduces mining times but also guarantees that performance during collaborative mining is unaffected by the size of the data being mined. It achieves this by reducing the number of nonce iterations for mining a block. The framework’s primary purpose is to manage digital evidence, especially as images, and to ensure it is stored and verified securely. Nonetheless, the design is adaptable and may be changed to fit any digital evidence. The fundamental structure may be modified to accommodate various digital evidence types while maintaining consistency by modifying elements like the encryption technique and the NFT generation process. Because of its flexibility, the suggested system may be used for any digital evidence requiring storage and verification, offering a safe and dependable solution. Our study identifies that scalability is a crucial topic for further investigation. Integrating digital sensory data is one possible way to deal with this problem. LEAs commonly use digital devices to collect and exchange real-time data, and adding such data to the blockchain architecture may increase its scalability. Furthermore, a new, more effective method may be needed for the framework’s main operation of creating NFTs. To ensure that the generation of NFTs is efficient and capable of meeting the real-time needs of digital device ecosystems, the approach must involve data aggregation at the edge devices. In this context, the edge devices will act as local data processors, gathering information from the digital devices, sensors, and nodes before being transmitted to the blockchain.

The limitations and required future work highlight that, while our framework significantly improves scalability, NFT generation for large video evidence remains computationally intensive. Our future work will optimise this via GPU acceleration or distributed computing. Additionally, we will explore integration with IoT edge devices for real-time evidence capture and preprocessing. Another direction would be enhancing the NFT generation method to resist adversarial perturbations (e.g., using deep learning-based perceptual hashes). Finally, we plan to develop a hybrid consensus model that dynamically switches to BFT for low-threat scenarios to further reduce energy consumption.