Search Results (37)

In recent years, the convergence of advanced technologies has enabled real-time data access and sharing across diverse devices and networks, significantly amplifying cybersecurity risks. For organizations with digital infrastructures, network security is crucial for mitigating potential cyber-attacks. They establish security policies to protect systems and data, but employees may intentionally or unintentionally bypass these policies, rendering the network vulnerable to internal and external threats. Detecting these policy violations is challenging, requiring frequent manual system checks for compliance. This paper addresses key challenges in safeguarding digital assets against evolving threats, including rogue access points, man-in-the-middle attacks, denial-of-service (DoS) incidents, unpatched vulnerabilities, and AI-driven automated exploits. We propose a Blockchain-Enhanced Network Scanning and Monitoring (BENSAM) Framework, a multi-layered system that integrates advanced network scanning with a structured database for asset management, policy-driven vulnerability detection, and remediation planning. Key enhancements include device profiling, user activity monitoring, network forensics, intrusion detection capabilities, and multi-format report generation. By incorporating blockchain technology, and leveraging immutable ledgers and smart contracts, the framework ensures tamper-proof audit trails, decentralized verification of policy compliance, and automated real-time responses to violations such as alerts; actual device isolation is performed by external controllers like SDN or NAC systems. The research provides a detailed literature review on blockchain applications in domains like IoT, healthcare, and vehicular networks. A working prototype of the proposed BENSAM framework was developed that demonstrates end-to-end network scanning, device profiling, traffic monitoring, policy enforcement, and blockchain-based immutable logging. This implementation is publicly released and is available on GitHub. It analyzes common network vulnerabilities (e.g., open ports, remote access, and disabled firewalls), attacks (including spoofing, flooding, and DDoS), and outlines policy enforcement methods. Moreover, the framework anticipates emerging challenges from AI-driven attacks such as adversarial evasion, data poisoning, and transformer-based threats, positioning the system for the future integration of adaptive mechanisms to counter these advanced intrusions. This blockchain-enhanced approach streamlines security analysis, extends the framework for AI threat detection with improved accuracy, and reduces administrative overhead by integrating multiple security tools into a cohesive, trustworthy, reliable solution. Full article

The rapid advancement of social media and the exponential increase in online information have made open-source intelligence an essential component of modern criminal investigations. However, existing digital forensics standards mainly focus on evidence derived from controlled devices such as computers and mobile storage, providing limited guidance for social media–based intelligence. Evidence captured from online platforms is often volatile, editable, and difficult to verify, which raises doubts about its authenticity and admissibility in court. To address these challenges, this study proposes a systematic and legally compliant open-source intelligence framework aligned with digital forensics principles. The framework comprises five stages: identification, acquisition, authentication, preservation, and validation. By integrating blockchain-based notarization and image verification mechanisms into existing forensic workflows, the proposed system ensures data integrity, traceability, and authenticity. The implemented prototype demonstrates the feasibility of conducting reliable and legally compliant open-source intelligence investigations, providing law enforcement agencies with a standardized operational guideline for social media–based evidence collection. Full article

Permissionless blockchains have evolved beyond cryptocurrency into foundations for Web3 applications, decentralized finance (DeFi), and digital asset ownership, yet this rapid expansion has intensified privacy vulnerabilities. This study provides a comprehensive review of recent trends, emerging privacy threats, and mitigation strategies in permissionless blockchain ecosystems. We examine six developments reshaping the landscape: meme coin proliferation on high-throughput networks, real-world asset tokenization linking on-chain activity to regulated identities, perpetual derivatives exposing trading strategies, institutional adoption concentrating holdings under regulatory oversight, prediction markets creating permanent records of beliefs, and blockchain–AI integration enabling both privacy-preserving analytics and advanced deanonymization. Through this work and forensic analysis of documented incidents, we analyze seven critical privacy threats grounded in verifiable 2024–2025 transaction data: dust attacks, private key management failures, transaction linking, remote procedure call exposure, maximal extractable value extraction, signature hijacking, and smart contract vulnerabilities. Blockchain exploits reached $2.36 billion in 2024 and $2.47 billion in the first half of 2025, with over 80% attributed to compromised private keys and signature vulnerabilities. We evaluate privacy-enhancing technologies, including zero-knowledge proofs, ring signatures, and stealth addresses, identifying the gap between academic proposals and production deployment. We further propose a Secure Development Lifecycle framework incorporating measurable security controls validated against incident data. This work bridges the disconnect between privacy research and industrial practice by synthesizing current trends, providing insights, documenting real-world threats with forensic evidence, and providing actionable insights for both researchers advancing privacy-preserving techniques and developers building secure blockchain applications. Full article

Industrial Internet of Things (IIoT) systems face severe security and trust challenges, particularly under cross-domain data sharing and federated orchestration. We present QuantumTrust-FedChain, a cyber-resilient federated learning framework integrating quantum variational trust modeling, blockchain-backed provenance, and Byzantine-robust aggregation for secure IIoT collaboration in 6G networks. The architecture includes a Quantum Graph Attention Network (Q-GAT) for modeling device trust evolution using encrypted device logs. This consensus-aware federated optimizer penalizes adversarial gradients using stochastic contract enforcement, and a shard-based blockchain for real-time forensic traceability. Using datasets from SWaT and TON IoT, experiments show 98.3% accuracy in anomaly detection, 35% improvement in defense against model poisoning, and full ledger traceability with under 8.5% blockchain overhead. This framework offers a robust and explainable solution for secure AI deployment in safety-critical IIoT environments. Full article

Digital currencies, led by Bitcoin and USDT, are characterized by decentralization and anonymity, which obscure the identities of traders and create a conducive environment for illicit activities such as drug trafficking, money laundering, cyber fraud, and terrorism financing. Focusing on the USDT-TRC20 token on the Tron blockchain, we propose a two-layer transaction network-based approach for virtual currency address identity recognition for digging out hidden relationships and encrypted assets. Specifically, a two-layer transaction network is constructed: Layer A describes the flow of USDT-TRC20 between on-chain addresses over time, while Layer B represents the flow of TRX between on-chain addresses over time. Subsequently, an identity metric is proposed to determine whether a pair of addresses belongs to the same user or group. Furthermore, transaction records are systematically acquired through blockchain explorers, and the efficacy of the proposed recognition method is empirically validated using dataset from the Key Laboratory of Digital Forensics. Finally, the transaction topology is visualized using Neo4j, providing a comprehensive and intuitive representation of the traced transaction pathways. Full article

Blockchain technologies have profoundly transformed information systems by providing decentralized infrastructures that enhance transparency, security, and traceability. Ethereum, in particular, supports smart contracts and facilitates the development of decentralized finance (DeFi), non-fungible tokens (NFTs), and Web3 applications. However, its openness also enables illicit activities, including fraud and money laundering, through anonymous wallets. Identifying wallets involved in large transfers or abnormal transactional patterns is therefore critical to ecosystem security. This study proposes an AI-based framework employing XGBoost, LightGBM, and CatBoost to detect suspicious Ethereum wallets, achieving test accuracies between 95.83% and 96.46%. The system provides near real-time predictions for individual or recent wallet addresses using a pre-trained XGBoost model. To improve interpretability, SHAP (SHapley Additive exPlanations) visualizations are integrated, highlighting the contribution of each feature. The results demonstrate the effectiveness of AI-driven methods in monitoring and securing Ethereum transactions against fraudulent activities. Full article

Internet of Vehicles (IoV) serves as the data support for intelligent transportation systems, and the information security of the IoV is of paramount importance. In view of the problems of centralized processing, easy information leakage, and weak anti-interference ability in traditional vehicle networking systems, this paper proposes a blockchain architecture suitable for IoV forensics scenario. By leveraging the decentralized, distributed storage and tamper-proof capabilities of blockchain, it solves the privacy protection and data security issues of the system. Considering the threat of quantum computing to the encryption technology in traditional blockchain, this paper integrates lattice cryptography and ring signatures into digital signature technology, achieving privacy protection and traceability of the signer’s identity. To enhance the efficiency of lattice-based cryptographic algorithms, the DualRing technology is introduced, which reduces the computational time and storage consumption of ring signatures. Theoretical analysis has proved the correctness, anonymity, unlinkability, and traceability of the proposed scheme, which is applicable to the IoV forensics system. Simulation comparisons demonstrated that the proposed scheme significantly improves computational efficiency and reduces storage overhead. When the number of ring members is 256, the signature and verification times require only 65.76 ms and 21.46 ms, respectively. Full article

This paper proposes and evaluates a novel real-time cybersecurity framework integrating artificial intelligence (AI) and blockchain technology to enhance the detection and auditability of cyber threats. Traditional cybersecurity approaches often lack transparency and robustness in logging and verifying AI-generated decisions, hindering forensic investigations and regulatory compliance. To address these challenges, we developed an integrated solution combining a convolutional neural network (CNN)-based anomaly detection module with a permissioned Ethereum blockchain to securely log and immutably store AI-generated alerts and relevant metadata. The proposed system employs smart contracts to automatically validate AI alerts and ensure data integrity and transparency, significantly enhancing auditability and forensic analysis capabilities. To rigorously test and validate our solution, we conducted comprehensive experiments using the CICIDS2017 dataset and evaluated the system’s detection accuracy, precision, recall, and real-time responsiveness. Additionally, we performed penetration testing and security assessments to verify system resilience against common cybersecurity threats. Results demonstrate that our AI-blockchain integrated solution achieves superior detection performance while ensuring real-time logging, transparency, and auditability. The integration significantly strengthens system robustness, reduces false positives, and provides clear benefits for cybersecurity management, especially in regulated environments. This paper concludes by outlining potential avenues for future research, particularly extending blockchain scalability, privacy enhancements, and optimizing performance for high-throughput cybersecurity applications. Full article

Practical Byzantine Fault Tolerance (PBFT) has been widely used in consortium blockchain systems; however, it suffers from performance degradation and susceptibility to Byzantine faults in complex environments. To overcome these limitations, this paper proposes RE-BPFT, an enhanced consensus algorithm that integrates a nuanced node credibility model considering direct interactions, indirect reputations, and historical behavior. Additionally, we adopt an optimized ID3 decision-tree method for node classification, dynamically identifying high-performing, trustworthy, ordinary, and malicious nodes based on real-time data. To address issues related to centralization risk in leader selection, we introduce a weighted random primary node election mechanism. We implemented a prototype of the RE-BPFT algorithm in Python and conducted extensive evaluations across diverse network scales and transaction scenarios. Experimental results indicate that RE-BPFT markedly reduces consensus latency and communication costs while achieving higher throughput and better scalability than classical PBFT, RBFT, and PPoR algorithms. Thus, RE-BPFT demonstrates significant advantages for large-scale and high-demand consortium blockchain use cases, particularly in areas like digital traceability and forensic data management. The insights gained from this study offer valuable improvements for ensuring node reliability, consensus performance, and overall system resilience. Full article

The consensus protocol is a fundamental building block in distributed computing and has been widely used in blockchain systems in recent years. Paxos, introduced by Lamport, stands out as one of the most widely adopted consensus protocols and has found application in renowned distributed systems, including Google’s Spanner system. Abraham et al. analyzed the FaB Paxos protocol, a Byzantine version of Paxos. They abstracted the single-shot FaB Paxos into a Byzantine broadcast protocol and further gave an enhanced protocol known as Abraham et al.’s BB. Abraham et al.’s BB protocol achieved optimal two-round message interaction under good conditions, satisfying the optimal fault tolerance threshold of $n=5t-1$ where n represents total number of nodes in the system and t denotes the tolerable number of Byzantine nodes. This paper delves into scenarios wherein the actual number of Byzantine nodes surpasses the fault tolerance threshold during the operation of Abraham et al.’s BB protocol. To address this, we propose a forensic protocol designed to offer forensic support in cases of agreement violations. The forensic protocol aims to label Byzantine nodes through irrefutable evidence. We analyze the forensic protocol, elucidating the number of Byzantine nodes that the forensic protocol can label under different circumstances, along with the corresponding number of required messages. Additionally, we present an impossibility result, indicating that forensic support for Abraham et al.’s BB is impossible when the number of Byzantine nodes exceeds $2t-2$. Full article

Blockchain technology has risen in recent years from its initial application in finance to gain prominence across diverse sectors, including digital forensics. The possible application of blockchain technology to digital forensics is now becoming increasingly explored with many researchers now looking into the unique inherent properties that blockchain possesses to address the inherent challenges in this sector such as evidence tampering, the lack of transparency, and inadmissibility in court. Despite the increasing interest in integrating blockchain technology into the field of digital forensics and its domains, no systematic literature review currently exists to provide a holistic perspective on this integration. It is a challenge to find a comprehensive resource that examines how blockchain is being applied to enhance the digital forensics process. This paper provides a systematic literature review to explore the application of blockchain technology in digital forensics, focusing on its potential to address these challenges and enhance forensic methodologies. Through a rigorous review process, this paper examines selected studies to identify diverse frameworks, methodologies, and blockchain-driven enhancements applied to digital forensic investigations. The discussion highlights how blockchain properties such as immutability, transparency, and automation have been leveraged to improve evidence management and forensic workflows. Furthermore, this paper explores the common applications of blockchain-based forensic solutions across various domains and phases while addressing the associated limitations and challenges. Open issues and future research directions, including unexplored domains and operational gaps, are also discussed. This study provides valuable insights for researchers, investigators, and policymakers by offering a comprehensive overview of the state of the art in blockchain-based digital forensics, summarizing key contributions and limitations, and identifying pathways for advancing the field. Full article

The proliferation of Internet of Things (IoT) devices has facilitated the exchange of information among individuals and devices. This development has introduced several challenges, including increased vulnerability to potential cyberattacks and digital forensics. IoT forensic investigations need to be managed in a forensically sound manner using a standard framework. However, adopting traditional digital forensics tools introduces various challenges, such as identifying all IoT devices and users at the crime scene. Therefore, collecting evidence from these devices is a major problem. This paper proposes a permissioned blockchain integration solution for IoT forensics (PBCIS-IoTF) that aims to observe data transactions within the blockchain. The PBCIS-IoTF framework designs and tests Hyperledger blockchains simulated with a Raspberry Pi device and chaincode to address the challenges of IoT forensics. This blockchain is deployed using multiple nodes within the network to avoid a single point of failure. The authenticity and integrity of the acquired evidence are analysed by comparing the SHA-256 hash metadata in the blockchain of all peers within the network. We further integrate webpage access with the blockchain to capture the forensics data from the user’s IoT devices. This allows law enforcement and a court of law to access forensic evidence directly and ensures its authenticity and integrity. PBCIS-IoTF shows high authenticity and integrity across all peers within the network. Full article

As digital crime continues to rise, the preservation of digital evidence has become a critical phase in digital forensic investigations. This phase focuses on securing and maintaining the integrity of evidence for legal proceedings. Existing solutions for evidence preservation, such as centralized storage systems and cloud frameworks, present challenges related to security and collaboration. In this paper, we propose a novel framework that addresses these challenges in the preservation phase of forensics. Our framework employs a combination of advanced technologies, including the following: (1) Segmenting evidence into smaller components for improved security and manageability, (2) Utilizing steganography for covert evidence preservation, and (3) Implementing blockchain to ensure the integrity and immutability of evidence. Additionally, we incorporate Long Short-Term Memory (LSTM) networks to enhance steganography in the evidence preservation process. This approach aims to provide a secure, scalable, and reliable solution for preserving digital evidence, contributing to the effectiveness of digital forensic investigations. An experiment using linguistic steganography showed that the LSTM autoencoder effectively generates coherent text from bit streams, with low perplexity and high accuracy. Our solution outperforms existing methods across multiple datasets, providing a secure and scalable approach for digital evidence preservation. Full article

Blockchain technology has gained significant attention in recent years for its potential to revolutionize various sectors, including finance, supply chain management, and digital forensics. While blockchain’s decentralization enhances security, it complicates the identification and tracking of illegal activities, making it challenging to link blockchain addresses to real-world identities. Also, although immutability protects against tampering, it introduces challenges for forensic investigations as it prevents the modification or deletion of evidence, even if it is fraudulent. Hence, this paper provides a systematic literature review and examination of state-of-the-art studies in blockchain forensics to offer a comprehensive understanding of the topic. This paper provides a comprehensive investigation of the fundamental principles of blockchain forensics, exploring various techniques and applications for conducting digital forensic investigations in blockchain. Based on the selected search strategy, 46 articles (out of 672) were chosen for closer examination. The contributions of these articles were discussed and summarized, highlighting their strengths and limitations. This paper examines the selected papers to identify diverse digital forensic frameworks and methodologies used in blockchain forensics, as well as how blockchain-based forensic solutions have enhanced forensic investigations. In addition, this paper discusses the common applications of blockchain-based forensic frameworks and examines the associated legal and regulatory challenges encountered in conducting a forensic investigation within blockchain systems. Open issues and future research directions of blockchain forensics were also discussed. This paper provides significant value for researchers, digital forensic practitioners, and investigators by providing a comprehensive and up-to-date review of existing research and identifying key challenges and opportunities related to blockchain forensics. Full article

In an era marked by technological advancement, the rising reliance on Virtual Private Networks (VPNs) necessitates sophisticated forensic analysis techniques to investigate VPN traffic, especially in mobile environments. This research introduces an innovative approach utilizing Convolutional Neural Networks (CNNs) and Graph Neural Networks (GNNs) for classifying VPN traffic, aiding forensic investigators in precisely identifying applications or websites accessed via VPN connections. By leveraging the combined strengths of CNNs and GNNs, our method provides an effective solution for discerning user activities during VPN sessions. Further extending this framework, we incorporate blockchain technology to meticulously record all mobile VPN transactions, ensuring a tamper-proof and transparent ledger that significantly bolsters the integrity and admissibility of forensic evidence in legal scenarios. A specific use-case demonstrates this methodology in mobile forensics, where our integrated approach not only accurately classifies data traffic but also securely logs transactional details on the blockchain, offering an unprecedented level of detail and reliability in forensic investigations. Extensive real-world VPN dataset experiments validate our approach, highlighting its potential to achieve high accuracy and offering invaluable insights for both technological and legal domains in the context of mobile VPN usage. Full article