Healthcare Analytics 4 (2023) 100220

Contents lists available at ScienceDirect

Healthcare Analytics
journal homepage: www.elsevier.com/locate/health

A blockchain-based cloud forensics architecture for privacy leakage

prediction with cloud
Ragu G. 1 , Ramamoorthy S. ∗,2
Department of Computing Technologies, SRM Institute of Science and Technology, Katankulathur, Chengalpattu District 603203, Tamil Nadu, India

ARTICLE INFO ABSTRACT

Keywords: Digital forensics has intelligently evolved into cloud forensics, which protects against cybercrime. However,
Cloud digital forensics centralized evidence gathering and maintenance reduces the credibility of digital evidence. This article suggests
Blockchain technology a unique digital forensic architecture for the Infrastructure as a Service (IaaS) cloud combining rapidly
Harmony Search Optimization
expanding Software Defined Networking (SDN) and Blockchain technologies to address this serious issue.
Fuzzy-based Smart Contracts
Blockchain helps to store the gathered evidence, which means it is shared among many peers in the proposed
Forensics tools and designs
Software Defined Networks
forensic architecture. The Secure-Ring-Verification-based Authentication (SRVA) technique is recommended to
ensure security from suspicious accounts. The Harmony Search Optimization (HSO) technique helps to produce
secret keys that strengthen the cloud environment. Depending on their level of sensitivity, all information is
encrypted and kept on a cloud server. Sensitive Aware Deep Elliptic Curve Cryptography (SAD-ECC) method
was used for encryption. In the cloud, a piece of information is saved, and the SDN manager creates the blocks
and stores the history of that piece of data as metadata. Utilizing Secure Hashing Algorithm-3 (SHA-3), a Merkle
Hash Tree is constructed for each block. The proposed technology uses Fuzzy-based Smart Contracts (FSCs)
to enable clients to trail their data. At last, evidence analysis is made possible by creating a Logical-Graph of
Evidence (LGoE) using data collected through Blockchain. The network simulator-3.26 and java (for cloud and
Blockchain) environment are used for experiments. A thorough investigation shows that the suggested forensic
architecture exhibits favorable response, evidence insertion, and verification times.

1. Introduction
Blockchain-based cloud forensics architecture can provide an effec-
tive solution for privacy leakage prediction in cloud environments. This
architecture combines the transparency and immutability of Blockchain
technology with the capabilities of cloud forensics to enhance privacy
and security. Cloud Infrastructure relies on a cloud infrastructure where
data and services are hosted. This can be a public cloud, private cloud,
or hybrid cloud environment. In terms of Data Collection, Various data
sources within the cloud environment are monitored and collected
for analysis. This includes logs, system events, network traffic, user
activities, and other relevant data points. Forensics agents are de-
ployed within the cloud infrastructure to monitor and collect data from
different sources. These agents can be virtual machines or software
modules that interact with the cloud resources. The collected data is
analyzed and processed to extract meaningful features and indicators of
potential privacy leakage. This can involve techniques such as anomaly
detection, machine learning, or pattern recognition in terms of Data
Analysis and Feature Extraction.
With the help of Blockchain Integration, the extracted features and
indicators are securely stored on a Blockchain network. Blockchain
provides transparency and immutability, ensuring that the collected
data cannot be tampered with or altered. Smart contracts are deployed
on the Blockchain to define the rules and conditions for privacy leakage
prediction. These contracts can specify the thresholds for privacy viola-
tions, define the actions to be taken when a violation occurs, and enable
automated responses. Based on the extracted features and indicators,
the Blockchain network evaluates the likelihood of privacy leakage
incidents. Machine learning algorithms or predefined rules within the
smart contracts can be used for this prediction. If a potential privacy
leakage is predicted, the system generates an alert. The alert can be
sent to the cloud administrators or relevant stakeholders for further
investigation and response. Automated actions can also be triggered,
such as isolating the affected resources or blocking unauthorized access.
The Blockchain-based architecture provides a tamper-proof audit
trail of all privacy leakage prediction activities. This enables compli-
ance verification and facilitates forensic investigations if necessary. The
system continuously learns from new data and feedback, improving its

∗ Corresponding author.
E-mail addresses: [email protected] (Ragu G.), [email protected] (Ramamoorthy S.).
1
Research Scholar.
2
Associate Professor.

https://doi.org/10.1016/j.health.2023.100220
Received 30 April 2023; Received in revised form 10 June 2023; Accepted 22 June 2023

2772-4425/© 2023 The Authors. Published by Elsevier Inc. This is an open access article under the CC BY-NC-ND license
(http://creativecommons.org/licenses/by-nc-nd/4.0/).
Ragu G. and Ramamoorthy S.
prediction capabilities over time. Machine learning models can be up-
dated, and smart contracts can be refined based on the evolving privacy
requirements and patterns. By leveraging Blockchain technology, this
architecture enhances the transparency, integrity, and accountability
of cloud forensics for privacy leakage prediction. It provides a decen-
tralized and secure platform for monitoring, analyzing, and responding
to privacy threats in cloud environments.
In this elevated era, security issues exist due to the rise in Cloud plat-
form demands from businesses, governments, and people. Everyone’s
private data is now subject to attackers due to the Cloud environ-
ment [1]. Digital forensics, according to National Institute of Standards
and Technology (NIST) [2], is an operational base to pinpoint an
occurrence, gather evidence and examine it [3]. The Cloud forensic
architecture collects reliable evidence in the Cloud environment [4].
CURE focuses on key management, anti-forging methods, and time
heartbeat in terms of security. Forensic architecture is suggested for
a Blockchain-based SDN based Internet of Things (SDN-IoT) [5]. The
SDN stage also gathers data regarding evidence [6] and further forensic
techniques are improved for investigating the digital evidence gathered
and retained by Open-Flow-Switches [7].
The current provenance tracking framework is expanded by intro-
ducing Provence-aware Data Monitoring System(PDMS) [8]. McCain, a
Blockchain-based integrity management approach, is suggested for IaaS
Cloud [9]. Thus, much research has been done employing Blockchain
technology in the SDN Cloud environment. This paper, this work uses
Blockchain technology for Cloud-based digital forensics. However, data
integrity is a critical problem that must be handled in centralized
forensic architecture. Blockchain and smart agreements will be vital
in addressing this issue. Only options [10,11]. Blockchain is a secure
digital ledger. A distributed ledger with a timestamp is often modi-
fied for data exchange and storage [12–14]. The essential features of
Blockchain components are Integrity and Security, Collective Verifica-
tion, and Decentralization. The main driver for the proposed work is
the introduction of ProvChain, a Blockchain-based data source method
that ensures tamper-proof archives [15]. Blockchain is suggested as
a privacy-preserving approach for safe data storage [16]. Forensic
architecture built on a Blockchain is also used to examine accident cases
in a vehicular network setting [17].
Blockchain technology and smart contracts are utilized in SDN to
identify and mitigate distributed Denial of Service (DoS) attacks [18].
Additionally, Blockchain has been used with other IoT applications, in-
cluding innovative grid applications [19], industries [20], e-voting [21],
and agricultural networks [22]. The author has created a Cloud foren-
sics system that is impenetrable and accessible in a multitenant, un-
trusted Cloud environment. This framework depends on an independent
method based on the flattened multilayer filter. For Cloud systems,
it is impossible to adequately use any typical forensics preparedness
approach. In a Cloud context, a model for increasing security can
be applied. An approach to maximizing an organization’s capacity
to respond to infractions is forensic preparedness. As a result, the
main driving force behind this project is to create a digital forensics
architecture that uses Blockchain and SDN in a Cloud context. It also
wants to use a robust authentication system, Smart contracts, and a
digital signature algorithm to prove the provenance and collection.
2. Related works
The critical studies on digital forensics in the Cloud context are
in these parts. To maintain security against cyberattacks in the Cloud
environment, several academics have concentrated on digital forensics
and Blockchain technology in recent years. In Cloud forensics, the
majority of the evidence gathering occurred in [23]. This paper ad-
dressed the problems associated with evidence collecting under Cloud
Service Provider (CSP) supervision. To conclude, all evidence, which
means forensic monitoring aircraft, was gathered outside CSP. A foren-
sic server is set up on the monitoring aircraft to collect and store
2
Healthcare Analytics 4 (2023) 100220
all evidence. Preserving evidence on a single-forensic server creates
a single point of failure even if all material is potentially protected
against unreliable CSP. The attacker must impact the forensic server
to change and remove the evidence. The Secure Logging-as-a-Service
(SecLaaas) paradigm was introduced to create a Cloud forensics archi-
tecture [24]. It endeavored to gather several records using SecLaaS
without compromising their truthfulness. A Hash-Chain approach is
used to maintain integrity, and evidence of previous papers is also
regularly released to CSPs. The susceptibility of logs is increased by
centralized log gathering.
The Forensic Acquisition and Analysis Systems (FAAS) study was
suggested to address the issue of dependence on CSP [25]. FAAS is
an agent-assisted system where the agent manager and coordinator
oversee all recorded evidence. The crucial forensics component, data
provenance, is not preserved by FAAS. The presence of several agents
further increases the intricacy of the system. A log aggregation proce-
dure was framed for digital forensic architecture [26]. All gathered logs
were kept in an evidential database. Log archive for future examination.
The log repository, however, is a centralized database that is readily
vulnerable to assailants. Event management and security data. For
Cloud forensics, the framework was created [27]. Here, all the evidence
was dispersed rather than kept in CSP. Rivest Shamir and Adelman
(RSA) added more security. A cryptographic algorithm was used and
all the evidence is presented among the unauthenticated users.
With this strategy, more unauthorized users are involved, and they
could even have access to the evidence. An SDN-controlled network act-
ing as the Forensic Controller (ForCon) was used in the Cloud forensic
architecture [28]. Dislocated agents kept an eye on the network envi-
ronment and gathered the proof. Again, the employment of agents and
the quality of the evidence are crucial points to focus on. For forensic
collection, data mining with the fuzzy technique was presented [29].
On behalf of the legal monitoring, analysis, and evidence creation of
Cloud logs, this expert was system suggested. CSP had complete control
over the storage of all evidence. However, the CSP may not be wholly
trusted in a Cloud setting, which reduces the credibility of the evidence.
To manage the changing design of Cloud architecture, an adaptive
evidence-collecting system was devised [30].
Three main scenarios – vulnerable databases, security breaches,
and Cloud configurations – are taken into account to make evidence
collecting flexible. Various designs adaptively adjust the procedure for
gathering evidence. This approach may be adaptable, but it cannot give
data provenance and the integrity of the evidence [31]. To track the ac-
tivity of data, the intelligent contact access system was introduced [23].
Due to this technique’s enormous tuple size and processing time, la-
tency rises as the number of users does [24]. The study revealed that
centralizing evidence collecting and processing for Cloud forensics [32]
is a significant research challenge. Additionally, most researchers have
focused exclusively on gathering evidence, failing to promise data
integrity [33,34]. Preserving evidence integrity, data provenance, and
centralized forensic architecture are thus still significant problems in
Cloud forensics [35–37].
Blockchain-based federated learning [38] is a promising approach
for securing the Internet of Things (IoT) ecosystem. It combines the
privacy-preserving nature of federated learning [39] with the trans-
parency and immutability of blockchain technology. Utilization and
energy consumption optimization in a cloud computing environment
are essential for improving resource efficiency, reducing costs, and
minimizing the environmental impact [40]. Securing trustworthy evi-
dence for a robust forensic cloud-blockchain environment in the context
of immigration management is crucial for maintaining the integrity
of the system and ensuring reliable evidence [41–43] for legal and
administrative purposes. The combination of blockchain and Artificial
Intelligence of Things (AIoT) holds significant potential to enhance the
security, privacy, and efficiency of IoT systems [44–46].
Ragu G. and Ramamoorthy S.
3. Proposed methodology
The main issues like Centralization of evidence collecting and
preservation, Issues in Security and integrity, and Prohibited user
access were sorted in this section: Centralization of evidence gathering
and protection. All of the issues above are considered and fixed in
the proposed Cloud forensic architecture. The essential algorithms
are defined in the proposed forensic architecture known as Cloud
Digital Forensics Architecture (CDFA). The proposed system uses SDN
and Blockchain technologies with Cloud forensics for gathering and
analyzing evidence. The main goals of this research project are to
retain data provenance for Cloud data and to get trustworthy evidence
from the Cloud environment. The entities like SDN Controller, Users
of the Cloud, Cloud Service Providers, and Authentication Servers are
included in the forensic system.
Fig. 1 depicts the complete system design. The proposed forensics
architecture’s primary goals are to protect data provenance and get
trustworthy evidence from Cloud Service Providers. First, it creates a
robust authentication mechanism to guard against unauthorized users.
Based on the sensitivity level, the information saved under Cloud
Service Providers is encrypted to maintain safety in the Cloud platform.
The idea of the distributed proof gathering was put out using the
technology of Blockchain. Smart contracts are used to protect data
provenance and trace data history. The graph-based analysis approach
is suggested for practical evidence analysis.
Step 1: User Authentication: All Cloud users initially register with
AS. User ID (ID) and password are considered user credentials during
registration Password (PW). AS uses the HSO technique to produce a
secret key (SK) for each registered user (U). The circular theorem’s pro-
duced PW, SK, ID, and Secret Code (SC) are then used to authenticate
all users each time.
Step 2: Key generation: HSO is a meta-heuristic algorithm that
mimics how musicians improvise music to achieve better harmony. It
has been used in many different sectors. The HSO algorithm is used in
this study to generate the cryptographic keys. In general, the Elliptic
Curve for Current (ECC) equation is written as
y2 = x3 + axe + b (1)
Where x, 𝑦 denotes the curve’s point and a, b denotes its defining data
or values.
The essential point ‘‘P’’ on this curve is considered, and a random
integer within the given range is chosen, ‘‘Pr(SK)’’. The public key is
then created using the formula
Pu(SK) = Pr(SK)P. (2)
Where
Pr = Private Key
Pu= Public Key
Step 3: Authentication by SRVA (AS): AS produces a secret key
and origin points for each and every registered user. The (Ox, Oy) circle
are source points manages that are unique for each other. It stores the
ID, PW, and SC for each user’s matching credentials. Every time a user
authenticates, their credentials are checked. For each user, AS generates
a unique secret code that makes it hard for an attacker to figure out.
(Ax Ox)2 + (By Oy)2 = R2 (3)
Step 4: Encryption: The user-authenticated procedures are given rights
to the Cloud framework in the proposed forensic system. Clients or
users keep the data in the Cloud platform as cipher text with a digital
signature. Users decide on the data’s level of sensitivity in this case.
Sensitive data, for instance, refers to private information like bank
account numbers and identifying information, but non-sensitive data
includes things like humorous videos and movies. Secret keys are
produced using the HSO technique, as was mentioned in the preced-
ing subsection. The Sensitivity Aware Deep ECC (SAD-ECC) algorithm
encrypts data using a robust private key that is created. The ECC
3
Healthcare Analytics 4 (2023) 100220
algorithm is coupled with the SA-DECC method in the deep framework.
The encryption and decryption procedure incorporates several covert
levels. The ECC algorithm uses an In the input, Pu(SK), and the data to
be encrypted are initialized.
The encryption procedure is carried out at hidden layers. However,
SAD-ECC executes with awareness of sensitivity. The following meth-
ods for data encryption. Algorithm 2 describes the whole SAD-ECC
procedure by employing a solid secret key in the algorithm. This is
an example2 of Fig. 2 showing the SAD-ECC method that has been
suggested. Similar to how cipher text is initialized at the Input-Layer,
the original text is acquired with the output layer when data has
been decoded. To ensure data security, the encryption method uses
specific deep learning. The user must authenticate the data before being
outsourced with a Cloud framework to retain evidence of ownership.
Initially, HV = HASH(d) is used to create the hash value for data to be
signed. The digital signature is then created using the formula Sign =
HV + Pr (SK). k1 and k2 are random numbers, and their product is k2
k1. The signed data by the current owner every time it is amended or
whose ownership has changed.
Algorithm #1:SAD-ECC
Input : public-key and input data
Output: Encrypted Text
Initialize Inputdata(id) and public-key(Pu(SK))
if (id = sensitive-data)
dividend D= D1 * D2
for D1
Compute CT1(C1) as,
C1=D1 xor D2
endfor
for D2
Initialize public key, D2 at I/P Layer
Compute CT2(C2) at hidden layers,
CA = K * P,
CB = D2 + K * Public Key
C2 = [CA,CB]
endfor
deduce CT (C) as,
C = [ C1, C2 ]
else
for D
Repeat for D2
endfor
endif
End
Step 5: Blockchain based Evidence Collection: Digital evidence is
a significant source for investigation in cybercrimes. The suspects can
destroy the evidence and conceal their data in numerous IaaS Cloud
system locations. The complex primary problem with the IaaS Cloud
system is the distribution of data processing among many computer
resources. Additionally, because Cloud users have greater control than
investigators, gathering and preserving evidence is a complex problem.
The suggested digital forensic system leverages SDN and Blockchain
technologies to collect and store forensic evidence from the Cloud to
guard against all these problems. The SDN controller has access to the
Blockchain where the evidence is kept.
Evidence processing is essential for categorizing and accessing
forensic data in the Cloud from many locations and sources. Evidence
is kept on a single physical host while data is spread over a different
region. As a result, it is not easy to find proof after an incident. Proofs
are gathered from various forensic sources, including hard drives,
RAM image files, memory units, hosts, virtual machines, switches,
routers, servers, and browsers. The data is gathered from many sources.
Evidence is collected using data gathering from Cloud servers, browser
objects, and memory space analysis.
Ragu G. and Ramamoorthy S. Healthcare Analytics 4 (2023) 100220

Fig. 1. Cloud Forensics Architecture.

Fig. 2. SAD-ECC Proposed Algorithm.

Algorithm #2: Evidence Collection The procedure for gathering evidence is described in the algo-
Input: Input data rithm. The supporting documentation is collected and maintained in a
Output: Certificate Blockchain for each piece of Cloud-based data kept here. Additionally,
Initialize FSC monitors and regulates the accessibility of user-stored data in the
For all Vi € Cloud environment. The activities in this work are reported to a Cloud
I Compute FCS for Users, server using intelligent contracts when they satisfy a fuzzy criterion,
Endfor and they are also recorded as evidence on the Blockchain. The data
For each Input Data kept in the Cloud environment is accessible to many authorized users.
V1 stores D1 in IaaS This study uses fuzzy logic that considers the degree of data sensitivity
Compute Blocks for D1 to generate intelligent contracts. Fuzzy rules in the system are used
Compute Hash for D1 to execute the smart contract. The fuzzy rules used in FSC are shown
Track D1 and Update the Evidences in Table 1. These guidelines are used to compile the report, which is
Endfor then logged as evidence. The data change committed during previous
For Each Transactions in D1 access is referred to as the prior risk. The authorized evidence report
Store IP Address, TS, Action, Server, etc is disregarded, and data is only created if the historical risk is minimal
If any rule violated and the data is sensitive. If not, the completed information is considered
Report Generation necessary evidence and kept on the Blockchain.
Else Step 6: Investigation using Cloud Forensics: The authorized in-
No Report Generation vestigator (police, attorneys) must examine the digital evidence related
Endif to a cybercrime after it has been detected. AS also authenticates the
Repeat For D2 investigator before the inquiry. For instance, if a suspect checks into a
Endfor hotel, the hotel database will keep the suspect’s information. The sus-
End pect is anticipated to attempt to destroy the digital evidence by hacking
the database and deleting their check-in records. In this situation, our
suggested forensic architecture would work well since the Blockchain,

4
Ragu G. and Ramamoorthy S. Healthcare Analytics 4 (2023) 100220

Table 1 Due to this, the proposed architecture for Cloud forensics, which
Fuzzy rule used in Fuzzy Smart Contracts (FCS).
uses SDN and Blockchain technology, enables the secure gathering of
Type of data Risk type Action Fuzzy rule value Generation of evidence from the Cloud. Thanks to a robust authentication proce-
report
dure, unauthorized users cannot access the Cloud environment, and
Non-Sensitive Low risk Read action 0 to 0.5 No
sensitivity-aware encryption enhances data protection. Blockchain and
Sensitive Low risk Read action 0 to 0.5 No
Non-Sensitive Low risk Edit action 0 to 0.5 No
SDN for evidence storage are sophisticated methods of ensuring dis-
Sensitive Low risk Edit action 0.51 to 0.1 Yes persed data security. The developed Cloud forensic infrastructure fa-
Non-Sensitive Low risk Delete action 0.51 to 0.1 Yes cilitates the entire investigation, from evidence processing to evidence
Sensitive Low risk Delete action 0.51 to 0.1 Yes reporting to the court.
Non-Sensitive Low risk Read action 0 to 0.5 No
Sensitive Low risk Read action 0.51 to 0.1 Yes
Non-Sensitive Low risk Edit action 0 to 0.5 No 4. Experimental results
Sensitive Low risk Edit action 0.51 to 0.1 Yes
In the result part, we do an experimental analysis of the sug-
gested forensic architecture using data from earlier studies and per-
formance measures. This section compares the presented work with
a distributed ledger, keeps all evidence records. Before accessing the
the coldfusion centralized log (CFLOG) gathering strategy after first
system, they must pass the valid authentication.
introducing with simulation setup. The setup uses the proposed Cloud
The investigator believes the following procedures should be fol-
Forensic architecture on a multi-platform simulation environment. Us-
lowed for the evidence analysis.
ing CloudSim, this work created an IaaS Cloud environment for the
Identification of Evidence: Finding a prospective source of credi- Java platform. Blockchain is developed in Java for data saved in the
ble evidence is the first step in a digital forensic inquiry. As a result, IaaS Cloud. Using the NetBeans IDE, Java programs are designed. All
the investigator has to get the necessary legal authorization. trials are simulated on an Intel Core i7 CPU running at 2.80 GHz, with
Acquisition of Evidence: From the Blockchain, the investigator ac- 16 GB of RAM and a 128 GB SSD running Ubuntu OS. Additionally,
cesses all the data logs after receiving permission from a legal authority. the NS-3 simulator is mainly devoted to Software Defined Networks
This research project’s evidence log includes both login details and and is connected to Cloud and the Blockchain environment. The JAR
hardware-focused evidence. The investigator must adhere to judicial Consider a crook who spent a few days at Hotel A. Then, you can find
requirements at this point without breaking SLA agreements. information on the suspect in Hotel A’s guest book.
Analysis of Evidence: The investigator then thoroughly examines Furthermore, footage of the suspect at the hotel is to be included in
the logs as evidence to provide an information report on the digital the information collected from the surveillance system or camera. This
proof. In this research, for improved analysis, LGoE is considered. Based can make it easier for the detectives to find the culprit immediately.
on the evidence and matching log properties, LGoE is generated. The Every change made to the visitor registry and the investigation report
check-in history, or initial data, for a similar instance, the suspicious is gathered as evidence on the Blockchain. The suspicious activity can
checking into a hotel, is uploaded to the Cloud by hotel administration alter or erase the Cloud-stored guest registration and surveillance data.
or an authorized user. Currently, all the features for log are included But under the suggested forensic architecture, every piece of evidence
in the evidence established on the Blockchain. is kept on a distributed ledger called the Blockchain using the proposed
Reporting of Evidence: In the evidence analysis step, each piece effective forensic architecture. Additionally, it compiles the VM logs for
of evidence in the LGoE is verified using a digital signature kept on use as proof on the Blockchain.
file with the data and hash value. It must be signed before outsourcing CloudSim is a popular cloud computing simulation framework that
data to the Cloud in our suggested task. As a result, an attacker who enables researchers and practitioners to simulate and evaluate cloud
updates this data must provide a valid digital signature. In Blockchain, environments. While CloudSim primarily focuses on cloud computing
the current hash value is kept for all the shreds of evidence. The hash aspects, it can be extended to simulate cloud forensics scenarios by
value of data stored in the Cloud must match Merkle Tree in a block. incorporating relevant modules and functionalities.
The agent creates the information by considering these assessments and Create a simulation environment in CloudSim that represents the
making the digital evidence. The procedure for gathering evidence from cloud infrastructure you want to simulate. This includes defining data
acquisition to submission to the court is described in Algorithm. centers, virtual machines (VMs), storage resources, network topologies,
and other relevant components. Extend CloudSim by incorporating a
Algorithm #3: Evidence gathering and Submission Process forensics module that simulates forensic agents, data collection mech-
Input: Collected Evidences anisms, and analysis tools. This module should mimic the behavior of
Output: LGoE real-world forensics agents and their interactions with cloud resources.
Initialize Generate synthetic or realistic datasets that emulate various types of
Authentication of Investigator cloud activity, including user interactions, system events, network traf-
Identification of case related to evidences fic, and log files. These datasets should capture the relevant information
Evidence collection from Blockchain required for forensic analysis and prediction.
Plot LGoE using attributes Within the simulation, implement mechanisms for data collection
For each and Every evidences and analysis. This involves deploying forensics agents within the sim-
Verify [Hash and Initiator IP] ulated cloud infrastructure to collect data from VMs, network traffic,
If True verification logs, and other relevant sources. Apply forensic analysis techniques,
Signature Verification such as anomaly detection or pattern recognition algorithms, to process
If Valid Signature the collected data. Utilize the collected and analyzed data to predict
Prepare Evidence with Proof potential privacy leakage incidents. Implement algorithms or rule-
Else based approaches to assess the likelihood of privacy breaches based on
Preparation of invalid evidence extracted features and indicators.
Endif Therefore, the investigator may get the evidence from the
Endfor Blockchain even if suspicious activity changes the report or data in the
Preparation of Digital Evidence and submit for investigation Cloud. If there are any differences among the evidence, scheming LGoE
End for the gathered evidence report to expose. The investigator can send

5
Ragu G. and Ramamoorthy S. Healthcare Analytics 4 (2023) 100220

Fig. 3. Simulation of Proposed Cloud Forensics Using CloudSim.

Table 2 Table 3
Performance analysis of evidence insertion time. Performance analysis of evidence verification time.
SL.NO No. of users Existing Method Proposed Cloud SL.NO No. of users Existing CFLOG Proposed Cloud
CFLOG in (ms) Forensics (ms) in (ms) Forensics (ms)
1 20 32 53 1 20 38 62
2 40 44 72 2 40 40 70
3 60 48 73 3 60 44 74
4 80 49 79 4 80 46 78
5 100 54 88 5 100 50 80

Fig. 5. Performance of Evidence Verification Time.

Fig. 4. Performance of Evidence Insertion Time.

produce both increase as the number of users rises. As a result, the

digital proof using CoC to court using the Blockchain evidence they
have collected. The following parameters are tested with the existing
work using CFLOG — without using SDN Blockchain, insertion time
for proof, verification time, and computational time. Fig. 3 illustrates
the Simulation of Proposed Cloud Forensics Using CloudSim.
5. Discussion
5.1. Insertion time for evidence
Insertion Time for evidence is a period of spell needed for inserting
electronic information of evidence gathered on a Cloud server. In the
analysis, when the plane SDN creates a proof for the data stored in
Cloud, it can understand how to be described simultaneously (see
Table 2).
Fig. 4 compares the evidence insertion time and it describes how
the quantity of data that must save and the quantity of proof that must
amount of time it takes to introduce the evidence in both tasks. As a
result, evidence insertion in Blockchain happens faster than in earlier
work
5.2. Evidence verification time
Evidence verification time is the amount of time it takes for inves-
tigator to gather and validate the evidence starting with a Blockchain.
Fig. 5 and Table 3 compare the time needed for evidence verifica-
tion using the suggested forensic approach versus the CFLOG method.
The proposed digital forensic system achieves quick proof of the evi-
dence. The typical validation technique is used in the CFLOG approach,
where the investigator needs access to CSP for evidence collecting.
Instead of CSP, the investigator in the suggested work compiles all
data from the controller. Additionally, LGoE construction is used to do
evidence verification for improved analysis. Comparing computational

6
Ragu G. and Ramamoorthy S. Healthcare Analytics 4 (2023) 100220

Table 4
Performance analysis of computational overhead.
SL.NO No. of users Existing CFLOG Proposed Cloud
in (BB) Forensics (KB)
1 20 8 11
2 40 9 12
3 60 10 13
4 80 11 14
5 100 12 15

Fig. 7. Analysis of Response Time.

6. Conclusion

Fig. 6. Performance of Computational Overhead. Using SDN and Blockchain technologies, an innovative Digital Foren-
sic System Architecture is developed in this research to gather and
Table 5 store trustworthy evidence with the help of the IaaS Cloud platform AS
Performance analysis of response time. authenticates all Cloud users by using the safe authentication process
SL.NO No. of users Existing CFLOG Proposed Cloud known as the Secure Ring Verification-based Authentication system.
in (BB) Forensics (KB) The proposed method has been suggested for data security. Before
1 20 48 68 that, the HSO method generates optimum keys. A block is formed
2 40 60 82 at the controller for each piece of data that is saved in the Cloud.
3 60 62 98
The evidence’s integrity is ensured in each block via the building
4 80 65 98
5 100 78 100 of a Merkle-Hash-Tree using the SHA-3 algorithm. With the help of
Blockchain technology, all evidence is gathered, and the CoC and
PoO are maintained. The proposed system has implemented FCS to
track data activity. Finally, adopting LGoE-based analysis simplifies the
overhead is the amount of bandwidth needed to carry out a specific process of analyzing the evidence. A hybrid simulation environment
operation (transfer data, read, update, generate evidence, and verify using Java and ns-3.26 assesses the forensic system. Experimental re-
proof) within the forensic system (see Table 4). search exposes that the proposed forensic architecture outperforms the
In Fig. 6 and Table 5 compare the calculation overhead to the user
centralized forensic system regarding outcomes. To improve the Digital
count. Here, the amount of data that has to be processed grows along
Forensic System in the future, offer to integrate forensic networks inside
with the number of users, increasing the computing overhead. With-
SDN and with Cloud forensics.
out Blockchain technology, centralized system administration increases
computational costs. The processing of data and evidence in CFLOG
Declaration of competing interest
is done in CSP, which raises overhead. The proposed forensic system
holds the processing of evidence (collecting, hash computation, and
preservation) on the SDN controller to reduce the overall computing The authors declare that they have no known competing finan-
overhead. The scalability is enhanced without adding to overhead by cial interests or personal relationships that could have appeared to
the use of SDN technology in the proposed architecture influence the work reported in this paper.

5.3. Analysis for response time Data availability

It means that the amount of period it takes for clients or users
to obtain information they have requested. The total number of users
utilizing the digital forensic system is used to validate this metric.
In other words, the duration of response is known as the users with
the necessary information via the forensic system data or proof. In
Fig. 7, the proposed system explores the reaction time through the
current centralized CFLOG system. Because there are more requests
from users as there are more clients or users in both tasks, it grows the
response time gradually as the user base grows. However, the suggested
digital forensic system still answers user requests rapidly, even when
there are more users. Adopting SDN technology improves scalability
or accommodating many clients or users at once. The Cloud user can
instantly connect with the server (Cloud server) and obtain the needed
report. Similarly, the SDN controller does not have to wait for the
investigator to gather evidence from the Blockchain.
Data will be made available on request
References
[1] Sheik Khadar Ahmad Manoj, D. Lalitha Bhaskari, Cloud forensics-a framework
for investigating cyber attacks in cloud environment, Procedia Comput. Sci. 85
(2016) 149–154.
[2] Sameera Almulla, Youssef Iraqi, Andrew Jones, A state-of-the-art review of cloud
forensics, J. Digit. Forens. Secur. Law 9 (4) (2014) 2.
[3] Shams Zawoad, Ragib Hasan, Trustworthy digital forensics in the cloud,
Computer 49 (3) (2016) 78–81.
[4] Roberto Battistoni, Roberto Di Pietro, Flavio Lombardi, CURE—Towards enforc-
ing a reliable timeline for cloud forensics: Model, architecture, and experiments,
Comput. Commun. 91 (2016) 29–43.
[5] Mehran Pourvahab, Gholamhossein Ekbatanifard, An efficient forensics archi-
tecture in software-defined networking-IoT using blockchain technology, IEEE
Access 7 (2019) 99573–99588.

7
Ragu G. and Ramamoorthy S.
[6] Mehran Pourvahab, Ekbatanifard Gholamhossein, Digital forensics architecture
for evidence collection and provenance preservation in IaaS cloud environment
using SDN and blockchain technology, IEEE Access 7 (2019) 153349–153364.
[7] Tommy Chin, Kaiqi Xiong, A forensic methodology for software-defined network
switches, in: Advances in Digital Forensics XIII: 13th IFIP WG 11.9 International
Conference, Orlando, FL, USA, January 30-February 1, 2017, Revised Selected
Papers 13, Springer International Publishing, 2017.
[8] Yulai Xie, et al., Efficient monitoring and forensic analysis via accurate network-
attached provenance collection with minimal storage overhead, Digit. Investig.
26 (2018) 19–28.
[9] Bo Zhao, Peiru Fan, Mingtao Ni, Mchain: A blockchain-based VM measure-
ments secure storage approach in IaaS cloud with enhanced integrity and
controllability, IEEE Access 6 (2018) 43758–43769.
[10] Konstantinos Christidis, Michael Devetsikiotis, Blockchains and smart contracts
for the internet of things, IEEE Access 4 (2016) 2292–2303.
[11] Wenli Yang, et al., A survey on blockchain-based internet service architecture:
requirements, challenges, trends, and future, IEEE Access 7 (2019) 75845–75872.
[12] Arpita Nayak, Kaustubh Dutta, Blockchain: The perfect data protection tool, in:
2017 International Conference on Intelligent Computing and Control, I2C2, IEEE,
2017.
[13] Lijing Zhou, et al., Beekeeper: A blockchain-based iot system with secure storage
and homomorphic computation, IEEE Access 6 (2018) 43472–43488.
[14] Qi Xia, et al., BBDS: Blockchain-based data sharing for electronic medical records
in cloud environments, Information 8 (2) (2017) 44.
[15] Xueping Liang, et al., Provchain: A blockchain-based data provenance archi-
tecture in cloud environment with enhanced privacy and availability, in: 2017
17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing,
CCGRID, IEEE, 2017.
[16] Bao-Kun Zheng, et al., Scalable and privacy-preserving data sharing based on
blockchain, J. Comput. Sci. Tech. 33 (2018) 557–567.
[17] Mumin Cebe, et al., Block4Forensic: An integrated lightweight blockchain frame-
work for forensics applications of connected vehicles, IEEE Commun. Mag. 56
(10) (2018) 50–57.
[18] Zakaria Abou El Houda, Abdelhakim Senhaji Hafid, Lyes Khoukhi, Cochain-SC:
An intra-and inter-domain DDoS mitigation scheme based on blockchain using
SDN and smart contract, IEEE Access 7 (2019) 98893–98907.
[19] Bharathiraja Nagu, et al., Ultra-low latency communication technology for
Augmented Reality application in mobile periphery computing. Paladyn, J.
Behav. Robot. 14 (1) (2023) 20220112.
[20] Ru Huo, et al., A comprehensive survey on blockchain in industrial internet of
things: Motivations, research progresses, and future challenges, IEEE Commun.
Surv. Tutor. 24 (1) (2022) 88–122.
[21] N.V. Ravindhar, et al., Secure integration of wireless sensor network witth cloud
using coded probable bluefish cryptosystem, J. Theor. Appl. Inform. Technol.
100 (24) (2022).
[22] Khaled Salah, et al., Blockchain-based Soybean traceability in agricultural supply
chain, IEEE Access 7 (2019) 73295–73305.
[23] S. Kaur, G. Kaur, Threat and vulnerability analysis of cloud platform: a user
perspective, in: 2021 8th International Conference on Computing for Sustainable
Global Development, INDIACom, IEEE, 2021, pp. 533–539.
[24] Ishu Gupta, et al., SeCoM: An outsourced cloud-based secure communication
model for advanced privacy preserving data computing and protection, IEEE
Syst. J. (2023).
[25] Sebastian Schlepphorst, Kim-Kwang Raymond Choo, Nhien-An Le-Khac, Digital
forensic approaches for cloud service models: A survey, in: Cyber and Digital
Forensic Investigations: A Law Enforcement Practitioner’s Perspective, 2020, pp.
175–199.
Healthcare Analytics 4 (2023) 100220
[26] Warusia Yassin, et al., Cloud forensic challenges and recommendations: A review,
OIC-CERT J. Cyber Secur. 2 (1) (2020) 19–29.
[27] More Swami Das, A. Govardhan, Vijaya Lakshmi Doddapaneni, A model of cloud
forensic application with assurance of cloud log, Int. J. Digit. Crime Forensics
(IJDCF) 13 (5) (2021) 114–129.
[28] Ibrahim Ali Alnajjar, Massudi Mahmuddin, Feature indexing and search optimiza-
tion for enhancing the forensic analysis of mobile cloud environment, Inform.
Secur. J. A Glob. Perspect. 30 (4) (2021) 235–256.
[29] Utsav Punia, et al., An improved scheduling algorithm for grey wolf fitness task
enrichment with cloud, in: 2023 5th International Conference on Smart Systems
and Inventive Technology, ICSSIT, IEEE, 2023.
[30] Khalid Hasan, et al., A blockchain-based secure data-sharing framework for
Software Defined Wireless Body Area Networks, Comput. Netw. 211 (2022)
109004.
[31] Gaganpreet Kaur, Sandeep Kaur, Critical analysis of secure strategies against
threats on cloud platform, in: Mobile Radio Communications and 5G Networks:
Proceedings of Third MRCN 2022, Springer Nature Singapore, Singapore, 2023,
pp. 443–455.
[32] Adedoyin A. Hussain, Fadi Al-Turjman, Artificial intelligence and blockchain: A
review, Trans. Emerg. Telecommun. Technol. 32 (9) (2021) e4268.
[33] Ma Zhuo, Jiawei Zhang, Efficient, traceable and privacy-aware data access
control in distributed cloud-based IoD systems, IEEE Access (2023).
[34] NS Gowri Ganesh, N.G. Mukunth Venkatesh, D. Venkata Vara Prasad, A system-
atic literature review on forensics in cloud, IoT, AI & Blockchain, in: Illumination
of Artificial Intelligence in Cybersecurity and Forensics, 2022, pp. 197–229.
[35] Qi Li, et al., CBFF: A cloud–blockchain fusion framework ensuring data
accountability for multi-cloud environments, J. Syst. Archit. 124 (2022) 102436.
[36] Yunus Khan, Sunita Verma, An intelligent blockchain and software-defined
networking-based evidence collection architecture for cloud environment, Sci.
Program. 2021 (2021) 119063.
[37] Samuel D. Okegbile, Jun Cai, Attahiru S. Alfa, Performance analysis of
blockchain-enabled data-sharing scheme in cloud-edge computing-based IoT
networks, IEEE Internet Things J. 9 (21) (2022) 21520–21536.
[38] Abdul Rehman Javed, et al., Integration of blockchain technology and federated
learning in vehicular (IoT) networks: A comprehensive survey, Sensors 22 (12)
(2022) 4394.
[39] Shalini Talwar, et al., Big Data in operations and supply chain management: a
systematic literature review and future research agenda, Int. J. Prod. Res. 59
(11) (2021) 3509–3534.
[40] Keping Yu, et al., A blockchain-based Shamir’s threshold cryptography scheme
for data protection in industrial internet of things settings, IEEE Internet Things
J. 9 (11) (2021) 8154–8167.
[41] Siyue Guo, et al., Modelling building energy consumption in China under
different future scenarios, Energy 214 (2021) 119063.
[42] Mohammad Khalid Imam Rahmani, et al., Blockchain-based trust management
framework for cloud computing-based internet of medical things (IoMT): a
systematic review, Comput. Intell. Neurosci. 2022 (2022).
[43] Ankit Attkan, Virender Ranga, Cyber-physical security for IoT networks: a
comprehensive review on traditional, blockchain and artificial intelligence based
key-security, Complex Intell. Syst. 8 (4) (2022) 3559–3591.
[44] Gauri Shankar, et al., Improved multisignature scheme for authenticity of digital
document in digital forensics using edward-curve digital signature algorithm,
Secur. Commun. Netw. 2023 (2023).
[45] Zhilin Wang, Qin Hu, Blockchain-based federated learning: A comprehensive
survey, 2021, arXiv preprint arXiv:2110.02182.
[46] Tian Li, et al., Blockchain-based privacy-preserving and rewarding private data
sharing for IoT, IEEE Internet Things J. 9 (16) (2022) 15138–15149.