<![CDATA[Network forensic investigations rely heavily on the integrity and traceability of Packet Capture (PCAP) files as primary digital evidence. Digital Forensic Research Workshop (DFRWS) implementations commonly employ centralized preservation mechanisms that remain vulnerable to unauthorized modification and provide limited provenance transparency. To address these limitations, this study proposes a blockchain-based preservation framework integrated into the preservation phase of the DFRWS model. The framework combines SHA-256 cryptographic hashing for integrity verification, blockchain-based provenance logging, and distributed ledger validation while maintaining off-chain evidence storage. Unlike many existing blockchain-based forensic frameworks that primarily emphasize provenance recording and chain-of-custody management, this study evaluates evidence preservation through an integrated validation approach consisting of controlled tampering simulation, cryptographic sensitivity analysis, and preservation latency measurement. Experimental evaluation using PCAP datasets representing attack and baseline traffic conditions demonstrated that unauthorized evidence modification was successfully detected through hash inconsistencies. Avalanche Effect analysis produced a value of 50.39%, confirming the strong cryptographic sensitivity of the SHA-256 mechanism to minimal data alteration. While SHA-256 enables reliable tampering detection, the integrated blockchain architecture provides tamper-resistant provenance recording, chain-of-custody traceability, and distributed verification of evidence integrity. The framework achieved an average preservation latency of 2.057 seconds within the experimental environment, providing preliminary evidence of feasibility for blockchain-assisted forensic logging under controlled conditions. Although no direct comparison with alternative preservation approaches was conducted, the findings provide a proof-of-concept validation and contribute empirical evidence regarding the potential of blockchain-supported provenance management to enhance trustworthiness and integrity assurance in network forensic workflows.]]>
Copyrights © 2026
