ForeTrackr | Devpost

chains of custody
our product
Our program workflow, part of our planning

Pitch

Imagine a digital forensics team collecting and duplicating a memory dump for a serious, high profile case. They spend hours collecting data and duplicating it, proving the defendant to be guilty beyond a doubt. They then send it to their successful, but not tech savvy legal firm, who pass it down to the judicial office along with the necessary documents. However, somewhere in the process, the file has changed, and the evidence is thrown out as it is now deemed tampered, causing the case to follow apart. How do we avoid this you ask? Use ForeTrackr. ForeTrackr is an innovative solution tracking the file at every entry and exit point, ensuring the file has not changed by checking if its unique hash (based on the file content) is the same, if it is not, the file has been tampered with. The forensics team can now check where the files have been changed to pinpoint who tampered with the evidence, and can perform a rollback to retrieve original file. Now the team will ensure their file stays the same through the whole chain of custody.

Inspiration

Looking at the core elements of digital forensics, we noticed a huge fallacy in how chain of custody is handled; we found paperwork to be an odd inneficiency for a tech-centric industry, and worked to autonomise it. We also noticed how simple it is to tamper evidence, and how easily defendants are able to prove the evidence could have been tampered.

What it does

We have built a cloud integrated web platform which leverages blockchain technologies and hash encoding files to hollistically secure evidence files being used by a digital forensics, the blockchain works by ledgering each log in or log out and are secured by calculating the previous hash. The hash encoding of evidence files exists to ensure files have not been tampered with, and at each access point we check if the evidence hash has changed.

How we built it

We used python to build the core backend and the blockchain, with the blockchain system being especially interesting to design:

import json
class chainedBlocks():
    def __init__(self):
        self.chain = {}

    def addBlock(self, block, date):
        self.chain[str(date)] = block
        print(self.chain)

We utilised structural programming to simplify the blockchain construction into class based modules with each block having a simple to interact with interface. this was hugely useful as two of our team have never used blockchain and all are quite inexperienced. The chain itself was a dictionary indexing by date to make the ledger easy to parse, and simplifying the process by which we pinpoint discrepancies in the system, due to "tampering". We hosted the ledger in the cloud utilising mongoDB as well as google cloud

In the ledgerManagement file you see class Block:

class Block():
    def __init__(self):
        self.ledger = []
        self.block = {}
        self.id =1
    """ format for ledger =
    {  
        type:"Log In", "Log Out" or "Upload",
        user: "xxxxxxx",
        timeUTC: "12:34",
        hash_of_evidence:"xxxxxxxxxx"
        is_hash_identical:"true"/"false",
        previous_hashed_ledger: xxxx
    }
        """
    def add(self,type, username, time,evidence,is_hash_identical):
        id = self.id
        ledge = {"id": id, "type": type, "user": username, "timeUTC": time}
        hashOfEvidence = hashManager.hashFile(evidence)
        ledge["hash_of_evidence"] = hashOfEvidence
        ledge["is_hash_identical"] = str(is_hash_identical)
        if self.id != 1:
            ledge["previous_hashed_ledger"] = hashManager.hashLedger(str(self.ledger[-1]))
        self.ledger.append(ledge)
        self.block[id] = ledge
        self.id = id +1

which uses hash encoding to systematically track the previous ledgers and the file. This means that to change the ledgers you would need to change every ledger which would be a tedious manual process

Challenges we ran into

The main challenge was discovering a product to develop, our team consists of a 15 year old, and two uni students and we found it difficult to fully immerse ourselves in the relatively obscure field of digital forensics. However upon researching and speaking to mentors we managed to realise the full capability of the industry and how it is becoming increasingly more prevalent to the judicial system

Accomplishments that we are proud of

The google cloud integration The website's animated aesthetics:

document.getElementById("Upload-Name").value = "";
file = document.getElementById("file-select").value = "";
document.getElementById("item-name-div").innerHTML = "";
$('.addEvidence').toggle(1000);

web interactions with other files:

filename = sys.argv[1]
action = sys.argv[2]
username = sys.argv[3]

manager = CoreManagement(evidence=filename)
"""action performed"""

manager.onAccess(type = action, user=username, evidence=filename)

Built With

Submitted to

hackUMBC Fall 2020
- Winner Best Digital Forensic Related Hack | Cipher Tech
- Winner Presented by Wolfram

Created by

Front end

Sander S
Looking for serious teams. I am very flexible in terms of what developing I can help with.
I worked on the python blockchain backend and the basic project admin

Vedaangh Rungta
Muntaser Syed
i like to read good food reviews, then eat said good food but im usually broke :(

Updates

Vedaangh Rungta started this project — Nov 14, 2020 09:30 PM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.