Towards Forensics Investigation of Blockchain-based Healthcare Applications

Abstract

Blockchain, an emerging technology benefits the new technological world from its features such as immutability, transparency, and decentralization. The diversity of its domain is from e-commerce, health care, real estate, and enterprise to NFT markets, voting, and digital currency trading. The underlying blockchain features make auditing blockchain applications a challenging task. In this paper, we thoroughly analyze the general challenges faced in blockchain forensics, application-specific challenges, and challenges with respect to public and private blockchains. The aim of this paper is to highlight the challenges faced during the forensics of blockchain-based applications. For this, we took a healthcare system, introduced a contract vulnerability in it, and defined two scenarios for attack depending on that vulnerability. One that allows an attacker to make a malicious transaction directly and the other in which the attacker first gives itself access and then adds malicious transactions. The attacks are generated just to analyze the difficulty level of forensics in blockchain applications. To achieve our goal, we performed log analysis for both scenarios and specified the challenges faced during the analysis. Our experiment shows that due to some blockchain-specific features such as anonymity, identification of malicious entities in the system sometimes becomes a hectic challenge. This research benefits the auditors by highlighting the forensics challenges and auditing issues so they can work on these areas to identify the attackers and illegal data modifications accurately in blockchain applications. Experimental results confirmed that our proposed technique enabled efficient forensics investigation of events inside blockchain-based healthcare applications.