Shaurya // Lab
Back to Work

Cyber Evidence Locker / ForensicChain

A blockchain-inspired forensic integrity system for tamper-proof digital evidence verification.

Main System Interface

01. The Problem

Digital evidence such as CCTV footage, PDFs, images, logs, and reports can be modified without leaving visible traces. In cyber forensics and security investigations, even a one-byte modification can compromise the authenticity and legal reliability of evidence. Traditional file storage systems mainly focus on storing data but do not provide strong mechanisms to prove whether the evidence has remained unchanged over time. Another major issue is trust. If someone tampers with a stored file, replaces records, or modifies historical evidence, it becomes difficult to detect exactly when and where the compromise happened. Existing classroom-level integrity systems generally stop at simple hashing, which is not sufficient for demonstrating real-world forensic security workflows.

Modern forensic systems do not rely only on storing files — they rely on creating a cryptographic chain of trust. Instead of treating each evidence file independently, the project connects evidence records using blockchain-inspired linking, cryptographic hashing, Merkle tree verification, and digital signatures. This means that if even a single file is modified, the integrity of the entire chain is affected and tampering becomes immediately visible. The project transforms abstract cryptographic concepts into an interactive and visually understandable forensic system where users can actually observe: Hash changes, Avalanche effect, Chain break propagation, Signature verification failure, Tamper detection in real time.

Approach and Solution: The project was developed as a web-based forensic evidence integrity platform called ForensicChain / Cyber Evidence Locker. The system works in multiple stages: Evidence Upload & Hashing — when a file is uploaded, the system generates a unique 512-bit Whirlpool cryptographic hash which acts as the digital fingerprint of the evidence. Blockchain-Inspired Evidence Chaining — each evidence record is converted into a block containing Evidence metadata, Whirlpool hash, Previous block hash, Timestamp, Integrity status. These blocks are linked together sequentially, forming an immutable evidence chain. If one block changes, all subsequent blocks become invalid. Merkle Tree Verification — for multiple evidence files, the system generates a Merkle Root to enable efficient dataset verification and partial integrity proofs. Digital Signature Layer — each uploaded evidence file is digitally signed by a simulated investigator identity to ensure authenticity and ownership verification. Attack Simulation Engine — a dedicated attack simulation panel demonstrates File modification attacks, Evidence replacement, Block tampering, Signature forgery; the system visually shows how tampering propagates across the chain. Dashboard & Visualization — an interactive dashboard displays Secure vs Tampered evidence, Blockchain timeline, Chain verification results, Merkle verification path, Avalanche effect visualization.
Evidence Chain Architecture
Frontend
Next.jsReact.jsTypeScriptTailwind CSS
Backend / Logic
Node.jsWhirlpool hashingMerkle TreesDigital signaturesBlockchain-inspired chaining
Cryptography Concepts
WhirlpoolMerkle proof verificationAvalanche effectIntegrity verification
Features
Evidence uploadEvidence dashboardTamper detectionChain verificationAttack simulation

Architecture: A decoupled architecture where the frontend handles file ingestion and chunking, while the backend API manages the secure hashing pipeline, immutable ledger updates, signature verification, and Merkle root generation.

Learnings: This project helped in understanding that cryptography is not only about encryption, but also about establishing trust, authenticity, integrity, and traceability in digital systems. Key learnings included Practical implementation of cryptographic hash functions, How blockchain structures ensure immutability, Real-world use of Merkle Trees and digital signatures, Visualization of the avalanche effect, Designing secure forensic workflows, Building interactive cybersecurity demonstrations.

Next Steps: Future improvements planned for the project include: Cloud-based distributed evidence storage, Multi-user investigator roles, Real RSA/ECC-based signatures, AI-assisted anomaly detection, Real-time folder monitoring, Exportable forensic reports, Integration with decentralized storage systems like IPFS, Advanced audit logging and access control. The long-term goal is to evolve the system into a practical forensic trust platform inspired by real-world cybersecurity and digital evidence preservation.

View the repository

Implementation details are available in GitHub.

View repository