**3. Methodology**

This section explains the suggested methodology for integrating digital evidence in the presence of certain defects (uncertainty of integrity) for many versions of the same document. The phase of data gathering encompasses all image forensic-capture methods. To maintain CoC throughout this phase, the examiner must adhere to forensic standards while acquiring data sources (e.g., hard drives, network packet captures, OS and application logs, memory contents, and mobile devices). With respect to the CoC, blockchain technology, especially when combined with fuzzy hashing, has the potential to provide tamper-proof recording of evidence. By using fuzzy hash functions, forensic investigators may effectively address permitted modification of digital evidence, while traditional hash techniques are useless in this scenario. The suggested framework's fundamental process is shown in Figure 1. Each stage will be discussed in depth.

The efficiency of the proposed system has been verified for application in the field of image forensics. Only images are used in the paper. However, this is a universal approach for different types of data such as audio, video, image, and files. The reasons for choosing images in the application lie in the following factors: (1) a large number of cases within the scope of the work of digital forensics experts are related to image counterfeiting as they represent the main segmen<sup>t</sup> in transactions for individuals, such as images of signatures and checks; (2) with the advancement and availability of powerful image processing software tools and computer technology, it is very easy to manipulate digital images. So, it is essential to determine the authenticity, integrity, reliability, and origin of digital images; (3) images can be used in very important fields such as forensic science, medicine, astronomy, and surveillance.

The investigator does not modify the evidence, but the evidence may be altered by benign modification within some application such as compression. The pseudo-randomness of cryptographic hash algorithms makes it hard to identify similar files even if one bit of the input is changed. A hash function that does not retain the resemblance of files (e.g., different versions of a file) is necessary in the area of computer forensics. How forensic investigators may use traces from such situations is becoming more difficult to determine.

**Figure 1.** Proposed framework for protecting digital evidence integrity under uncertainty.
