High-Performance Digital Evidence Protection using ChaCha20 Encryption and Distributed Cloud Computing

Introduction:  With the rapid growth of cloud computing, some new challenges have been brought to the digital forensics field, such as evidence management on a large scale, secure storage, and efficient analysis. Traditional systems face scalability issues, performance bottlenecks, and weak chain-of- custody mechanisms in high-concurrency environments.

Objectives: It proposes an optimized digital forensic security framework with XChaCha20-Poly1305 authenticated encryption in streaming mode for ensuring confidentiality, integrity, and misuse resistance.

Methods: The model was evaluated using datasets ranging from 50 GB to 1 TB of forensic artifacts, including registry dumps, log collections, and disk images. The proposed XChaCha20- Poly1305 + BLAKE3 pipeline consistently achieved higher throughput than both AES-GCM+ SHA-256 (parallel) and AES-GCM + SHA-256 (sequential) baselines. The proposed model achieved an average sustained throughput of 8.6 GB/s, whereas the parallel AES-GCM baseline achieved 4.7 GB/s, and the sequential pipeline achieved 2.6 GB/s. This equates to a1.8× performance improvement over the best parallel baseline and a 3.3× improvement over the sequential implementation.

Conclusions:  It integrates BLAKE3 hashing to achieve fast and parallel integrity verification. Evidence gathering and processing are parallelized using cloud-native technologies such as Apache Spark and Kubernetes. Additional Authenticated Data links each encrypted chunk, improving the support for provenance tracking. Audit logs hashed together in a tamper-evident way guarantee compliance with NIST SP 800-201 Forensic Readiness guidelines.