Implement Automated Background Integrity Monitoring for Evidence Records

[KhairnarLokesh]

🔄 Automated Integrity Monitoring (Phase 3.3)

📌 Title

Implement Automated Background Integrity Monitoring for Evidence Records

---

🎯 Goal

Develop a background monitoring system that periodically re-verifies digital evidence hashes to detect:

• Bit rot
• IPFS corruption
• Unauthorized tampering
• Hash mismatches

This ensures long-term digital evidence reliability and forensic soundness.

---

🧠 Core Concept

A scheduled background job will:

1. Pull stored evidence records from the database
2. Re-verify stored hashes against:
   • IPFS content
   • Blockchain record (if applicable)
3. Call:

IntegratedEvidenceService.verifyEvidence()

4. Log integrity results
5. Flag suspicious records

---

⚙️ Implementation Strategy

Use the existing Bull queue dependency to:

• Schedule recurring integrity checks
• Run asynchronous background verification
• Prevent blocking main application flow

---

📁 Files to Create / Modify

1️⃣ Create:

services/monitoringService.js

Responsibilities:

• Configure Bull queue
• Schedule repeatable job (e.g., every 6 hours or daily)
• Fetch evidence records
• Dispatch verification tasks
• Handle job success/failure
• Log integrity results

---

2️⃣ Create:

scripts/integrity-worker.js

Responsibilities:

• Act as Bull worker process
• Process integrity verification jobs
• Call:

IntegratedEvidenceService.verifyEvidence(evidenceId)

• Compare:
  • Stored hash
  • IPFS retrieved hash
  • Blockchain hash (if applicable)
• Return verification result
• Flag mismatched records

---

🔁 Job Flow Architecture

1. Monitoring Service schedules job
2. Bull queue enqueues integrity task
3. Worker pulls evidence batch
4. For each evidence:
   • Fetch from DB
   • Recompute hash
   • Verify via IntegratedEvidenceService
5. Store result:
   • integrityStatus: "verified" | "mismatch"
   • lastIntegrityCheck: timestamp
   • integrityHistory log

---

🧪 Suggested Scheduling Options

Frequency	Use Case
Every 1 hour	High-security environments
Every 6 hours	Balanced approach
Daily	Standard compliance level

Example Bull repeat configuration:

{
  repeat: {
    cron: '0 */6 * * *' // Every 6 hours
  }
}

---

📊 Data Updates (If Applicable)

Evidence record may include:

{
  "integrityStatus": "verified",
  "lastIntegrityCheck": "2026-02-25T12:00:00Z",
  "integrityHistory": [
    {
      "checkedAt": "...",
      "result": "verified"
    }
  ]
}

---

🚨 Failure Handling

If mismatch detected:

• Log critical alert
• Mark evidence as:
  • integrityStatus: "compromised"
• Optionally:
  • Send admin notification
  • Trigger forensic audit workflow

---

🖥️ Optional Dashboard Enhancement

Add to analyst/admin dashboard:

• Last integrity check timestamp
• Integrity status badge:
  • 🟢 Verified
  • 🟡 Pending
  • 🔴 Compromised

---

🧪 Testing Requirements

• Simulate:
  • Valid IPFS content
  • Tampered IPFS content
  • Missing CID
  • Hash mismatch
• Confirm job retry logic works
• Ensure worker handles batch processing
• Test Redis/Bull queue resilience

---

📊 Acceptance Criteria

• monitoringService.js implemented
• integrity-worker.js implemented
• Bull repeatable job scheduled
• verifyEvidence() successfully invoked
• Integrity results stored in DB
• Mismatch detection works
• No blocking of main application thread

---

🔐 Security & Compliance Impact

This feature ensures:

• Long-term evidentiary integrity
• Protection against silent corruption (bit rot)
• Stronger legal defensibility
• Continuous forensic validation

---

🏁 Expected Outcome

A robust automated integrity monitoring system that:

• Runs in background
• Continuously validates digital evidence
• Detects tampering early
• Maintains forensic chain trustworthiness

---

Priority: High
Phase: 3.3
Type: Background System Enhancement