A Potential solution for solving forensic is the use of blockchain in software-defined networking (SDN). The blockchain is a distributed peer-to-peer network that can be utilized on SDN-based Internet of Things (IoT) environments for security provisioning. Hence, to meet some challenges in digital forensics such as data integrity, evidence deletion or alteration, blockchain is used. However, some problems such as poor attack detection and slow processing existed in previous works. To address these issues, an efficient forensics architecture is proposed in SDN-IoT that establishes the Chain of Custody (CoC) in blockchain technology. The proposed SDN-based IoT architecture is initiated with flow table rules on switches for the three different traffics Voice over Internet Protocol (VoIP), File Transfer Protocol (FTP), and Hyper Text Transfer Protocol (HTTP). In this work, overloaded switches migrate the packets to nearby switches to balance the packet flow. The packets disobeying flow rules will be discarded by switches. The blockchain-based distributed controller in this forensic architecture is designed to use the Linear Homomorphic Signature (LHS) algorithm for validating users. Each controller is fed with a classifier that uses the Neuro Multi-fuzzy to classify malicious packets based on packet features. The logs of events are used and stored on the blockchain in the proposed SDN-IoT architecture. We evaluated the performance of our forensic architecture and compared it to the existing model using various performance measures. Our evaluation results demonstrate performance improvement by reducing delay, response time and processing time, increasing throughput, accuracy, and security parameters.